diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
index e842264eb..7e5f33a9a 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
@@ -253,6 +253,10 @@ public class App {
         final String suppressionFile = cli.getSuppressionFile();
         final boolean jarDisabled = cli.isJarDisabled();
         final boolean archiveDisabled = cli.isArchiveDisabled();
+        final boolean pyDistDisabled = cli.isPythonDistributionDisabled();
+        final boolean cMakeDisabled = cli.isCmakeDisabled();
+        final boolean pyPkgDisabled = cli.isPythonPackageDisabled();
+        final boolean autoconfDisabled = cli.isAutoconfDisabled();
         final boolean assemblyDisabled = cli.isAssemblyDisabled();
         final boolean nuspecDisabled = cli.isNuspecDisabled();
         final boolean centralDisabled = cli.isCentralDisabled();
@@ -320,9 +324,10 @@ public class App {
         //File Type Analyzer Settings
         Settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED, !jarDisabled);
         Settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED, !archiveDisabled);
-        Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED, !cli.isPythonDistributionDisabled());
-        Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED, !cli.isPythonPackageDisabled());
-        Settings.setBoolean(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, !cli.isAutoconfDisabled());
+        Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_DISTRIBUTION_ENABLED, !pyDistDisabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_PYTHON_PACKAGE_ENABLED, !pyPkgDisabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_AUTOCONF_ENABLED, !autoconfDisabled);
+        Settings.setBoolean(Settings.KEYS.ANALYZER_CMAKE_ENABLED, !cMakeDisabled);
         Settings.setBoolean(Settings.KEYS.ANALYZER_NUSPEC_ENABLED, !nuspecDisabled);
         Settings.setBoolean(Settings.KEYS.ANALYZER_ASSEMBLY_ENABLED, !assemblyDisabled);
         Settings.setBoolean(Settings.KEYS.ANALYZER_OPENSSL_ENABLED, !cli.isOpenSSLDisabled());
diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
index ade1bec72..504e60f90 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/CliParser.java
@@ -384,6 +384,8 @@ public final class CliParser {
 
         final Option disableOpenSSLAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_OPENSSL)
                 .withDescription("Disable the OpenSSL Analyzer.").create();
+        final Option disableCmakeAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_CMAKE).
+                withDescription("Disable the Cmake Analyzer.").create();
 
         final Option disableCentralAnalyzer = OptionBuilder.withLongOpt(ARGUMENT.DISABLE_CENTRAL)
                 .withDescription("Disable the Central Analyzer. If this analyzer is disabled it is likely you also want to disable "
@@ -412,6 +414,7 @@ public final class CliParser {
                 .addOption(disableArchiveAnalyzer)
                 .addOption(disableAssemblyAnalyzer)
                 .addOption(disablePythonDistributionAnalyzer)
+                .addOption(disableCmakeAnalyzer)
                 .addOption(disablePythonPackageAnalyzer)
                 .addOption(disableAutoconfAnalyzer)
                 .addOption(disableOpenSSLAnalyzer)
@@ -431,7 +434,7 @@ public final class CliParser {
      * @param options a collection of command line arguments
      * @throws IllegalArgumentException thrown if there is an exception
      */
-    @SuppressWarnings("static-access")
+    @SuppressWarnings({"static-access", "deprecation"})
     private void addDeprecatedOptions(final Options options) throws IllegalArgumentException {
 
         final Option proxyServer = OptionBuilder.withArgName("url").hasArg().withLongOpt(ARGUMENT.PROXY_URL)
@@ -540,6 +543,15 @@ public final class CliParser {
         return (line != null) && line.hasOption(ARGUMENT.DISABLE_PY_PKG);
     }
 
+    /**
+     * Returns true if the disableCmake command line argument was specified.
+     *
+     * @return true if the disableCmake command line argument was specified; otherwise false
+     */
+    public boolean isCmakeDisabled() {
+        return (line != null) && line.hasOption(ARGUMENT.DISABLE_CMAKE);
+    }
+
     /**
      * Returns true if the disableAutoconf command line argument was specified.
      *
@@ -735,6 +747,7 @@ public final class CliParser {
      *
      * @return the proxy server
      */
+    @SuppressWarnings("deprecation")
     public String getProxyServer() {
 
         String server = line.getOptionValue(ARGUMENT.PROXY_SERVER);
@@ -979,7 +992,7 @@ public final class CliParser {
         /**
          * The CLI argument name indicating the proxy url.
          *
-         * @deprecated use {@link org.owasp.dependencycheck.cli.CliParser.ArgumentName#PROXY_SERVER} instead
+         * @deprecated use {@link #PROXY_SERVER} instead
          */
         @Deprecated
         public static final String PROXY_URL = "proxyurl";
@@ -1068,6 +1081,10 @@ public final class CliParser {
          * Disables the Autoconf Analyzer.
          */
         public static final String DISABLE_AUTOCONF = "disableAutoconf";
+        /**
+         * Disables the Cmake Analyzer.
+         */
+        public static final String DISABLE_CMAKE = "disableCmake";
         /**
          * Disables the Assembly Analyzer.
          */
diff --git a/dependency-check-cli/src/site/markdown/arguments.md b/dependency-check-cli/src/site/markdown/arguments.md
index c0889b864..15a1248cc 100644
--- a/dependency-check-cli/src/site/markdown/arguments.md
+++ b/dependency-check-cli/src/site/markdown/arguments.md
@@ -32,6 +32,7 @@ Short  | Argument Name        | Paramete
        | \-\-disablePyPkg      |                 | Sets whether the Python Package Analyzer will be used.                           | false
        | \-\-disableAutoconf   |                 | Sets whether the Autoconf Analyzer will be used.                                 | false
        | \-\-disableOpenSSL    |                 | Sets whether the OpenSSL Analyzer will be used.                                  | false
+       | \-\-disableCmake      |                 | Sets whether the Cmake Analyzer will be used.                                    | false
        | \-\-disableArchive    |                 | Sets whether the Archive Analyzer will be used.                                  | false
        | \-\-zipExtensions     | \<strings\>     | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | &nbsp;
        | \-\-disableJar        |                 | Sets whether the Jar Analyzer will be used.                                      | false
diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
new file mode 100644
index 000000000..0d6dd7457
--- /dev/null
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzer.java
@@ -0,0 +1,211 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.analyzer;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.owasp.dependencycheck.Engine;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
+import org.owasp.dependencycheck.dependency.Confidence;
+import org.owasp.dependencycheck.dependency.Dependency;
+import org.owasp.dependencycheck.utils.Checksum;
+import org.owasp.dependencycheck.utils.FileFilterBuilder;
+import org.owasp.dependencycheck.utils.Settings;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
+import java.io.FileFilter;
+import java.io.IOException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * <p>Used to analyze CMake build files, and collect information that can be used to
+ * determine the associated CPE.</p>
+ * <p/>
+ * <p>Note: This analyzer catches straightforward invocations of the project command, plus some other observed
+ * patterns of version inclusion in real CMake projects. Many projects make use of older versions of CMake and/or
+ * use custom "homebrew" ways to insert version information. Hopefully as the newer CMake call pattern grows in usage,
+ * this analyzer allow more CPEs to be identified.</p>
+ *
+ * @author Dale Visser <dvisser@ida.org>
+ */
+public class CMakeAnalyzer extends AbstractFileTypeAnalyzer {
+
+    /**
+     * The logger.
+     */
+    private static final Logger LOGGER = LoggerFactory.getLogger(CMakeAnalyzer.class);
+
+    /**
+     * Used when compiling file scanning regex patterns.
+     */
+    private static final int REGEX_OPTIONS = Pattern.DOTALL
+            | Pattern.CASE_INSENSITIVE | Pattern.MULTILINE;
+
+    private static final Pattern PROJECT = Pattern.compile(
+            "^ *project *\\([ \\n]*(\\w+)[ \\n]*.*?\\)", REGEX_OPTIONS);
+
+    // Group 1: Product
+    // Group 2: Version
+    private static final Pattern SET_VERSION = Pattern
+            .compile(
+                    "^ *set\\s*\\(\\s*(\\w+)_version\\s+\"?(\\d+(?:\\.\\d+)+)[\\s\"]?\\)",
+                    REGEX_OPTIONS);
+
+    /**
+     * Detects files that can be analyzed.
+     */
+    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(".cmake")
+            .addFilenames("CMakeLists.txt").build();
+
+    private static MessageDigest sha1 = null;
+
+    static {
+        try {
+            sha1 = MessageDigest.getInstance("SHA1");
+        } catch (NoSuchAlgorithmException e) {
+            LOGGER.error(e.getMessage());
+        }
+    }
+
+    /**
+     * Returns the name of the CMake analyzer.
+     *
+     * @return the name of the analyzer
+     **/
+    @Override
+    public String getName() {
+        return "CMake Analyzer";
+    }
+
+    /**
+     * Tell that we are used for information collection.
+     *
+     * @return INFORMATION_COLLECTION
+     */
+    @Override
+    public AnalysisPhase getAnalysisPhase() {
+        return AnalysisPhase.INFORMATION_COLLECTION;
+    }
+
+    /**
+     * Returns the set of supported file extensions.
+     *
+     * @return the set of supported file extensions
+     */
+    @Override
+    protected FileFilter getFileFilter() {
+        return FILTER;
+    }
+
+    /**
+     * No-op initializer implementation.
+     *
+     * @throws Exception never thrown
+     */
+    @Override
+    protected void initializeFileTypeAnalyzer() throws Exception {
+        // Nothing to do here.
+    }
+
+    /**
+     * Analyzes python packages and adds evidence to the dependency.
+     *
+     * @param dependency the dependency being analyzed
+     * @param engine     the engine being used to perform the scan
+     * @throws AnalysisException thrown if there is an unrecoverable error analyzing the
+     *                           dependency
+     */
+    @Override
+    protected void analyzeFileType(Dependency dependency, Engine engine)
+            throws AnalysisException {
+        final File file = dependency.getActualFile();
+        final String parentName = file.getParentFile().getName();
+        final String name = file.getName();
+        dependency.setDisplayFileName(String.format("%s%c%s", parentName, File.separatorChar, name));
+        String contents;
+        try {
+            contents = FileUtils.readFileToString(file).trim();
+        } catch (IOException e) {
+            throw new AnalysisException(
+                    "Problem occurred while reading dependency file.", e);
+        }
+
+        if (StringUtils.isNotBlank(contents)) {
+            Matcher m = PROJECT.matcher(contents);
+            int count = 0;
+            while (m.find()) {
+                count++;
+                LOGGER.debug(String.format(
+                        "Found project command match with %d groups: %s",
+                        m.groupCount(), m.group(0)));
+                final String group = m.group(1);
+                LOGGER.debug("Group 1: " + group);
+                dependency.getProductEvidence().addEvidence(name, "Project",
+                        group, Confidence.HIGH);
+            }
+            LOGGER.debug(String.format("Found %d matches.", count));
+            analyzeSetVersionCommand(dependency, engine, contents);
+        }
+    }
+
+    private void analyzeSetVersionCommand(Dependency dependency, Engine engine, String contents) {
+        final Dependency orig = dependency;
+        Matcher m = SET_VERSION.matcher(contents);
+        int count = 0;
+        while (m.find()) {
+            count++;
+            LOGGER.debug(String.format(
+                    "Found project command match with %d groups: %s",
+                    m.groupCount(), m.group(0)));
+            String product = m.group(1);
+            final String version = m.group(2);
+            LOGGER.debug("Group 1: " + product);
+            LOGGER.debug("Group 2: " + version);
+            final String alias_prefix = "ALIASOF_";
+            if (product.startsWith(alias_prefix)) {
+                product = product.replaceFirst(alias_prefix, "");
+            }
+            if (count > 1) {
+                dependency = new Dependency(orig.getActualFile());
+                dependency.setDisplayFileName(String.format("%s:%s", orig.getDisplayFileName(), product));
+                final String filePath = String.format("%s:%s", orig.getFilePath(), product);
+                dependency.setFilePath(filePath);
+
+                // prevents coalescing into the dependency provided by engine
+                dependency.setSha1sum(Checksum.getHex(sha1.digest(filePath.getBytes())));
+                engine.getDependencies().add(dependency);
+            }
+            final String source = dependency.getDisplayFileName();
+            dependency.getProductEvidence().addEvidence(source, "Product",
+                    product, Confidence.MEDIUM);
+            dependency.getVersionEvidence().addEvidence(source, "Version",
+                    version, Confidence.MEDIUM);
+        }
+        LOGGER.debug(String.format("Found %d matches.", count));
+    }
+
+    @Override
+    protected String getAnalyzerEnabledSettingKey() {
+        return Settings.KEYS.ANALYZER_CMAKE_ENABLED;
+    }
+}
diff --git a/dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer b/dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
index 31a22eb0f..84d9863df 100644
--- a/dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
+++ b/dependency-check-core/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer
@@ -15,4 +15,5 @@ org.owasp.dependencycheck.analyzer.AssemblyAnalyzer
 org.owasp.dependencycheck.analyzer.PythonDistributionAnalyzer
 org.owasp.dependencycheck.analyzer.PythonPackageAnalyzer
 org.owasp.dependencycheck.analyzer.AutoconfAnalyzer
-org.owasp.dependencycheck.analyzer.OpenSSLAnalyzer
\ No newline at end of file
+org.owasp.dependencycheck.analyzer.OpenSSLAnalyzer
+org.owasp.dependencycheck.analyzer.CMakeAnalyzer
\ No newline at end of file
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java
index 50df38596..1b6a7b4cb 100644
--- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/BaseTest.java
@@ -35,6 +35,15 @@ public class BaseTest {
 
     @AfterClass
     public static void tearDownClass() throws Exception {
+        File f = new File("./target/data/dc.h2.db");
+        if (f.exists() && f.isFile() && f.length() < 71680) {
+            System.err.println("------------------------------------------------");
+            System.err.println("------------------------------------------------");
+            System.err.println("I broke the build");
+            System.err.println("------------------------------------------------");
+            System.err.println("------------------------------------------------");
+        }
+
         Settings.cleanup(true);
     }
 
diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java
new file mode 100644
index 000000000..1d5186c39
--- /dev/null
+++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/analyzer/CMakeAnalyzerTest.java
@@ -0,0 +1,152 @@
+/*
+ * This file is part of dependency-check-core.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2015 Institute for Defense Analyses. All Rights Reserved.
+ */
+package org.owasp.dependencycheck.analyzer;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.owasp.dependencycheck.BaseTest;
+import org.owasp.dependencycheck.Engine;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
+import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
+import org.owasp.dependencycheck.dependency.Dependency;
+
+import java.io.File;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.*;
+import org.owasp.dependencycheck.data.nvdcve.BaseDBTestCase;
+
+/**
+ * Unit tests for CmakeAnalyzer.
+ *
+ * @author Dale Visser <dvisser@ida.org>
+ */
+public class CMakeAnalyzerTest extends BaseDBTestCase {
+
+    /**
+     * The package analyzer to test.
+     */
+    CMakeAnalyzer analyzer;
+
+    /**
+     * Setup the CmakeAnalyzer.
+     *
+     * @throws Exception if there is a problem
+     */
+    @Before
+    public void setUp() throws Exception {
+        super.setUp();
+        analyzer = new CMakeAnalyzer();
+        analyzer.setFilesMatched(true);
+        analyzer.initialize();
+    }
+
+    /**
+     * Cleanup any resources used.
+     *
+     * @throws Exception if there is a problem
+     */
+    @After
+    public void tearDown() throws Exception {
+        analyzer.close();
+        analyzer = null;
+    }
+
+    /**
+     * Test of getName method, of class PythonPackageAnalyzer.
+     */
+    @Test
+    public void testGetName() {
+        assertThat(analyzer.getName(), is(equalTo("CMake Analyzer")));
+    }
+
+    /**
+     * Test of supportsExtension method, of class PythonPackageAnalyzer.
+     */
+    @Test
+    public void testAccept() {
+        assertTrue("Should support \"CMakeLists.txt\" name.",
+                analyzer.accept(new File("CMakeLists.txt")));
+        assertTrue("Should support \"cmake\" extension.",
+                analyzer.accept(new File("test.cmake")));
+    }
+
+    /**
+     * Test whether expected evidence is gathered from OpenCV's CMakeLists.txt.
+     *
+     * @throws AnalysisException is thrown when an exception occurs.
+     */
+    @Test
+    public void testAnalyzeCMakeListsOpenCV() throws AnalysisException {
+        final Dependency result = new Dependency(BaseTest.getResourceAsFile(
+                this, "cmake/opencv/CMakeLists.txt"));
+        analyzer.analyze(result, null);
+        final String product = "OpenCV";
+        assertProductEvidence(result, product);
+    }
+
+    /**
+     * Test whether expected evidence is gathered from OpenCV's CMakeLists.txt.
+     *
+     * @throws AnalysisException is thrown when an exception occurs.
+     */
+    @Test
+    public void testAnalyzeCMakeListsZlib() throws AnalysisException {
+        final Dependency result = new Dependency(BaseTest.getResourceAsFile(
+                this, "cmake/zlib/CMakeLists.txt"));
+        analyzer.analyze(result, null);
+        final String product = "zlib";
+        assertProductEvidence(result, product);
+    }
+
+    private void assertProductEvidence(Dependency result, String product) {
+        assertTrue("Expected product evidence to contain \"" + product + "\".",
+                result.getProductEvidence().toString().contains(product));
+    }
+
+    /**
+     * Test whether expected version evidence is gathered from OpenCV's third party cmake files.
+     *
+     * @throws AnalysisException is thrown when an exception occurs.
+     */
+    @Test
+    public void testAnalyzeCMakeListsOpenCV3rdParty() throws AnalysisException, DatabaseException {
+        final Dependency result = new Dependency(BaseTest.getResourceAsFile(
+                this, "cmake/opencv/3rdparty/ffmpeg/ffmpeg_version.cmake"));
+        final Engine engine = new Engine();
+        analyzer.analyze(result, engine);
+        assertProductEvidence(result, "libavcodec");
+        assertVersionEvidence(result, "55.18.102");
+        assertFalse("ALIASOF_ prefix shouldn't be present.",
+                Pattern.compile("\\bALIASOF_\\w+").matcher(result.getProductEvidence().toString()).find());
+        final List<Dependency> dependencies = engine.getDependencies();
+        assertEquals("Number of additional dependencies should be 4.", 4, dependencies.size());
+        final Dependency last = dependencies.get(3);
+        assertProductEvidence(last, "libavresample");
+        assertVersionEvidence(last, "1.0.1");
+    }
+
+    private void assertVersionEvidence(Dependency result, String version) {
+        assertTrue("Expected version evidence to contain \"" + version + "\".",
+                result.getVersionEvidence().toString().contains(version));
+    }
+}
diff --git a/dependency-check-core/src/test/resources/cmake/README.md b/dependency-check-core/src/test/resources/cmake/README.md
new file mode 100644
index 000000000..26db88075
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/README.md
@@ -0,0 +1,12 @@
+CMakeAnalyzer Test Resources README
+===================================
+
+opencv/
+-------
+
+Origin: https://github.com/Itseez/opencv/
+
+zlib/
+-----
+
+Origin: https://github.com/madler/zlib
\ No newline at end of file
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/3rdparty/ffmpeg/ffmpeg_version.cmake b/dependency-check-core/src/test/resources/cmake/opencv/3rdparty/ffmpeg/ffmpeg_version.cmake
new file mode 100644
index 000000000..48fba2b91
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/3rdparty/ffmpeg/ffmpeg_version.cmake
@@ -0,0 +1,13 @@
+set(HAVE_FFMPEG 1)
+set(HAVE_FFMPEG_CODEC 1)
+set(HAVE_FFMPEG_FORMAT 1)
+set(HAVE_FFMPEG_UTIL 1)
+set(HAVE_FFMPEG_SWSCALE 1)
+set(HAVE_FFMPEG_RESAMPLE 0)
+set(HAVE_GENTOO_FFMPEG 1)
+
+set(ALIASOF_libavcodec_VERSION 55.18.102)
+set(ALIASOF_libavformat_VERSION 55.12.100)
+set(ALIASOF_libavutil_VERSION 52.38.100)
+set(ALIASOF_libswscale_VERSION 2.3.100)
+set(ALIASOF_libavresample_VERSION 1.0.1)
\ No newline at end of file
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/CMakeLists.txt b/dependency-check-core/src/test/resources/cmake/opencv/CMakeLists.txt
new file mode 100644
index 000000000..d9a17b382
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/CMakeLists.txt
@@ -0,0 +1,1185 @@
+# ----------------------------------------------------------------------------
+#  Root CMake file for OpenCV
+#
+#    From the off-tree build directory, invoke:
+#      $ cmake <PATH_TO_OPENCV_ROOT>
+#
+# ----------------------------------------------------------------------------
+
+
+
+include(cmake/OpenCVMinDepVersions.cmake)
+
+if(CMAKE_GENERATOR MATCHES Xcode AND XCODE_VERSION VERSION_GREATER 4.3)
+  cmake_minimum_required(VERSION 2.8.8 FATAL_ERROR)
+elseif(CMAKE_SYSTEM_NAME MATCHES WindowsPhone OR CMAKE_SYSTEM_NAME MATCHES WindowsStore)
+  cmake_minimum_required(VERSION 3.1 FATAL_ERROR)
+  #Required to resolve linker error issues due to incompatibility with CMake v3.0+ policies.
+  #CMake fails to find _fseeko() which leads to subsequent linker error.
+  #See details here: http://www.cmake.org/Wiki/CMake/Policies
+  cmake_policy(VERSION 2.8)
+else()
+  cmake_minimum_required(VERSION "${MIN_VER_CMAKE}" FATAL_ERROR)
+endif()
+
+# Following block can broke build in case of cross-compilng
+# but CMAKE_CROSSCOMPILING variable will be set only on project(OpenCV) command
+# so we will try to detect crosscompiling by presense of CMAKE_TOOLCHAIN_FILE
+if(NOT CMAKE_TOOLCHAIN_FILE)
+  # it _must_ go before project(OpenCV) in order to work
+  if(WIN32)
+    set(CMAKE_INSTALL_PREFIX "${CMAKE_BINARY_DIR}/install" CACHE PATH "Installation Directory")
+  else()
+    set(CMAKE_INSTALL_PREFIX "/usr/local" CACHE PATH "Installation Directory")
+  endif()
+else(NOT CMAKE_TOOLCHAIN_FILE)
+  #Android: set output folder to ${CMAKE_BINARY_DIR}
+  set( LIBRARY_OUTPUT_PATH_ROOT ${CMAKE_BINARY_DIR} CACHE PATH "root for library output, set this to change where android libs are compiled to" )
+  # any crosscompiling
+  set(CMAKE_INSTALL_PREFIX "${CMAKE_BINARY_DIR}/install" CACHE PATH "Installation Directory")
+endif(NOT CMAKE_TOOLCHAIN_FILE)
+
+if(CMAKE_SYSTEM_NAME MATCHES WindowsPhone OR CMAKE_SYSTEM_NAME MATCHES WindowsStore)
+  set(WINRT TRUE)
+endif(CMAKE_SYSTEM_NAME MATCHES WindowsPhone OR CMAKE_SYSTEM_NAME MATCHES WindowsStore)
+
+if(WINRT)
+  add_definitions(-DWINRT -DNO_GETENV)
+
+  # Making definitions available to other configurations and
+  # to filter dependency restrictions at compile time.
+  if(CMAKE_SYSTEM_NAME MATCHES WindowsPhone)
+    set(WINRT_PHONE TRUE)
+    add_definitions(-DWINRT_PHONE)
+  elseif(CMAKE_SYSTEM_NAME MATCHES WindowsStore)
+    set(WINRT_STORE TRUE)
+    add_definitions(-DWINRT_STORE)
+  endif()
+
+  if(CMAKE_SYSTEM_VERSION MATCHES 8.1)
+    set(WINRT_8_1 TRUE)
+    add_definitions(-DWINRT_8_1)
+  elseif(CMAKE_SYSTEM_VERSION MATCHES 8.0)
+    set(WINRT_8_0 TRUE)
+    add_definitions(-DWINRT_8_0)
+  endif()
+endif()
+
+if(POLICY CMP0022)
+  cmake_policy(SET CMP0022 OLD)
+endif()
+
+if(POLICY CMP0026)
+  # silence cmake 3.0+ warnings about reading LOCATION attribute
+  cmake_policy(SET CMP0026 OLD)
+endif()
+
+if (POLICY CMP0042)
+  # silence cmake 3.0+ warnings about MACOSX_RPATH
+  cmake_policy(SET CMP0042 OLD)
+endif()
+
+# must go before the project command
+set(CMAKE_CONFIGURATION_TYPES "Debug;Release" CACHE STRING "Configs" FORCE)
+if(DEFINED CMAKE_BUILD_TYPE)
+  set_property( CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS ${CMAKE_CONFIGURATION_TYPES} )
+endif()
+
+project(OpenCV CXX C)
+
+if(MSVC)
+  set(CMAKE_USE_RELATIVE_PATHS ON CACHE INTERNAL "" FORCE)
+endif()
+
+include(cmake/OpenCVUtils.cmake)
+
+ocv_clear_vars(OpenCVModules_TARGETS)
+
+# ----------------------------------------------------------------------------
+# Break in case of popular CMake configuration mistakes
+# ----------------------------------------------------------------------------
+if(NOT CMAKE_SIZEOF_VOID_P GREATER 0)
+  message(FATAL_ERROR "CMake fails to deterimine the bitness of target platform.
+  Please check your CMake and compiler installation. If you are crosscompiling then ensure that your CMake toolchain file correctly sets the compiler details.")
+endif()
+
+# ----------------------------------------------------------------------------
+# Detect compiler and target platform architecture
+# ----------------------------------------------------------------------------
+include(cmake/OpenCVDetectCXXCompiler.cmake)
+
+# Add these standard paths to the search paths for FIND_LIBRARY
+# to find libraries from these locations first
+if(UNIX AND NOT ANDROID)
+  if(X86_64 OR CMAKE_SIZEOF_VOID_P EQUAL 8)
+    if(EXISTS /lib64)
+      list(APPEND CMAKE_LIBRARY_PATH /lib64)
+    else()
+      list(APPEND CMAKE_LIBRARY_PATH /lib)
+    endif()
+    if(EXISTS /usr/lib64)
+      list(APPEND CMAKE_LIBRARY_PATH /usr/lib64)
+    else()
+      list(APPEND CMAKE_LIBRARY_PATH /usr/lib)
+    endif()
+  elseif(X86 OR CMAKE_SIZEOF_VOID_P EQUAL 4)
+    if(EXISTS /lib32)
+      list(APPEND CMAKE_LIBRARY_PATH /lib32)
+    else()
+      list(APPEND CMAKE_LIBRARY_PATH /lib)
+    endif()
+    if(EXISTS /usr/lib32)
+      list(APPEND CMAKE_LIBRARY_PATH /usr/lib32)
+    else()
+      list(APPEND CMAKE_LIBRARY_PATH /usr/lib)
+    endif()
+  endif()
+endif()
+
+# Add these standard paths to the search paths for FIND_PATH
+# to find include files from these locations first
+if(MINGW)
+  if(EXISTS /mingw)
+      list(APPEND CMAKE_INCLUDE_PATH /mingw)
+  endif()
+  if(EXISTS /mingw32)
+      list(APPEND CMAKE_INCLUDE_PATH /mingw32)
+  endif()
+  if(EXISTS /mingw64)
+      list(APPEND CMAKE_INCLUDE_PATH /mingw64)
+  endif()
+endif()
+
+# ----------------------------------------------------------------------------
+# OpenCV cmake options
+# ----------------------------------------------------------------------------
+
+# Optional 3rd party components
+# ===================================================
+OCV_OPTION(WITH_1394           "Include IEEE1394 support"                    ON   IF (NOT ANDROID AND NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_AVFOUNDATION   "Use AVFoundation for Video I/O"              ON   IF IOS)
+OCV_OPTION(WITH_CARBON         "Use Carbon for UI instead of Cocoa"          OFF  IF APPLE )
+OCV_OPTION(WITH_VTK            "Include VTK library support (and build opencv_viz module eiher)"             ON  IF (NOT ANDROID AND NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_CUDA           "Include NVidia Cuda Runtime support"                                         ON  IF (NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_CUFFT          "Include NVidia Cuda Fast Fourier Transform (FFT) library support"            ON  IF (NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_CUBLAS         "Include NVidia Cuda Basic Linear Algebra Subprograms (BLAS) library support" OFF IF (NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_NVCUVID        "Include NVidia Video Decoding library support"                               OFF IF (NOT IOS AND NOT APPLE) )
+OCV_OPTION(WITH_EIGEN          "Include Eigen2/Eigen3 support"               ON   IF (NOT WINRT) )
+OCV_OPTION(WITH_VFW            "Include Video for Windows support"           ON   IF WIN32 )
+OCV_OPTION(WITH_FFMPEG         "Include FFMPEG support"                      ON   IF (NOT ANDROID AND NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_GSTREAMER      "Include Gstreamer support"                   ON   IF (UNIX AND NOT ANDROID) )
+OCV_OPTION(WITH_GSTREAMER_0_10 "Enable Gstreamer 0.10 support (instead of 1.x)"                              OFF )
+OCV_OPTION(WITH_GTK            "Include GTK support"                         ON   IF (UNIX AND NOT APPLE AND NOT ANDROID) )
+OCV_OPTION(WITH_GTK_2_X        "Use GTK version 2"                           OFF  IF (UNIX AND NOT APPLE AND NOT ANDROID) )
+OCV_OPTION(WITH_IPP            "Include Intel IPP support"                   ON   IF (X86_64 OR X86) AND NOT WINRT)
+OCV_OPTION(WITH_JASPER         "Include JPEG2K support"                      ON   IF (NOT IOS) )
+OCV_OPTION(WITH_JPEG           "Include JPEG support"                        ON)
+OCV_OPTION(WITH_WEBP           "Include WebP support"                        ON   IF (NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_OPENEXR        "Include ILM support via OpenEXR"             ON   IF (NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_OPENGL         "Include OpenGL support"                      OFF  IF (NOT ANDROID AND NOT WINRT) )
+OCV_OPTION(WITH_OPENNI         "Include OpenNI support"                      OFF  IF (NOT ANDROID AND NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_OPENNI2        "Include OpenNI2 support"                     OFF  IF (NOT ANDROID AND NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_PNG            "Include PNG support"                         ON)
+OCV_OPTION(WITH_PVAPI          "Include Prosilica GigE support"              ON   IF (NOT ANDROID AND NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_GIGEAPI        "Include Smartek GigE support"                ON   IF (NOT ANDROID AND NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_QT             "Build with Qt Backend support"               OFF  IF (NOT ANDROID AND NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_WIN32UI        "Build with Win32 UI Backend support"         ON   IF WIN32 AND NOT WINRT)
+OCV_OPTION(WITH_QUICKTIME      "Use QuickTime for Video I/O insted of QTKit" OFF  IF APPLE )
+OCV_OPTION(WITH_TBB            "Include Intel TBB support"                   OFF  IF (NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_OPENMP         "Include OpenMP support"                      OFF)
+OCV_OPTION(WITH_CSTRIPES       "Include C= support"                          OFF  IF (WIN32 AND NOT WINRT)  )
+OCV_OPTION(WITH_PTHREADS_PF    "Use pthreads-based parallel_for"             OFF  IF (NOT WIN32) )
+OCV_OPTION(WITH_TIFF           "Include TIFF support"                        ON   IF (NOT IOS) )
+OCV_OPTION(WITH_UNICAP         "Include Unicap support (GPL)"                OFF  IF (UNIX AND NOT APPLE AND NOT ANDROID) )
+OCV_OPTION(WITH_V4L            "Include Video 4 Linux support"               ON   IF (UNIX AND NOT ANDROID) )
+OCV_OPTION(WITH_LIBV4L         "Use libv4l for Video 4 Linux support"        ON   IF (UNIX AND NOT ANDROID) )
+OCV_OPTION(WITH_DSHOW          "Build VideoIO with DirectShow support"       ON   IF (WIN32 AND NOT ARM AND NOT WINRT) )
+OCV_OPTION(WITH_MSMF           "Build VideoIO with Media Foundation support" OFF  IF WIN32 )
+OCV_OPTION(WITH_XIMEA          "Include XIMEA cameras support"               OFF  IF (NOT ANDROID AND NOT WINRT) )
+OCV_OPTION(WITH_XINE           "Include Xine support (GPL)"                  OFF  IF (UNIX AND NOT APPLE AND NOT ANDROID) )
+OCV_OPTION(WITH_CLP            "Include Clp support (EPL)"                   OFF)
+OCV_OPTION(WITH_OPENCL         "Include OpenCL Runtime support"              NOT ANDROID IF (NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_OPENCL_SVM     "Include OpenCL Shared Virtual Memory support" OFF ) # experimental
+OCV_OPTION(WITH_OPENCLAMDFFT   "Include AMD OpenCL FFT library support"      ON   IF (NOT ANDROID AND NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_OPENCLAMDBLAS  "Include AMD OpenCL BLAS library support"     ON   IF (NOT ANDROID AND NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_DIRECTX        "Include DirectX support"                     ON   IF (WIN32 AND NOT WINRT) )
+OCV_OPTION(WITH_INTELPERC      "Include Intel Perceptual Computing support"  OFF  IF (WIN32 AND NOT WINRT) )
+OCV_OPTION(WITH_IPP_A          "Include Intel IPP_A support"                 OFF  IF (MSVC OR X86 OR X86_64) )
+OCV_OPTION(WITH_GDAL           "Include GDAL Support"                        OFF  IF (NOT ANDROID AND NOT IOS AND NOT WINRT) )
+OCV_OPTION(WITH_GPHOTO2        "Include gPhoto2 library support"             ON   IF (UNIX AND NOT ANDROID) )
+
+# OpenCV build components
+# ===================================================
+OCV_OPTION(BUILD_SHARED_LIBS        "Build shared libraries (.dll/.so) instead of static ones (.lib/.a)" NOT (ANDROID OR IOS) )
+OCV_OPTION(BUILD_opencv_apps        "Build utility applications (used for example to train classifiers)" (NOT ANDROID AND NOT WINRT) IF (NOT IOS) )
+OCV_OPTION(BUILD_ANDROID_EXAMPLES   "Build examples for Android platform"         ON  IF ANDROID )
+OCV_OPTION(BUILD_DOCS               "Create build rules for OpenCV Documentation" ON  IF NOT WINRT)
+OCV_OPTION(BUILD_EXAMPLES           "Build all examples"                          OFF )
+OCV_OPTION(BUILD_PACKAGE            "Enables 'make package_source' command"       ON  IF NOT WINRT)
+OCV_OPTION(BUILD_PERF_TESTS         "Build performance tests"                     ON  IF (NOT IOS AND NOT WINRT) )
+OCV_OPTION(BUILD_TESTS              "Build accuracy & regression tests"           ON  IF (NOT IOS AND NOT WINRT) )
+OCV_OPTION(BUILD_WITH_DEBUG_INFO    "Include debug info into debug libs (not MSCV only)" ON )
+OCV_OPTION(BUILD_WITH_STATIC_CRT    "Enables use of staticaly linked CRT for staticaly linked OpenCV" ON IF MSVC )
+OCV_OPTION(BUILD_WITH_DYNAMIC_IPP   "Enables dynamic linking of IPP (only for standalone IPP)" OFF )
+OCV_OPTION(BUILD_FAT_JAVA_LIB       "Create fat java wrapper containing the whole OpenCV library" ON IF NOT BUILD_SHARED_LIBS AND CMAKE_COMPILER_IS_GNUCXX )
+OCV_OPTION(BUILD_ANDROID_SERVICE    "Build OpenCV Manager for Google Play" OFF IF ANDROID )
+OCV_OPTION(BUILD_CUDA_STUBS         "Build CUDA modules stubs when no CUDA SDK" OFF  IF (NOT IOS) )
+
+# 3rd party libs
+OCV_OPTION(BUILD_ZLIB               "Build zlib from source"             WIN32 OR APPLE )
+OCV_OPTION(BUILD_TIFF               "Build libtiff from source"          WIN32 OR ANDROID OR APPLE )
+OCV_OPTION(BUILD_JASPER             "Build libjasper from source"        WIN32 OR ANDROID OR APPLE )
+OCV_OPTION(BUILD_JPEG               "Build libjpeg from source"          WIN32 OR ANDROID OR APPLE )
+OCV_OPTION(BUILD_PNG                "Build libpng from source"           WIN32 OR ANDROID OR APPLE )
+OCV_OPTION(BUILD_OPENEXR            "Build openexr from source"          (WIN32 OR ANDROID OR APPLE) AND NOT WINRT)
+OCV_OPTION(BUILD_TBB                "Download and build TBB from source" ANDROID )
+
+# OpenCV installation options
+# ===================================================
+OCV_OPTION(INSTALL_CREATE_DISTRIB   "Change install rules to build the distribution package" OFF )
+OCV_OPTION(INSTALL_C_EXAMPLES       "Install C examples"        OFF )
+OCV_OPTION(INSTALL_PYTHON_EXAMPLES  "Install Python examples"   OFF )
+OCV_OPTION(INSTALL_ANDROID_EXAMPLES "Install Android examples"  OFF IF ANDROID )
+OCV_OPTION(INSTALL_TO_MANGLED_PATHS "Enables mangled install paths, that help with side by side installs." OFF IF (UNIX AND NOT ANDROID AND NOT IOS AND BUILD_SHARED_LIBS) )
+OCV_OPTION(INSTALL_TESTS            "Install accuracy and performance test binaries and test data" OFF)
+
+# OpenCV build options
+# ===================================================
+OCV_OPTION(ENABLE_PRECOMPILED_HEADERS "Use precompiled headers"                                  ON   IF (NOT IOS) )
+OCV_OPTION(ENABLE_SOLUTION_FOLDERS    "Solution folder in Visual Studio or in other IDEs"        (MSVC_IDE OR CMAKE_GENERATOR MATCHES Xcode) )
+OCV_OPTION(ENABLE_PROFILING           "Enable profiling in the GCC compiler (Add flags: -g -pg)" OFF  IF CMAKE_COMPILER_IS_GNUCXX )
+OCV_OPTION(ENABLE_COVERAGE            "Enable coverage collection with  GCov"                    OFF  IF CMAKE_COMPILER_IS_GNUCXX )
+OCV_OPTION(ENABLE_OMIT_FRAME_POINTER  "Enable -fomit-frame-pointer for GCC"                      ON   IF CMAKE_COMPILER_IS_GNUCXX AND NOT (APPLE AND CMAKE_COMPILER_IS_CLANGCXX) )
+OCV_OPTION(ENABLE_POWERPC             "Enable PowerPC for GCC"                                   ON   IF (CMAKE_COMPILER_IS_GNUCXX AND CMAKE_SYSTEM_PROCESSOR MATCHES powerpc.*) )
+OCV_OPTION(ENABLE_FAST_MATH           "Enable -ffast-math (not recommended for GCC 4.6.x)"       OFF  IF (CMAKE_COMPILER_IS_GNUCXX AND (X86 OR X86_64)) )
+OCV_OPTION(ENABLE_SSE                 "Enable SSE instructions"                                  ON   IF ((MSVC OR CMAKE_COMPILER_IS_GNUCXX) AND (X86 OR X86_64)) )
+OCV_OPTION(ENABLE_SSE2                "Enable SSE2 instructions"                                 ON   IF ((MSVC OR CMAKE_COMPILER_IS_GNUCXX) AND (X86 OR X86_64)) )
+OCV_OPTION(ENABLE_SSE3                "Enable SSE3 instructions"                                 ON   IF ((MSVC OR CMAKE_COMPILER_IS_GNUCXX OR CV_ICC) AND (X86 OR X86_64)) )
+OCV_OPTION(ENABLE_SSSE3               "Enable SSSE3 instructions"                                OFF  IF ((MSVC OR CMAKE_COMPILER_IS_GNUCXX) AND (X86 OR X86_64)) )
+OCV_OPTION(ENABLE_SSE41               "Enable SSE4.1 instructions"                               OFF  IF ((MSVC OR CMAKE_COMPILER_IS_GNUCXX OR CV_ICC) AND (X86 OR X86_64)) )
+OCV_OPTION(ENABLE_SSE42               "Enable SSE4.2 instructions"                               OFF  IF ((MSVC OR CMAKE_COMPILER_IS_GNUCXX) AND (X86 OR X86_64)) )
+OCV_OPTION(ENABLE_POPCNT              "Enable POPCNT instructions"                               OFF  IF ((MSVC OR CMAKE_COMPILER_IS_GNUCXX) AND (X86 OR X86_64)) )
+OCV_OPTION(ENABLE_AVX                 "Enable AVX instructions"                                  OFF  IF ((MSVC OR CMAKE_COMPILER_IS_GNUCXX) AND (X86 OR X86_64)) )
+OCV_OPTION(ENABLE_AVX2                "Enable AVX2 instructions"                                 OFF  IF ((MSVC OR CMAKE_COMPILER_IS_GNUCXX) AND (X86 OR X86_64)) )
+OCV_OPTION(ENABLE_FMA3                "Enable FMA3 instructions"                                 OFF  IF ((MSVC OR CMAKE_COMPILER_IS_GNUCXX) AND (X86 OR X86_64)) )
+OCV_OPTION(ENABLE_NEON                "Enable NEON instructions"                                 OFF  IF CMAKE_COMPILER_IS_GNUCXX AND (ARM OR AARCH64 OR IOS) )
+OCV_OPTION(ENABLE_VFPV3               "Enable VFPv3-D32 instructions"                            OFF  IF CMAKE_COMPILER_IS_GNUCXX AND (ARM OR AARCH64 OR IOS) )
+OCV_OPTION(ENABLE_NOISY_WARNINGS      "Show all warnings even if they are too noisy"             OFF )
+OCV_OPTION(OPENCV_WARNINGS_ARE_ERRORS "Treat warnings as errors"                                 OFF )
+OCV_OPTION(ANDROID_EXAMPLES_WITH_LIBS "Build binaries of Android examples with native libraries" OFF  IF ANDROID )
+OCV_OPTION(ENABLE_IMPL_COLLECTION     "Collect implementation data on function call"             OFF )
+OCV_OPTION(GENERATE_ABI_DESCRIPTOR    "Generate XML file for abi_compliance_checker tool" OFF IF UNIX)
+
+if(ENABLE_IMPL_COLLECTION)
+  add_definitions(-DCV_COLLECT_IMPL_DATA)
+endif()
+
+
+# ----------------------------------------------------------------------------
+#  Get actual OpenCV version number from sources
+# ----------------------------------------------------------------------------
+include(cmake/OpenCVVersion.cmake)
+
+
+# ----------------------------------------------------------------------------
+#  Build & install layouts
+# ----------------------------------------------------------------------------
+
+# Save libs and executables in the same place
+set(EXECUTABLE_OUTPUT_PATH "${CMAKE_BINARY_DIR}/bin" CACHE PATH "Output directory for applications" )
+
+if (ANDROID)
+  if (ANDROID_ABI MATCHES "NEON")
+    set(ENABLE_NEON ON)
+  endif()
+  if (ANDROID_ABI MATCHES "VFPV3")
+    set(ENABLE_VFPV3 ON)
+  endif()
+endif()
+
+if(ANDROID OR WIN32)
+  set(OPENCV_DOC_INSTALL_PATH doc)
+else()
+  set(OPENCV_DOC_INSTALL_PATH share/OpenCV/doc)
+endif()
+
+if(WIN32 AND CMAKE_HOST_SYSTEM_NAME MATCHES Windows)
+  if(DEFINED OpenCV_RUNTIME AND DEFINED OpenCV_ARCH)
+    set(OpenCV_INSTALL_BINARIES_PREFIX "${OpenCV_ARCH}/${OpenCV_RUNTIME}/")
+  else()
+    message(STATUS "Can't detect runtime and/or arch")
+    set(OpenCV_INSTALL_BINARIES_PREFIX "")
+  endif()
+elseif(ANDROID)
+  set(OpenCV_INSTALL_BINARIES_PREFIX "sdk/native/")
+else()
+  set(OpenCV_INSTALL_BINARIES_PREFIX "")
+endif()
+
+if(ANDROID)
+  set(OPENCV_SAMPLES_BIN_INSTALL_PATH "${OpenCV_INSTALL_BINARIES_PREFIX}samples/${ANDROID_NDK_ABI_NAME}")
+else()
+  set(OPENCV_SAMPLES_BIN_INSTALL_PATH "${OpenCV_INSTALL_BINARIES_PREFIX}samples")
+endif()
+
+if(ANDROID)
+  set(OPENCV_BIN_INSTALL_PATH "${OpenCV_INSTALL_BINARIES_PREFIX}bin/${ANDROID_NDK_ABI_NAME}")
+else()
+  set(OPENCV_BIN_INSTALL_PATH "${OpenCV_INSTALL_BINARIES_PREFIX}bin")
+endif()
+
+if(NOT OPENCV_TEST_INSTALL_PATH)
+  set(OPENCV_TEST_INSTALL_PATH "${OPENCV_BIN_INSTALL_PATH}")
+endif()
+
+if (OPENCV_TEST_DATA_PATH)
+  get_filename_component(OPENCV_TEST_DATA_PATH ${OPENCV_TEST_DATA_PATH} ABSOLUTE)
+endif()
+
+if(OPENCV_TEST_DATA_PATH AND NOT OPENCV_TEST_DATA_INSTALL_PATH)
+  if(ANDROID)
+    set(OPENCV_TEST_DATA_INSTALL_PATH "sdk/etc/testdata")
+  elseif(WIN32)
+    set(OPENCV_TEST_DATA_INSTALL_PATH "testdata")
+  else()
+    set(OPENCV_TEST_DATA_INSTALL_PATH "share/OpenCV/testdata")
+  endif()
+endif()
+
+if(ANDROID)
+  set(LIBRARY_OUTPUT_PATH         "${OpenCV_BINARY_DIR}/lib/${ANDROID_NDK_ABI_NAME}")
+  set(3P_LIBRARY_OUTPUT_PATH      "${OpenCV_BINARY_DIR}/3rdparty/lib/${ANDROID_NDK_ABI_NAME}")
+  set(OPENCV_LIB_INSTALL_PATH     sdk/native/libs/${ANDROID_NDK_ABI_NAME})
+  set(OPENCV_3P_LIB_INSTALL_PATH  sdk/native/3rdparty/libs/${ANDROID_NDK_ABI_NAME})
+  set(OPENCV_CONFIG_INSTALL_PATH  sdk/native/jni)
+  set(OPENCV_INCLUDE_INSTALL_PATH sdk/native/jni/include)
+  set(OPENCV_SAMPLES_SRC_INSTALL_PATH samples/native)
+  set(OPENCV_OTHER_INSTALL_PATH   sdk/etc)
+else()
+  set(LIBRARY_OUTPUT_PATH         "${OpenCV_BINARY_DIR}/lib")
+  set(3P_LIBRARY_OUTPUT_PATH      "${OpenCV_BINARY_DIR}/3rdparty/lib${LIB_SUFFIX}")
+
+  if(WIN32 AND CMAKE_HOST_SYSTEM_NAME MATCHES Windows)
+    if(OpenCV_STATIC)
+      set(OPENCV_LIB_INSTALL_PATH   "${OpenCV_INSTALL_BINARIES_PREFIX}staticlib${LIB_SUFFIX}")
+    else()
+      set(OPENCV_LIB_INSTALL_PATH   "${OpenCV_INSTALL_BINARIES_PREFIX}lib${LIB_SUFFIX}")
+    endif()
+    set(OPENCV_3P_LIB_INSTALL_PATH  "${OpenCV_INSTALL_BINARIES_PREFIX}staticlib${LIB_SUFFIX}")
+    set(OPENCV_SAMPLES_SRC_INSTALL_PATH    samples/native)
+    set(OPENCV_JAR_INSTALL_PATH java)
+    set(OPENCV_OTHER_INSTALL_PATH   etc)
+  else()
+    set(OPENCV_LIB_INSTALL_PATH     lib${LIB_SUFFIX})
+    set(OPENCV_3P_LIB_INSTALL_PATH  share/OpenCV/3rdparty/${OPENCV_LIB_INSTALL_PATH})
+    set(OPENCV_SAMPLES_SRC_INSTALL_PATH    share/OpenCV/samples)
+    set(OPENCV_JAR_INSTALL_PATH share/OpenCV/java)
+    set(OPENCV_OTHER_INSTALL_PATH   share/OpenCV)
+  endif()
+  set(OPENCV_INCLUDE_INSTALL_PATH "include")
+
+  math(EXPR SIZEOF_VOID_P_BITS "8 * ${CMAKE_SIZEOF_VOID_P}")
+  if(LIB_SUFFIX AND NOT SIZEOF_VOID_P_BITS EQUAL LIB_SUFFIX)
+    set(OPENCV_CONFIG_INSTALL_PATH lib${LIB_SUFFIX}/cmake/opencv)
+  else()
+    set(OPENCV_CONFIG_INSTALL_PATH share/OpenCV)
+  endif()
+endif()
+
+set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/${OPENCV_LIB_INSTALL_PATH}")
+set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+
+if(INSTALL_TO_MANGLED_PATHS)
+  set(OPENCV_INCLUDE_INSTALL_PATH ${OPENCV_INCLUDE_INSTALL_PATH}/opencv-${OPENCV_VERSION})
+  string(REPLACE "OpenCV" "OpenCV-${OPENCV_VERSION}" OPENCV_3P_LIB_INSTALL_PATH "${OPENCV_3P_LIB_INSTALL_PATH}")
+  string(REPLACE "OpenCV" "OpenCV-${OPENCV_VERSION}" OPENCV_SAMPLES_SRC_INSTALL_PATH "${OPENCV_SAMPLES_SRC_INSTALL_PATH}")
+  string(REPLACE "OpenCV" "OpenCV-${OPENCV_VERSION}" OPENCV_CONFIG_INSTALL_PATH "${OPENCV_CONFIG_INSTALL_PATH}")
+  string(REPLACE "OpenCV" "OpenCV-${OPENCV_VERSION}" OPENCV_DOC_INSTALL_PATH "${OPENCV_DOC_INSTALL_PATH}")
+  string(REPLACE "OpenCV" "OpenCV-${OPENCV_VERSION}" OPENCV_JAR_INSTALL_PATH "${OPENCV_JAR_INSTALL_PATH}")
+  string(REPLACE "OpenCV" "OpenCV-${OPENCV_VERSION}" OPENCV_TEST_DATA_INSTALL_PATH "${OPENCV_TEST_DATA_INSTALL_PATH}")
+  string(REPLACE "OpenCV" "OpenCV-${OPENCV_VERSION}" OPENCV_OTHER_INSTALL_PATH "${OPENCV_OTHER_INSTALL_PATH}")
+endif()
+
+
+if(WIN32)
+  # Postfix of DLLs:
+  set(OPENCV_DLLVERSION "${OPENCV_VERSION_MAJOR}${OPENCV_VERSION_MINOR}${OPENCV_VERSION_PATCH}")
+  set(OPENCV_DEBUG_POSTFIX d)
+else()
+  # Postfix of so's:
+  set(OPENCV_DLLVERSION "")
+  set(OPENCV_DEBUG_POSTFIX "")
+endif()
+
+if(DEFINED CMAKE_DEBUG_POSTFIX)
+  set(OPENCV_DEBUG_POSTFIX "${CMAKE_DEBUG_POSTFIX}")
+endif()
+
+if(INSTALL_CREATE_DISTRIB AND BUILD_SHARED_LIBS AND NOT DEFINED BUILD_opencv_world)
+  set(BUILD_opencv_world ON CACHE INTERNAL "")
+endif()
+
+# ----------------------------------------------------------------------------
+#  Path for build/platform -specific headers
+# ----------------------------------------------------------------------------
+set(OPENCV_CONFIG_FILE_INCLUDE_DIR "${CMAKE_BINARY_DIR}/" CACHE PATH "Where to create the platform-dependant cvconfig.h")
+ocv_include_directories(${OPENCV_CONFIG_FILE_INCLUDE_DIR})
+
+# ----------------------------------------------------------------------------
+#  Path for additional modules
+# ----------------------------------------------------------------------------
+set(OPENCV_EXTRA_MODULES_PATH "" CACHE PATH "Where to look for additional OpenCV modules")
+
+# ----------------------------------------------------------------------------
+#  Autodetect if we are in a GIT repository
+# ----------------------------------------------------------------------------
+find_host_package(Git QUIET)
+
+if(GIT_FOUND)
+  execute_process(COMMAND "${GIT_EXECUTABLE}" describe --tags --always --dirty --match "[0-9].[0-9].[0-9]*"
+    WORKING_DIRECTORY "${OpenCV_SOURCE_DIR}"
+    OUTPUT_VARIABLE OPENCV_VCSVERSION
+    RESULT_VARIABLE GIT_RESULT
+    ERROR_QUIET
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+  )
+  if(NOT GIT_RESULT EQUAL 0)
+    set(OPENCV_VCSVERSION "unknown")
+  endif()
+else()
+  # We don't have git:
+  set(OPENCV_VCSVERSION "unknown")
+endif()
+
+
+# ----------------------------------------------------------------------------
+# OpenCV compiler and linker options
+# ----------------------------------------------------------------------------
+# In case of Makefiles if the user does not setup CMAKE_BUILD_TYPE, assume it's Release:
+if(CMAKE_GENERATOR MATCHES "Makefiles|Ninja" AND "${CMAKE_BUILD_TYPE}" STREQUAL "")
+  set(CMAKE_BUILD_TYPE Release)
+endif()
+
+include(cmake/OpenCVCompilerOptions.cmake)
+
+
+# ----------------------------------------------------------------------------
+# Use statically or dynamically linked CRT?
+# Default: dynamic
+# ----------------------------------------------------------------------------
+if(MSVC)
+  include(cmake/OpenCVCRTLinkage.cmake)
+endif(MSVC)
+
+if(WIN32 AND NOT MINGW)
+  add_definitions(-D_VARIADIC_MAX=10)
+endif(WIN32 AND NOT MINGW)
+
+
+# ----------------------------------------------------------------------------
+#       CHECK FOR SYSTEM LIBRARIES, OPTIONS, ETC..
+# ----------------------------------------------------------------------------
+if(UNIX)
+  find_package(PkgConfig QUIET)
+  include(CheckFunctionExists)
+  include(CheckIncludeFile)
+
+  if(NOT APPLE)
+    CHECK_INCLUDE_FILE(pthread.h HAVE_LIBPTHREAD)
+    if(ANDROID)
+      set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} dl m log)
+    elseif(${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD|NetBSD|DragonFly")
+      set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} m pthread)
+    elseif(EMSCRIPTEN)
+      # no need to link to system libs with emscripten
+    else()
+      set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} dl m pthread rt)
+    endif()
+  else()
+    set(HAVE_LIBPTHREAD YES)
+  endif()
+endif()
+
+include(cmake/OpenCVPCHSupport.cmake)
+include(cmake/OpenCVModule.cmake)
+
+# ----------------------------------------------------------------------------
+#  Detect endianness of build platform
+# ----------------------------------------------------------------------------
+
+if(IOS)
+  # test_big_endian needs try_compile, which doesn't work for iOS
+  # http://public.kitware.com/Bug/view.php?id=12288
+  set(WORDS_BIGENDIAN 0)
+else()
+  include(TestBigEndian)
+  test_big_endian(WORDS_BIGENDIAN)
+endif()
+
+# ----------------------------------------------------------------------------
+#  Detect 3rd-party libraries
+# ----------------------------------------------------------------------------
+
+include(cmake/OpenCVFindLibsGrfmt.cmake)
+include(cmake/OpenCVFindLibsGUI.cmake)
+include(cmake/OpenCVFindLibsVideo.cmake)
+include(cmake/OpenCVFindLibsPerf.cmake)
+
+# ----------------------------------------------------------------------------
+#  Detect other 3rd-party libraries/tools
+# ----------------------------------------------------------------------------
+
+# --- Doxygen and PlantUML for documentation ---
+unset(DOXYGEN_FOUND CACHE)
+if(BUILD_DOCS)
+  find_package(Doxygen)
+  if (PLANTUML_JAR)
+    message(STATUS "Using PlantUML path from command line: ${PLANTUML_JAR}")
+  elseif(DEFINED ENV{PLANTUML_JAR})
+    set(PLANTUML_JAR $ENV{PLANTUML_JAR})
+    message(STATUS "Using PLantUML path from environment: ${PLANTUML_JAR}")
+  else()
+    message(STATUS "To enable PlantUML support, set PLANTUML_JAR environment variable or pass -DPLANTUML_JAR=<filepath> option to cmake")
+  endif()
+  if (PLANTUML_JAR AND DOXYGEN_VERSION VERSION_LESS 1.8.8)
+    message(STATUS "You need Doxygen version 1.8.8 or later to use PlantUML")
+    unset(PLANTUML_JAR)
+  endif()
+endif(BUILD_DOCS)
+
+# --- Python Support ---
+include(cmake/OpenCVDetectPython.cmake)
+
+# --- Java Support ---
+include(cmake/OpenCVDetectApacheAnt.cmake)
+if(ANDROID)
+  include(cmake/OpenCVDetectAndroidSDK.cmake)
+
+  if(NOT ANDROID_TOOLS_Pkg_Revision GREATER 13)
+    message(WARNING "OpenCV requires Android SDK tools revision 14 or newer. Otherwise tests and samples will no be compiled.")
+  endif()
+else()
+  find_package(JNI)
+endif()
+
+if(ANDROID AND ANDROID_EXECUTABLE AND ANT_EXECUTABLE AND (ANT_VERSION VERSION_GREATER 1.7) AND (ANDROID_TOOLS_Pkg_Revision GREATER 13))
+  SET(CAN_BUILD_ANDROID_PROJECTS TRUE)
+else()
+  SET(CAN_BUILD_ANDROID_PROJECTS FALSE)
+endif()
+
+# --- OpenCL ---
+if(WITH_OPENCL)
+  include(cmake/OpenCVDetectOpenCL.cmake)
+endif()
+
+# --- DirectX ---
+if(WITH_DIRECTX)
+  include(cmake/OpenCVDetectDirectX.cmake)
+endif()
+
+# --- Matlab/Octave ---
+include(cmake/OpenCVFindMatlab.cmake)
+
+include(cmake/OpenCVDetectVTK.cmake)
+
+# ----------------------------------------------------------------------------
+# Add CUDA libraries (needed for apps/tools, samples)
+# ----------------------------------------------------------------------------
+if(HAVE_CUDA)
+  set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} ${CUDA_LIBRARIES} ${CUDA_npp_LIBRARY})
+  if(HAVE_CUBLAS)
+    set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} ${CUDA_cublas_LIBRARY})
+  endif()
+  if(HAVE_CUFFT)
+    set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} ${CUDA_cufft_LIBRARY})
+  endif()
+endif()
+# ----------------------------------------------------------------------------
+# Solution folders:
+# ----------------------------------------------------------------------------
+if(ENABLE_SOLUTION_FOLDERS)
+  set_property(GLOBAL PROPERTY USE_FOLDERS ON)
+  set_property(GLOBAL PROPERTY PREDEFINED_TARGETS_FOLDER "CMakeTargets")
+endif()
+
+# Extra OpenCV targets: uninstall, package_source, perf, etc.
+include(cmake/OpenCVExtraTargets.cmake)
+
+
+# ----------------------------------------------------------------------------
+# Process subdirectories
+# ----------------------------------------------------------------------------
+
+# opencv.hpp and legacy headers
+add_subdirectory(include)
+
+# OpenCV modules
+add_subdirectory(modules)
+
+# Generate targets for documentation
+add_subdirectory(doc)
+
+# various data that is used by cv libraries and/or demo applications.
+add_subdirectory(data)
+
+# extra applications
+if(BUILD_opencv_apps)
+  add_subdirectory(apps)
+endif()
+
+# examples
+if(BUILD_EXAMPLES OR BUILD_ANDROID_EXAMPLES OR INSTALL_PYTHON_EXAMPLES)
+  add_subdirectory(samples)
+endif()
+
+if(ANDROID)
+  add_subdirectory(platforms/android/service)
+endif()
+
+# ----------------------------------------------------------------------------
+# Finalization: generate configuration-based files
+# ----------------------------------------------------------------------------
+
+# Generate platform-dependent and configuration-dependent headers
+include(cmake/OpenCVGenHeaders.cmake)
+
+# Generate opencv.pc for pkg-config command
+include(cmake/OpenCVGenPkgconfig.cmake)
+
+# Generate OpenCV.mk for ndk-build (Android build tool)
+include(cmake/OpenCVGenAndroidMK.cmake)
+
+# Generate OpenCVСonfig.cmake and OpenCVConfig-version.cmake for cmake projects
+include(cmake/OpenCVGenConfig.cmake)
+
+# Generate Info.plist for the IOS framework
+include(cmake/OpenCVGenInfoPlist.cmake)
+
+# Generate ABI descriptor
+include(cmake/OpenCVGenABI.cmake)
+
+# Generate environment setup file
+if(INSTALL_TESTS AND OPENCV_TEST_DATA_PATH)
+  if(ANDROID)
+    get_filename_component(TEST_PATH ${OPENCV_TEST_INSTALL_PATH} DIRECTORY)
+    configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake/templates/opencv_run_all_tests_android.sh.in"
+                   "${CMAKE_BINARY_DIR}/unix-install/opencv_run_all_tests.sh" @ONLY)
+    install(PROGRAMS "${CMAKE_BINARY_DIR}/unix-install/opencv_run_all_tests.sh"
+            DESTINATION ${CMAKE_INSTALL_PREFIX} COMPONENT tests)
+  elseif(WIN32)
+    configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake/templates/opencv_run_all_tests_windows.cmd.in"
+                   "${CMAKE_BINARY_DIR}/win-install/opencv_run_all_tests.cmd" @ONLY)
+    install(PROGRAMS "${CMAKE_BINARY_DIR}/win-install/opencv_run_all_tests.cmd"
+            DESTINATION ${OPENCV_TEST_INSTALL_PATH} COMPONENT tests)
+  elseif(UNIX)
+    configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake/templates/opencv_run_all_tests_unix.sh.in"
+                   "${CMAKE_BINARY_DIR}/unix-install/opencv_run_all_tests.sh" @ONLY)
+    install(PROGRAMS "${CMAKE_BINARY_DIR}/unix-install/opencv_run_all_tests.sh"
+            DESTINATION ${OPENCV_TEST_INSTALL_PATH} COMPONENT tests)
+  endif()
+endif()
+
+if(NOT OPENCV_README_FILE)
+  if(ANDROID)
+    set(OPENCV_README_FILE ${CMAKE_CURRENT_SOURCE_DIR}/platforms/android/README.android)
+  endif()
+endif()
+
+if(NOT OPENCV_LICENSE_FILE)
+  set(OPENCV_LICENSE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/LICENSE)
+endif()
+
+# for UNIX it does not make sense as LICENSE and readme will be part of the package automatically
+if(ANDROID OR NOT UNIX)
+  install(FILES ${OPENCV_LICENSE_FILE}
+        PERMISSIONS OWNER_READ GROUP_READ WORLD_READ
+        DESTINATION ${CMAKE_INSTALL_PREFIX} COMPONENT libs)
+  if(OPENCV_README_FILE)
+    install(FILES ${OPENCV_README_FILE}
+            PERMISSIONS OWNER_READ GROUP_READ WORLD_READ
+            DESTINATION ${CMAKE_INSTALL_PREFIX} COMPONENT libs)
+  endif()
+endif()
+
+# ----------------------------------------------------------------------------
+# Summary:
+# ----------------------------------------------------------------------------
+status("")
+status("General configuration for OpenCV ${OPENCV_VERSION} =====================================")
+if(OPENCV_VCSVERSION)
+  status("  Version control:" ${OPENCV_VCSVERSION})
+endif()
+
+# ========================== build platform ==========================
+status("")
+status("  Platform:")
+status("    Host:"             ${CMAKE_HOST_SYSTEM_NAME} ${CMAKE_HOST_SYSTEM_VERSION} ${CMAKE_HOST_SYSTEM_PROCESSOR})
+if(CMAKE_CROSSCOMPILING)
+  status("    Target:"         ${CMAKE_SYSTEM_NAME} ${CMAKE_SYSTEM_VERSION} ${CMAKE_SYSTEM_PROCESSOR})
+endif()
+status("    CMake:"            ${CMAKE_VERSION})
+status("    CMake generator:"  ${CMAKE_GENERATOR})
+status("    CMake build tool:" ${CMAKE_BUILD_TOOL})
+if(MSVC)
+  status("    MSVC:"           ${MSVC_VERSION})
+endif()
+if(CMAKE_GENERATOR MATCHES Xcode)
+  status("    Xcode:"          ${XCODE_VERSION})
+endif()
+if(NOT CMAKE_GENERATOR MATCHES "Xcode|Visual Studio")
+  status("    Configuration:"  ${CMAKE_BUILD_TYPE})
+endif()
+
+# ========================== C/C++ options ==========================
+if(CMAKE_CXX_COMPILER_VERSION)
+  set(OPENCV_COMPILER_STR "${CMAKE_CXX_COMPILER} ${CMAKE_CXX_COMPILER_ARG1} (ver ${CMAKE_CXX_COMPILER_VERSION})")
+elseif(CMAKE_COMPILER_IS_CLANGCXX)
+  set(OPENCV_COMPILER_STR "${CMAKE_CXX_COMPILER} ${CMAKE_CXX_COMPILER_ARG1} (ver ${CMAKE_CLANG_REGEX_VERSION})")
+elseif(CMAKE_COMPILER_IS_GNUCXX)
+  set(OPENCV_COMPILER_STR "${CMAKE_CXX_COMPILER} ${CMAKE_CXX_COMPILER_ARG1} (ver ${CMAKE_GCC_REGEX_VERSION})")
+else()
+  set(OPENCV_COMPILER_STR "${CMAKE_CXX_COMPILER} ${CMAKE_CXX_COMPILER_ARG1}")
+endif()
+string(STRIP "${OPENCV_COMPILER_STR}" OPENCV_COMPILER_STR)
+
+status("")
+status("  C/C++:")
+status("    Built as dynamic libs?:" BUILD_SHARED_LIBS THEN YES ELSE NO)
+status("    C++ Compiler:"           ${OPENCV_COMPILER_STR})
+status("    C++ flags (Release):"    ${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_RELEASE})
+status("    C++ flags (Debug):"      ${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_DEBUG})
+status("    C Compiler:"             ${CMAKE_C_COMPILER} ${CMAKE_C_COMPILER_ARG1})
+status("    C flags (Release):"      ${CMAKE_C_FLAGS} ${CMAKE_C_FLAGS_RELEASE})
+status("    C flags (Debug):"        ${CMAKE_C_FLAGS} ${CMAKE_C_FLAGS_DEBUG})
+if(WIN32)
+  status("    Linker flags (Release):" ${CMAKE_EXE_LINKER_FLAGS} ${CMAKE_EXE_LINKER_FLAGS_RELEASE})
+  status("    Linker flags (Debug):"   ${CMAKE_EXE_LINKER_FLAGS} ${CMAKE_EXE_LINKER_FLAGS_DEBUG})
+else()
+  status("    Linker flags (Release):" ${CMAKE_SHARED_LINKER_FLAGS} ${CMAKE_SHARED_LINKER_FLAGS_RELEASE})
+  status("    Linker flags (Debug):"   ${CMAKE_SHARED_LINKER_FLAGS} ${CMAKE_SHARED_LINKER_FLAGS_DEBUG})
+endif()
+status("    Precompiled headers:"     PCHSupport_FOUND AND ENABLE_PRECOMPILED_HEADERS THEN YES ELSE NO)
+
+# ========================== Dependencies ============================
+ocv_get_all_libs(deps_modules deps_extra deps_3rdparty)
+status("    Extra dependencies:" ${deps_extra})
+status("    3rdparty dependencies:" ${deps_3rdparty})
+
+# ========================== OpenCV modules ==========================
+status("")
+status("  OpenCV modules:")
+string(REPLACE "opencv_" "" OPENCV_MODULES_BUILD_ST          "${OPENCV_MODULES_BUILD}")
+string(REPLACE "opencv_" "" OPENCV_MODULES_DISABLED_USER_ST  "${OPENCV_MODULES_DISABLED_USER}")
+string(REPLACE "opencv_" "" OPENCV_MODULES_DISABLED_FORCE_ST "${OPENCV_MODULES_DISABLED_FORCE}")
+set(OPENCV_MODULES_DISABLED_AUTO_ST "")
+foreach(m ${OPENCV_MODULES_DISABLED_AUTO})
+  set(__mdeps "")
+  foreach(d ${OPENCV_MODULE_${m}_DEPS})
+    if(d MATCHES "^opencv_" AND NOT HAVE_${d})
+      list(APPEND __mdeps ${d})
+    endif()
+  endforeach()
+  if(__mdeps)
+    list(APPEND OPENCV_MODULES_DISABLED_AUTO_ST "${m}(deps: ${__mdeps})")
+  else()
+    list(APPEND OPENCV_MODULES_DISABLED_AUTO_ST "${m}")
+  endif()
+endforeach()
+string(REPLACE "opencv_" "" OPENCV_MODULES_DISABLED_AUTO_ST  "${OPENCV_MODULES_DISABLED_AUTO_ST}")
+
+status("    To be built:"            OPENCV_MODULES_BUILD          THEN ${OPENCV_MODULES_BUILD_ST}          ELSE "-")
+status("    Disabled:"               OPENCV_MODULES_DISABLED_USER  THEN ${OPENCV_MODULES_DISABLED_USER_ST}  ELSE "-")
+status("    Disabled by dependency:" OPENCV_MODULES_DISABLED_AUTO  THEN ${OPENCV_MODULES_DISABLED_AUTO_ST}  ELSE "-")
+status("    Unavailable:"            OPENCV_MODULES_DISABLED_FORCE THEN ${OPENCV_MODULES_DISABLED_FORCE_ST} ELSE "-")
+
+# ========================== Android details ==========================
+if(ANDROID)
+  status("")
+  status("  Android: ")
+  status("    Android ABI:" ${ANDROID_ABI})
+  status("    STL type:" ${ANDROID_STL})
+  status("    Native API level:" android-${ANDROID_NATIVE_API_LEVEL})
+  android_get_compatible_target(android_sdk_target_status ${ANDROID_NATIVE_API_LEVEL} ${ANDROID_SDK_TARGET} 11)
+  status("    SDK target:" "${android_sdk_target_status}")
+  if(BUILD_WITH_ANDROID_NDK)
+    status("    Android NDK:" "${ANDROID_NDK} (toolchain: ${ANDROID_TOOLCHAIN_NAME})")
+  elseif(BUILD_WITH_STANDALONE_TOOLCHAIN)
+    status("    Android toolchain:" "${ANDROID_STANDALONE_TOOLCHAIN}")
+  endif()
+  status("    android tool:"  ANDROID_EXECUTABLE  THEN "${ANDROID_EXECUTABLE} (${ANDROID_TOOLS_Pkg_Desc})" ELSE NO)
+  status("    Google Play manager:" BUILD_ANDROID_SERVICE                                         THEN YES ELSE NO)
+  status("    Android examples:"    BUILD_ANDROID_EXAMPLES AND CAN_BUILD_ANDROID_PROJECTS         THEN YES ELSE NO)
+endif()
+
+# ================== Windows RT features ==================
+if(WIN32)
+status("")
+status("  Windows RT support:" WINRT THEN YES ELSE NO)
+  if(WINRT)
+    status("    Building for Microsoft platform: " ${CMAKE_SYSTEM_NAME})
+    status("    Building for architectures: " ${CMAKE_VS_EFFECTIVE_PLATFORMS})
+    status("    Building for version: " ${CMAKE_SYSTEM_VERSION})
+  endif()
+endif(WIN32)
+
+# ========================== GUI ==========================
+status("")
+status("  GUI: ")
+
+if(HAVE_QT5)
+  status("    QT 5.x:"            HAVE_QT        THEN "YES (ver ${Qt5Core_VERSION_STRING})" ELSE NO)
+  status("    QT OpenGL support:" HAVE_QT_OPENGL THEN "YES (${Qt5OpenGL_LIBRARIES} ${Qt5OpenGL_VERSION_STRING})" ELSE NO)
+elseif(HAVE_QT)
+  status("    QT 4.x:"            HAVE_QT        THEN "YES (ver ${QT_VERSION_MAJOR}.${QT_VERSION_MINOR}.${QT_VERSION_PATCH} ${QT_EDITION})" ELSE NO)
+  status("    QT OpenGL support:" HAVE_QT_OPENGL THEN "YES (${QT_QTOPENGL_LIBRARY})" ELSE NO)
+else()
+  if(DEFINED WITH_QT)
+    status("    QT:" NO)
+  endif()
+  if(DEFINED WITH_WIN32UI)
+    status("    Win32 UI:" HAVE_WIN32UI THEN YES ELSE NO)
+  else()
+    if(APPLE)
+      if(WITH_CARBON)
+        status("    Carbon:" YES)
+      else()
+        status("    Cocoa:"  YES)
+      endif()
+    else()
+      if(HAVE_GTK3)
+        status("    GTK+ 3.x:" HAVE_GTK THEN "YES (ver ${ALIASOF_gtk+-3.0_VERSION})" ELSE NO)
+      elseif(HAVE_GTK)
+        status("    GTK+ 2.x:" HAVE_GTK THEN "YES (ver ${ALIASOF_gtk+-2.0_VERSION})" ELSE NO)
+      else()
+        status("    GTK+:" NO)
+      endif()
+      status("    GThread :" HAVE_GTHREAD THEN "YES (ver ${ALIASOF_gthread-2.0_VERSION})" ELSE NO)
+      status("    GtkGlExt:" HAVE_GTKGLEXT THEN "YES (ver ${ALIASOF_gtkglext-1.0_VERSION})" ELSE NO)
+    endif()
+  endif()
+endif()
+
+status("    OpenGL support:" HAVE_OPENGL THEN "YES (${OPENGL_LIBRARIES})" ELSE NO)
+status("    VTK support:" HAVE_VTK THEN "YES (ver ${VTK_VERSION})" ELSE NO)
+
+# ========================== MEDIA IO ==========================
+status("")
+status("  Media I/O: ")
+status("    ZLib:"         BUILD_ZLIB    THEN "build (ver ${ZLIB_VERSION_STRING})"               ELSE "${ZLIB_LIBRARIES} (ver ${ZLIB_VERSION_STRING})")
+
+if(WITH_JPEG)
+  status("    JPEG:"       JPEG_FOUND    THEN "${JPEG_LIBRARY} (ver ${JPEG_LIB_VERSION})"        ELSE "build (ver ${JPEG_LIB_VERSION})")
+else()
+  status("    JPEG:"       "NO")
+endif()
+
+if(WITH_WEBP)
+  status("    WEBP:"       WEBP_FOUND    THEN "${WEBP_LIBRARY} (ver ${WEBP_VERSION})"        ELSE "build (ver ${WEBP_VERSION})")
+else()
+  status("    WEBP:"       "NO")
+endif()
+
+if(WITH_PNG)
+  status("    PNG:"        PNG_FOUND     THEN "${PNG_LIBRARY} (ver ${PNG_VERSION})"              ELSE "build (ver ${PNG_VERSION})")
+else()
+  status("    PNG:"        "NO")
+endif()
+if(WITH_TIFF)
+  if(TIFF_VERSION_STRING AND TIFF_FOUND)
+    status("    TIFF:"     "${TIFF_LIBRARY} (ver ${TIFF_VERSION} - ${TIFF_VERSION_STRING})")
+  else()
+    status("    TIFF:"     TIFF_FOUND    THEN "${TIFF_LIBRARY} (ver ${TIFF_VERSION})"            ELSE "build (ver ${TIFF_VERSION} - ${TIFF_VERSION_STRING})")
+  endif()
+else()
+  status("    TIFF:"       "NO")
+endif()
+if(WITH_JASPER)
+  status("    JPEG 2000:"  JASPER_FOUND  THEN "${JASPER_LIBRARY} (ver ${JASPER_VERSION_STRING})" ELSE "build (ver ${JASPER_VERSION_STRING})")
+else()
+  status("    JPEG 2000:"  "NO")
+endif()
+if(WITH_OPENEXR)
+  status("    OpenEXR:"  OPENEXR_FOUND  THEN "${OPENEXR_LIBRARIES} (ver ${OPENEXR_VERSION})" ELSE "build (ver ${OPENEXR_VERSION})")
+else()
+  status("    OpenEXR:"  "NO")
+endif()
+
+if( WITH_GDAL )
+  status("    GDAL:"   GDAL_FOUND THEN "${GDAL_LIBRARY}" ELSE "NO")
+else()
+  status("    GDAL:"     "NO")
+endif()
+
+# ========================== VIDEO IO ==========================
+status("")
+status("  Video I/O:")
+
+if (DEFINED WITH_VFW)
+  status("    Video for Windows:" HAVE_VFW         THEN YES                                        ELSE NO)
+endif(DEFINED WITH_VFW)
+
+if(DEFINED WITH_1394)
+  status("    DC1394 1.x:"     HAVE_DC1394         THEN "YES (ver ${ALIASOF_libdc1394_VERSION})"   ELSE NO)
+  status("    DC1394 2.x:"     HAVE_DC1394_2       THEN "YES (ver ${ALIASOF_libdc1394-2_VERSION})" ELSE NO)
+endif(DEFINED WITH_1394)
+
+if(DEFINED WITH_AVFOUNDATION)
+  status("    AVFoundation:"   WITH_AVFOUNDATION   THEN YES                                        ELSE NO)
+endif(DEFINED WITH_AVFOUNDATION)
+
+if(DEFINED WITH_FFMPEG)
+  if(WIN32)
+    status("    FFMPEG:"       WITH_FFMPEG         THEN "YES (prebuilt binaries)"                  ELSE NO)
+  else()
+    status("    FFMPEG:"       HAVE_FFMPEG         THEN YES ELSE NO)
+  endif()
+  status("      codec:"        HAVE_FFMPEG_CODEC   THEN "YES (ver ${ALIASOF_libavcodec_VERSION})"  ELSE NO)
+  status("      format:"       HAVE_FFMPEG_FORMAT  THEN "YES (ver ${ALIASOF_libavformat_VERSION})" ELSE NO)
+  status("      util:"         HAVE_FFMPEG_UTIL    THEN "YES (ver ${ALIASOF_libavutil_VERSION})"   ELSE NO)
+  status("      swscale:"      HAVE_FFMPEG_SWSCALE THEN "YES (ver ${ALIASOF_libswscale_VERSION})"  ELSE NO)
+  status("      resample:"     HAVE_FFMPEG_RESAMPLE THEN "YES (ver ${ALIASOF_libavresample_VERSION})"  ELSE NO)
+  status("      gentoo-style:" HAVE_GENTOO_FFMPEG  THEN YES                                        ELSE NO)
+endif(DEFINED WITH_FFMPEG)
+
+if(DEFINED WITH_GSTREAMER)
+  status("    GStreamer:"      HAVE_GSTREAMER      THEN ""                                         ELSE NO)
+  if(HAVE_GSTREAMER)
+    status("      base:"       "YES (ver ${GSTREAMER_BASE_VERSION})")
+    status("      video:"      "YES (ver ${GSTREAMER_VIDEO_VERSION})")
+    status("      app:"        "YES (ver ${GSTREAMER_APP_VERSION})")
+    status("      riff:"       "YES (ver ${GSTREAMER_RIFF_VERSION})")
+    status("      pbutils:"    "YES (ver ${GSTREAMER_PBUTILS_VERSION})")
+  endif(HAVE_GSTREAMER)
+endif(DEFINED WITH_GSTREAMER)
+
+if(DEFINED WITH_OPENNI)
+  status("    OpenNI:"         HAVE_OPENNI         THEN "YES (ver ${OPENNI_VERSION_STRING}, build ${OPENNI_VERSION_BUILD})"
+                                                                                                   ELSE NO)
+  status("    OpenNI PrimeSensor Modules:" HAVE_OPENNI_PRIME_SENSOR_MODULE
+                                                   THEN "YES (${OPENNI_PRIME_SENSOR_MODULE})"      ELSE NO)
+endif(DEFINED WITH_OPENNI)
+
+if(DEFINED WITH_OPENNI2)
+  status("    OpenNI2:"		   HAVE_OPENNI2	   THEN "YES (ver ${OPENNI2_VERSION_STRING}, build ${OPENNI2_VERSION_BUILD})"
+                                                                                                   ELSE NO)
+endif(DEFINED WITH_OPENNI2)
+
+if(DEFINED WITH_PVAPI)
+  status("    PvAPI:"          HAVE_PVAPI          THEN YES                                        ELSE NO)
+endif(DEFINED WITH_PVAPI)
+
+if(DEFINED WITH_GIGEAPI)
+  status("    GigEVisionSDK:"  HAVE_GIGE_API       THEN YES                                        ELSE NO)
+endif(DEFINED WITH_GIGEAPI)
+
+if(DEFINED WITH_QUICKTIME)
+  status("    QuickTime:"      HAVE_QUICKTIME      THEN YES                                        ELSE NO)
+  status("    QTKit:"          HAVE_QTKIT          THEN YES                                        ELSE NO)
+endif(DEFINED WITH_QUICKTIME)
+
+if(DEFINED WITH_UNICAP)
+  status("    UniCap:"         HAVE_UNICAP         THEN "YES (ver ${ALIASOF_libunicap_VERSION})"   ELSE NO)
+  status("    UniCap ucil:"    HAVE_UNICAP_UCIL    THEN "YES (ver ${ALIASOF_libucil_VERSION})"     ELSE NO)
+endif(DEFINED WITH_UNICAP)
+
+if(DEFINED WITH_V4L)
+  if(HAVE_CAMV4L)
+    set(HAVE_CAMV4L_STR "YES")
+  else()
+    set(HAVE_CAMV4L_STR "NO")
+  endif()
+  if(HAVE_CAMV4L2)
+    set(HAVE_CAMV4L2_STR "YES")
+  elseif(HAVE_VIDEOIO)
+    set(HAVE_CAMV4L2_STR "YES(videoio)")
+  else()
+    set(HAVE_CAMV4L2_STR "NO")
+  endif()
+  status("    V4L/V4L2:"       HAVE_LIBV4L
+             THEN "Using libv4l1 (ver ${ALIASOF_libv4l1_VERSION}) / libv4l2 (ver ${ALIASOF_libv4l2_VERSION})"
+             ELSE "${HAVE_CAMV4L_STR}/${HAVE_CAMV4L2_STR}")
+endif(DEFINED WITH_V4L)
+
+if(DEFINED WITH_DSHOW)
+  status("    DirectShow:"     HAVE_DSHOW     THEN YES                                        ELSE NO)
+endif(DEFINED WITH_DSHOW)
+
+if(DEFINED WITH_MSMF)
+  status("    Media Foundation:" HAVE_MSMF    THEN YES                                        ELSE NO)
+endif(DEFINED WITH_MSMF)
+
+if(DEFINED WITH_XIMEA)
+  status("    XIMEA:"          HAVE_XIMEA          THEN YES                                        ELSE NO)
+endif(DEFINED WITH_XIMEA)
+
+if(DEFINED WITH_XINE)
+  status("    Xine:"           HAVE_XINE           THEN "YES (ver ${ALIASOF_libxine_VERSION})"     ELSE NO)
+endif(DEFINED WITH_XINE)
+
+if(DEFINED WITH_INTELPERC)
+  status("    Intel PerC:"     HAVE_INTELPERC      THEN "YES"                                 ELSE NO)
+endif(DEFINED WITH_INTELPERC)
+
+if(DEFINED WITH_GPHOTO2)
+  status("    gPhoto2:"        HAVE_GPHOTO2        THEN "YES"                                 ELSE NO)
+endif(DEFINED WITH_GPHOTO2)
+
+
+# ========================== Other third-party libraries ==========================
+status("")
+status("  Other third-party libraries:")
+
+if(WITH_IPP AND HAVE_IPP)
+  status("    Use IPP:" "${IPP_VERSION_STR} [${IPP_VERSION_MAJOR}.${IPP_VERSION_MINOR}.${IPP_VERSION_BUILD}]")
+  status("         at:" "${IPP_ROOT_DIR}")
+  if(NOT HAVE_IPP_ICV_ONLY)
+    status("     linked:" BUILD_WITH_DYNAMIC_IPP THEN "dynamic" ELSE "static")
+  endif()
+else()
+  status("    Use IPP:"   WITH_IPP AND NOT HAVE_IPP THEN "IPP not found or implicitly disabled" ELSE NO)
+endif()
+
+if(DEFINED WITH_IPP_A)
+status("    Use IPP Async:"  HAVE_IPP_A       THEN "YES" ELSE NO)
+endif(DEFINED WITH_IPP_A)
+
+status("    Use Eigen:"      HAVE_EIGEN       THEN "YES (ver ${EIGEN_WORLD_VERSION}.${EIGEN_MAJOR_VERSION}.${EIGEN_MINOR_VERSION})" ELSE NO)
+status("    Use TBB:"        HAVE_TBB         THEN "YES (ver ${TBB_VERSION_MAJOR}.${TBB_VERSION_MINOR} interface ${TBB_INTERFACE_VERSION})" ELSE NO)
+status("    Use OpenMP:"     HAVE_OPENMP      THEN YES ELSE NO)
+status("    Use GCD"         HAVE_GCD         THEN YES ELSE NO)
+status("    Use Concurrency" HAVE_CONCURRENCY THEN YES ELSE NO)
+status("    Use C=:"         HAVE_CSTRIPES    THEN YES ELSE NO)
+status("    Use pthreads for parallel for:"   HAVE_PTHREADS_PF THEN YES ELSE NO)
+status("    Use Cuda:"       HAVE_CUDA        THEN "YES (ver ${CUDA_VERSION_STRING})" ELSE NO)
+status("    Use OpenCL:"     HAVE_OPENCL      THEN YES ELSE NO)
+
+if(HAVE_CUDA)
+  status("")
+  status("  NVIDIA CUDA")
+
+  status("    Use CUFFT:"            HAVE_CUFFT   THEN YES ELSE NO)
+  status("    Use CUBLAS:"           HAVE_CUBLAS  THEN YES ELSE NO)
+  status("    USE NVCUVID:"          HAVE_NVCUVID THEN YES ELSE NO)
+  status("    NVIDIA GPU arch:"      ${OPENCV_CUDA_ARCH_BIN})
+  status("    NVIDIA PTX archs:"     ${OPENCV_CUDA_ARCH_PTX})
+  status("    Use fast math:"        CUDA_FAST_MATH THEN YES ELSE NO)
+endif()
+
+if(HAVE_OPENCL)
+  status("")
+  status("  OpenCL:")
+  if(HAVE_OPENCL_STATIC)
+    set(__opencl_ver "static")
+  else()
+    set(__opencl_ver "dynamic")
+  endif()
+  status("    Version:"       ${__opencl_ver})
+  if(OPENCL_INCLUDE_DIR)
+    status("    Include path:"       ${OPENCL_INCLUDE_DIRS})
+  endif()
+  if(OPENCL_LIBRARIES)
+    set(__libs "")
+    foreach(l ${OPENCL_LIBRARIES})
+      if(TARGET ${l})
+        get_target_property(p ${l} LOCATION)
+        if(p MATCHES NOTFOUND)
+          list(APPEND __libs "${l}")
+        else()
+          list(APPEND __libs "${p}")
+        endif()
+      else()
+        list(APPEND __libs "${l}")
+      endif()
+    endforeach()
+    status("    libraries:"          ${__libs})
+  endif()
+  status("    Use AMDFFT:"           HAVE_CLAMDFFT  THEN YES ELSE NO)
+  status("    Use AMDBLAS:"          HAVE_CLAMDBLAS THEN YES ELSE NO)
+endif()
+
+# ========================== python ==========================
+status("")
+status("  Python 2:")
+status("    Interpreter:"     PYTHON2INTERP_FOUND  THEN "${PYTHON2_EXECUTABLE} (ver ${PYTHON2_VERSION_STRING})"       ELSE NO)
+if(BUILD_opencv_python2)
+  if(PYTHON2LIBS_VERSION_STRING)
+    status("    Libraries:"   HAVE_opencv_python2  THEN  "${PYTHON2_LIBRARIES} (ver ${PYTHON2LIBS_VERSION_STRING})"   ELSE NO)
+  else()
+    status("    Libraries:"   HAVE_opencv_python2  THEN  "${PYTHON2_LIBRARIES}"                                      ELSE NO)
+  endif()
+  status("    numpy:"         PYTHON2_NUMPY_INCLUDE_DIRS THEN "${PYTHON2_NUMPY_INCLUDE_DIRS} (ver ${PYTHON2_NUMPY_VERSION})" ELSE "NO (Python wrappers can not be generated)")
+  status("    packages path:" PYTHON2_EXECUTABLE         THEN "${PYTHON2_PACKAGES_PATH}"                                    ELSE "-")
+endif()
+
+status("")
+status("  Python 3:")
+status("    Interpreter:"     PYTHON3INTERP_FOUND  THEN "${PYTHON3_EXECUTABLE} (ver ${PYTHON3_VERSION_STRING})"       ELSE NO)
+if(BUILD_opencv_python3)
+  if(PYTHON3LIBS_VERSION_STRING)
+    status("    Libraries:"   HAVE_opencv_python3  THEN  "${PYTHON3_LIBRARIES} (ver ${PYTHON3LIBS_VERSION_STRING})"   ELSE NO)
+  else()
+    status("    Libraries:"   HAVE_opencv_python3  THEN  "${PYTHON3_LIBRARIES}"                                      ELSE NO)
+  endif()
+  status("    numpy:"         PYTHON3_NUMPY_INCLUDE_DIRS THEN "${PYTHON3_NUMPY_INCLUDE_DIRS} (ver ${PYTHON3_NUMPY_VERSION})" ELSE "NO (Python3 wrappers can not be generated)")
+  status("    packages path:" PYTHON3_EXECUTABLE         THEN "${PYTHON3_PACKAGES_PATH}"                                    ELSE "-")
+endif()
+
+status("")
+status("  Python (for build):"  PYTHON_DEFAULT_AVAILABLE THEN "${PYTHON_DEFAULT_EXECUTABLE}" ELSE NO)
+
+# ========================== java ==========================
+status("")
+status("  Java:")
+status("    ant:"           ANT_EXECUTABLE      THEN "${ANT_EXECUTABLE} (ver ${ANT_VERSION})"                    ELSE NO)
+if(NOT ANDROID)
+  status("    JNI:"         JNI_INCLUDE_DIRS    THEN "${JNI_INCLUDE_DIRS}"                                       ELSE NO)
+endif()
+status("    Java wrappers:" HAVE_opencv_java                                                            THEN YES ELSE NO)
+status("    Java tests:"    BUILD_TESTS AND opencv_test_java_BINARY_DIR                                 THEN YES ELSE NO)
+
+# ========================= matlab =========================
+status("")
+status("  Matlab:")
+status("    mex:"         MATLAB_MEX_SCRIPT  THEN  "${MATLAB_MEX_SCRIPT}"   ELSE NO)
+if (MATLAB_FOUND)
+  status("    Compiler/generator:" MEX_WORKS    THEN  "Working"                ELSE "Not working (bindings will not be generated)")
+endif()
+
+# ========================== documentation ==========================
+if(BUILD_DOCS)
+  status("")
+  status("  Documentation:")
+  status("    Doxygen:"             DOXYGEN_FOUND             THEN "${DOXYGEN_EXECUTABLE} (ver ${DOXYGEN_VERSION})" ELSE NO)
+  status("    PlantUML:"            PLANTUML_JAR              THEN "${PLANTUML_JAR}" ELSE NO)
+endif()
+
+# ========================== samples and tests ==========================
+status("")
+status("  Tests and samples:")
+status("    Tests:"             BUILD_TESTS AND HAVE_opencv_ts       THEN YES ELSE NO)
+status("    Performance tests:" BUILD_PERF_TESTS AND HAVE_opencv_ts  THEN YES ELSE NO)
+status("    C/C++ Examples:"    BUILD_EXAMPLES                       THEN YES ELSE NO)
+
+# ========================== auxiliary ==========================
+status("")
+status("  Install path:" "${CMAKE_INSTALL_PREFIX}")
+status("")
+status("  cvconfig.h is in:" "${OPENCV_CONFIG_FILE_INCLUDE_DIR}")
+status("-----------------------------------------------------------------")
+status("")
+
+ocv_finalize_status()
+
+# ----------------------------------------------------------------------------
+# Warn in the case of in-source build
+# ----------------------------------------------------------------------------
+if("${CMAKE_CURRENT_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_BINARY_DIR}")
+  message(WARNING "The source directory is the same as binary directory. \"make clean\" may damage the source tree")
+endif()
+
+# ----------------------------------------------------------------------------
+# CPack stuff
+# ----------------------------------------------------------------------------
+
+include(cmake/OpenCVPackaging.cmake)
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/LICENSE b/dependency-check-core/src/test/resources/cmake/opencv/LICENSE
new file mode 100644
index 000000000..ab58eebca
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/LICENSE
@@ -0,0 +1,41 @@
+By downloading, copying, installing or using the software you agree to this license.
+If you do not agree to this license, do not download, install,
+copy or use the software.
+
+
+                          License Agreement
+               For Open Source Computer Vision Library
+                       (3-clause BSD License)
+
+Copyright (C) 2000-2015, Intel Corporation, all rights reserved.
+Copyright (C) 2009-2011, Willow Garage Inc., all rights reserved.
+Copyright (C) 2009-2015, NVIDIA Corporation, all rights reserved.
+Copyright (C) 2010-2013, Advanced Micro Devices, Inc., all rights reserved.
+Copyright (C) 2015, OpenCV Foundation, all rights reserved.
+Copyright (C) 2015, Itseez Inc., all rights reserved.
+Third party copyrights are property of their respective owners.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+  * Redistributions of source code must retain the above copyright notice,
+    this list of conditions and the following disclaimer.
+
+  * Redistributions in binary form must reproduce the above copyright notice,
+    this list of conditions and the following disclaimer in the documentation
+    and/or other materials provided with the distribution.
+
+  * Neither the names of the copyright holders nor the names of the contributors
+    may be used to endorse or promote products derived from this software
+    without specific prior written permission.
+
+This software is provided by the copyright holders and contributors "as is" and
+any express or implied warranties, including, but not limited to, the implied
+warranties of merchantability and fitness for a particular purpose are disclaimed.
+In no event shall copyright holders or contributors be liable for any direct,
+indirect, incidental, special, exemplary, or consequential damages
+(including, but not limited to, procurement of substitute goods or services;
+loss of use, data, or profits; or business interruption) however caused
+and on any theory of liability, whether in contract, strict liability,
+or tort (including negligence or otherwise) arising in any way out of
+the use of this software, even if advised of the possibility of such damage.
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/FindCUDA.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/FindCUDA.cmake
new file mode 100644
index 000000000..5efd36c4e
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/FindCUDA.cmake
@@ -0,0 +1,1715 @@
+#.rst:
+# FindCUDA
+# --------
+#
+# Tools for building CUDA C files: libraries and build dependencies.
+#
+# This script locates the NVIDIA CUDA C tools.  It should work on linux,
+# windows, and mac and should be reasonably up to date with CUDA C
+# releases.
+#
+# This script makes use of the standard find_package arguments of
+# <VERSION>, REQUIRED and QUIET.  CUDA_FOUND will report if an
+# acceptable version of CUDA was found.
+#
+# The script will prompt the user to specify CUDA_TOOLKIT_ROOT_DIR if
+# the prefix cannot be determined by the location of nvcc in the system
+# path and REQUIRED is specified to find_package().  To use a different
+# installed version of the toolkit set the environment variable
+# CUDA_BIN_PATH before running cmake (e.g.
+# CUDA_BIN_PATH=/usr/local/cuda1.0 instead of the default
+# /usr/local/cuda) or set CUDA_TOOLKIT_ROOT_DIR after configuring.  If
+# you change the value of CUDA_TOOLKIT_ROOT_DIR, various components that
+# depend on the path will be relocated.
+#
+# It might be necessary to set CUDA_TOOLKIT_ROOT_DIR manually on certain
+# platforms, or to use a cuda runtime not installed in the default
+# location.  In newer versions of the toolkit the cuda library is
+# included with the graphics driver- be sure that the driver version
+# matches what is needed by the cuda runtime version.
+#
+# The following variables affect the behavior of the macros in the
+# script (in alphebetical order).  Note that any of these flags can be
+# changed multiple times in the same directory before calling
+# CUDA_ADD_EXECUTABLE, CUDA_ADD_LIBRARY, CUDA_COMPILE, CUDA_COMPILE_PTX,
+# CUDA_COMPILE_FATBIN, CUDA_COMPILE_CUBIN or CUDA_WRAP_SRCS::
+#
+#   CUDA_64_BIT_DEVICE_CODE (Default matches host bit size)
+#   -- Set to ON to compile for 64 bit device code, OFF for 32 bit device code.
+#      Note that making this different from the host code when generating object
+#      or C files from CUDA code just won't work, because size_t gets defined by
+#      nvcc in the generated source.  If you compile to PTX and then load the
+#      file yourself, you can mix bit sizes between device and host.
+#
+#   CUDA_ATTACH_VS_BUILD_RULE_TO_CUDA_FILE (Default ON)
+#   -- Set to ON if you want the custom build rule to be attached to the source
+#      file in Visual Studio.  Turn OFF if you add the same cuda file to multiple
+#      targets.
+#
+#      This allows the user to build the target from the CUDA file; however, bad
+#      things can happen if the CUDA source file is added to multiple targets.
+#      When performing parallel builds it is possible for the custom build
+#      command to be run more than once and in parallel causing cryptic build
+#      errors.  VS runs the rules for every source file in the target, and a
+#      source can have only one rule no matter how many projects it is added to.
+#      When the rule is run from multiple targets race conditions can occur on
+#      the generated file.  Eventually everything will get built, but if the user
+#      is unaware of this behavior, there may be confusion.  It would be nice if
+#      this script could detect the reuse of source files across multiple targets
+#      and turn the option off for the user, but no good solution could be found.
+#
+#   CUDA_BUILD_CUBIN (Default OFF)
+#   -- Set to ON to enable and extra compilation pass with the -cubin option in
+#      Device mode. The output is parsed and register, shared memory usage is
+#      printed during build.
+#
+#   CUDA_BUILD_EMULATION (Default OFF for device mode)
+#   -- Set to ON for Emulation mode. -D_DEVICEEMU is defined for CUDA C files
+#      when CUDA_BUILD_EMULATION is TRUE.
+#
+#   CUDA_GENERATED_OUTPUT_DIR (Default CMAKE_CURRENT_BINARY_DIR)
+#   -- Set to the path you wish to have the generated files placed.  If it is
+#      blank output files will be placed in CMAKE_CURRENT_BINARY_DIR.
+#      Intermediate files will always be placed in
+#      CMAKE_CURRENT_BINARY_DIR/CMakeFiles.
+#
+#   CUDA_HOST_COMPILATION_CPP (Default ON)
+#   -- Set to OFF for C compilation of host code.
+#
+#   CUDA_HOST_COMPILER (Default CMAKE_C_COMPILER, $(VCInstallDir)/bin for VS)
+#   -- Set the host compiler to be used by nvcc.  Ignored if -ccbin or
+#      --compiler-bindir is already present in the CUDA_NVCC_FLAGS or
+#      CUDA_NVCC_FLAGS_<CONFIG> variables.  For Visual Studio targets
+#      $(VCInstallDir)/bin is a special value that expands out to the path when
+#      the command is run from withing VS.
+#
+#   CUDA_NVCC_FLAGS
+#   CUDA_NVCC_FLAGS_<CONFIG>
+#   -- Additional NVCC command line arguments.  NOTE: multiple arguments must be
+#      semi-colon delimited (e.g. --compiler-options;-Wall)
+#
+#   CUDA_PROPAGATE_HOST_FLAGS (Default ON)
+#   -- Set to ON to propagate CMAKE_{C,CXX}_FLAGS and their configuration
+#      dependent counterparts (e.g. CMAKE_C_FLAGS_DEBUG) automatically to the
+#      host compiler through nvcc's -Xcompiler flag.  This helps make the
+#      generated host code match the rest of the system better.  Sometimes
+#      certain flags give nvcc problems, and this will help you turn the flag
+#      propagation off.  This does not affect the flags supplied directly to nvcc
+#      via CUDA_NVCC_FLAGS or through the OPTION flags specified through
+#      CUDA_ADD_LIBRARY, CUDA_ADD_EXECUTABLE, or CUDA_WRAP_SRCS.  Flags used for
+#      shared library compilation are not affected by this flag.
+#
+#   CUDA_SEPARABLE_COMPILATION (Default OFF)
+#   -- If set this will enable separable compilation for all CUDA runtime object
+#      files.  If used outside of CUDA_ADD_EXECUTABLE and CUDA_ADD_LIBRARY
+#      (e.g. calling CUDA_WRAP_SRCS directly),
+#      CUDA_COMPUTE_SEPARABLE_COMPILATION_OBJECT_FILE_NAME and
+#      CUDA_LINK_SEPARABLE_COMPILATION_OBJECTS should be called.
+#
+#   CUDA_VERBOSE_BUILD (Default OFF)
+#   -- Set to ON to see all the commands used when building the CUDA file.  When
+#      using a Makefile generator the value defaults to VERBOSE (run make
+#      VERBOSE=1 to see output), although setting CUDA_VERBOSE_BUILD to ON will
+#      always print the output.
+#
+# The script creates the following macros (in alphebetical order)::
+#
+#   CUDA_ADD_CUFFT_TO_TARGET( cuda_target )
+#   -- Adds the cufft library to the target (can be any target).  Handles whether
+#      you are in emulation mode or not.
+#
+#   CUDA_ADD_CUBLAS_TO_TARGET( cuda_target )
+#   -- Adds the cublas library to the target (can be any target).  Handles
+#      whether you are in emulation mode or not.
+#
+#   CUDA_ADD_EXECUTABLE( cuda_target file0 file1 ...
+#                        [WIN32] [MACOSX_BUNDLE] [EXCLUDE_FROM_ALL] [OPTIONS ...] )
+#   -- Creates an executable "cuda_target" which is made up of the files
+#      specified.  All of the non CUDA C files are compiled using the standard
+#      build rules specified by CMAKE and the cuda files are compiled to object
+#      files using nvcc and the host compiler.  In addition CUDA_INCLUDE_DIRS is
+#      added automatically to include_directories().  Some standard CMake target
+#      calls can be used on the target after calling this macro
+#      (e.g. set_target_properties and target_link_libraries), but setting
+#      properties that adjust compilation flags will not affect code compiled by
+#      nvcc.  Such flags should be modified before calling CUDA_ADD_EXECUTABLE,
+#      CUDA_ADD_LIBRARY or CUDA_WRAP_SRCS.
+#
+#   CUDA_ADD_LIBRARY( cuda_target file0 file1 ...
+#                     [STATIC | SHARED | MODULE] [EXCLUDE_FROM_ALL] [OPTIONS ...] )
+#   -- Same as CUDA_ADD_EXECUTABLE except that a library is created.
+#
+#   CUDA_BUILD_CLEAN_TARGET()
+#   -- Creates a convience target that deletes all the dependency files
+#      generated.  You should make clean after running this target to ensure the
+#      dependency files get regenerated.
+#
+#   CUDA_COMPILE( generated_files file0 file1 ... [STATIC | SHARED | MODULE]
+#                 [OPTIONS ...] )
+#   -- Returns a list of generated files from the input source files to be used
+#      with ADD_LIBRARY or ADD_EXECUTABLE.
+#
+#   CUDA_COMPILE_PTX( generated_files file0 file1 ... [OPTIONS ...] )
+#   -- Returns a list of PTX files generated from the input source files.
+#
+#   CUDA_COMPILE_FATBIN( generated_files file0 file1 ... [OPTIONS ...] )
+#   -- Returns a list of FATBIN files generated from the input source files.
+#
+#   CUDA_COMPILE_CUBIN( generated_files file0 file1 ... [OPTIONS ...] )
+#   -- Returns a list of CUBIN files generated from the input source files.
+#
+#   CUDA_COMPUTE_SEPARABLE_COMPILATION_OBJECT_FILE_NAME( output_file_var
+#                                                        cuda_target
+#                                                        object_files )
+#   -- Compute the name of the intermediate link file used for separable
+#      compilation.  This file name is typically passed into
+#      CUDA_LINK_SEPARABLE_COMPILATION_OBJECTS.  output_file_var is produced
+#      based on cuda_target the list of objects files that need separable
+#      compilation as specified by object_files.  If the object_files list is
+#      empty, then output_file_var will be empty.  This function is called
+#      automatically for CUDA_ADD_LIBRARY and CUDA_ADD_EXECUTABLE.  Note that
+#      this is a function and not a macro.
+#
+#   CUDA_INCLUDE_DIRECTORIES( path0 path1 ... )
+#   -- Sets the directories that should be passed to nvcc
+#      (e.g. nvcc -Ipath0 -Ipath1 ... ). These paths usually contain other .cu
+#      files.
+#
+#
+#
+#   CUDA_LINK_SEPARABLE_COMPILATION_OBJECTS( output_file_var cuda_target
+#                                            nvcc_flags object_files)
+#
+#   -- Generates the link object required by separable compilation from the given
+#      object files.  This is called automatically for CUDA_ADD_EXECUTABLE and
+#      CUDA_ADD_LIBRARY, but can be called manually when using CUDA_WRAP_SRCS
+#      directly.  When called from CUDA_ADD_LIBRARY or CUDA_ADD_EXECUTABLE the
+#      nvcc_flags passed in are the same as the flags passed in via the OPTIONS
+#      argument.  The only nvcc flag added automatically is the bitness flag as
+#      specified by CUDA_64_BIT_DEVICE_CODE.  Note that this is a function
+#      instead of a macro.
+#
+#   CUDA_WRAP_SRCS ( cuda_target format generated_files file0 file1 ...
+#                    [STATIC | SHARED | MODULE] [OPTIONS ...] )
+#   -- This is where all the magic happens.  CUDA_ADD_EXECUTABLE,
+#      CUDA_ADD_LIBRARY, CUDA_COMPILE, and CUDA_COMPILE_PTX all call this
+#      function under the hood.
+#
+#      Given the list of files (file0 file1 ... fileN) this macro generates
+#      custom commands that generate either PTX or linkable objects (use "PTX" or
+#      "OBJ" for the format argument to switch).  Files that don't end with .cu
+#      or have the HEADER_FILE_ONLY property are ignored.
+#
+#      The arguments passed in after OPTIONS are extra command line options to
+#      give to nvcc.  You can also specify per configuration options by
+#      specifying the name of the configuration followed by the options.  General
+#      options must preceed configuration specific options.  Not all
+#      configurations need to be specified, only the ones provided will be used.
+#
+#         OPTIONS -DFLAG=2 "-DFLAG_OTHER=space in flag"
+#         DEBUG -g
+#         RELEASE --use_fast_math
+#         RELWITHDEBINFO --use_fast_math;-g
+#         MINSIZEREL --use_fast_math
+#
+#      For certain configurations (namely VS generating object files with
+#      CUDA_ATTACH_VS_BUILD_RULE_TO_CUDA_FILE set to ON), no generated file will
+#      be produced for the given cuda file.  This is because when you add the
+#      cuda file to Visual Studio it knows that this file produces an object file
+#      and will link in the resulting object file automatically.
+#
+#      This script will also generate a separate cmake script that is used at
+#      build time to invoke nvcc.  This is for several reasons.
+#
+#        1. nvcc can return negative numbers as return values which confuses
+#        Visual Studio into thinking that the command succeeded.  The script now
+#        checks the error codes and produces errors when there was a problem.
+#
+#        2. nvcc has been known to not delete incomplete results when it
+#        encounters problems.  This confuses build systems into thinking the
+#        target was generated when in fact an unusable file exists.  The script
+#        now deletes the output files if there was an error.
+#
+#        3. By putting all the options that affect the build into a file and then
+#        make the build rule dependent on the file, the output files will be
+#        regenerated when the options change.
+#
+#      This script also looks at optional arguments STATIC, SHARED, or MODULE to
+#      determine when to target the object compilation for a shared library.
+#      BUILD_SHARED_LIBS is ignored in CUDA_WRAP_SRCS, but it is respected in
+#      CUDA_ADD_LIBRARY.  On some systems special flags are added for building
+#      objects intended for shared libraries.  A preprocessor macro,
+#      <target_name>_EXPORTS is defined when a shared library compilation is
+#      detected.
+#
+#      Flags passed into add_definitions with -D or /D are passed along to nvcc.
+#
+#
+#
+# The script defines the following variables::
+#
+#   CUDA_VERSION_MAJOR    -- The major version of cuda as reported by nvcc.
+#   CUDA_VERSION_MINOR    -- The minor version.
+#   CUDA_VERSION
+#   CUDA_VERSION_STRING   -- CUDA_VERSION_MAJOR.CUDA_VERSION_MINOR
+#
+#   CUDA_TOOLKIT_ROOT_DIR -- Path to the CUDA Toolkit (defined if not set).
+#   CUDA_SDK_ROOT_DIR     -- Path to the CUDA SDK.  Use this to find files in the
+#                            SDK.  This script will not directly support finding
+#                            specific libraries or headers, as that isn't
+#                            supported by NVIDIA.  If you want to change
+#                            libraries when the path changes see the
+#                            FindCUDA.cmake script for an example of how to clear
+#                            these variables.  There are also examples of how to
+#                            use the CUDA_SDK_ROOT_DIR to locate headers or
+#                            libraries, if you so choose (at your own risk).
+#   CUDA_INCLUDE_DIRS     -- Include directory for cuda headers.  Added automatically
+#                            for CUDA_ADD_EXECUTABLE and CUDA_ADD_LIBRARY.
+#   CUDA_LIBRARIES        -- Cuda RT library.
+#   CUDA_CUFFT_LIBRARIES  -- Device or emulation library for the Cuda FFT
+#                            implementation (alternative to:
+#                            CUDA_ADD_CUFFT_TO_TARGET macro)
+#   CUDA_CUBLAS_LIBRARIES -- Device or emulation library for the Cuda BLAS
+#                            implementation (alterative to:
+#                            CUDA_ADD_CUBLAS_TO_TARGET macro).
+#   CUDA_cupti_LIBRARY    -- CUDA Profiling Tools Interface library.
+#                            Only available for CUDA version 4.0+.
+#   CUDA_curand_LIBRARY   -- CUDA Random Number Generation library.
+#                            Only available for CUDA version 3.2+.
+#   CUDA_cusparse_LIBRARY -- CUDA Sparse Matrix library.
+#                            Only available for CUDA version 3.2+.
+#   CUDA_npp_LIBRARY      -- NVIDIA Performance Primitives lib.
+#                            Only available for CUDA version 4.0+.
+#   CUDA_nppc_LIBRARY     -- NVIDIA Performance Primitives lib (core).
+#                            Only available for CUDA version 5.5+.
+#   CUDA_nppi_LIBRARY     -- NVIDIA Performance Primitives lib (image processing).
+#                            Only available for CUDA version 5.5+.
+#   CUDA_npps_LIBRARY     -- NVIDIA Performance Primitives lib (signal processing).
+#                            Only available for CUDA version 5.5+.
+#   CUDA_nvcuvenc_LIBRARY -- CUDA Video Encoder library.
+#                            Only available for CUDA version 3.2+.
+#                            Windows only.
+#   CUDA_nvcuvid_LIBRARY  -- CUDA Video Decoder library.
+#                            Only available for CUDA version 3.2+.
+#                            Windows only.
+#
+
+#   James Bigler, NVIDIA Corp (nvidia.com - jbigler)
+#   Abe Stephens, SCI Institute -- http://www.sci.utah.edu/~abe/FindCuda.html
+#
+#   Copyright (c) 2008 - 2009 NVIDIA Corporation.  All rights reserved.
+#
+#   Copyright (c) 2007-2009
+#   Scientific Computing and Imaging Institute, University of Utah
+#
+#   This code is licensed under the MIT License.  See the FindCUDA.cmake script
+#   for the text of the license.
+
+# The MIT License
+#
+# License for the specific language governing rights and limitations under
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+#
+###############################################################################
+
+# FindCUDA.cmake
+
+# This macro helps us find the location of helper files we will need the full path to
+macro(CUDA_FIND_HELPER_FILE _name _extension)
+  set(_full_name "${_name}.${_extension}")
+  # CMAKE_CURRENT_LIST_FILE contains the full path to the file currently being
+  # processed.  Using this variable, we can pull out the current path, and
+  # provide a way to get access to the other files we need local to here.
+  get_filename_component(CMAKE_CURRENT_LIST_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH)
+  set(CUDA_${_name} "${CMAKE_CURRENT_LIST_DIR}/FindCUDA/${_full_name}")
+  if(NOT EXISTS "${CUDA_${_name}}")
+    set(error_message "${_full_name} not found in ${CMAKE_CURRENT_LIST_DIR}/FindCUDA")
+    if(CUDA_FIND_REQUIRED)
+      message(FATAL_ERROR "${error_message}")
+    else()
+      if(NOT CUDA_FIND_QUIETLY)
+        message(STATUS "${error_message}")
+      endif()
+    endif()
+  endif()
+  # Set this variable as internal, so the user isn't bugged with it.
+  set(CUDA_${_name} ${CUDA_${_name}} CACHE INTERNAL "Location of ${_full_name}" FORCE)
+endmacro()
+
+#####################################################################
+## CUDA_INCLUDE_NVCC_DEPENDENCIES
+##
+
+# So we want to try and include the dependency file if it exists.  If
+# it doesn't exist then we need to create an empty one, so we can
+# include it.
+
+# If it does exist, then we need to check to see if all the files it
+# depends on exist.  If they don't then we should clear the dependency
+# file and regenerate it later.  This covers the case where a header
+# file has disappeared or moved.
+
+macro(CUDA_INCLUDE_NVCC_DEPENDENCIES dependency_file)
+  set(CUDA_NVCC_DEPEND)
+  set(CUDA_NVCC_DEPEND_REGENERATE FALSE)
+
+
+  # Include the dependency file.  Create it first if it doesn't exist .  The
+  # INCLUDE puts a dependency that will force CMake to rerun and bring in the
+  # new info when it changes.  DO NOT REMOVE THIS (as I did and spent a few
+  # hours figuring out why it didn't work.
+  if(NOT EXISTS ${dependency_file})
+    file(WRITE ${dependency_file} "#FindCUDA.cmake generated file.  Do not edit.\n")
+  endif()
+  # Always include this file to force CMake to run again next
+  # invocation and rebuild the dependencies.
+  #message("including dependency_file = ${dependency_file}")
+  include(${dependency_file})
+
+  # Now we need to verify the existence of all the included files
+  # here.  If they aren't there we need to just blank this variable and
+  # make the file regenerate again.
+#   if(DEFINED CUDA_NVCC_DEPEND)
+#     message("CUDA_NVCC_DEPEND set")
+#   else()
+#     message("CUDA_NVCC_DEPEND NOT set")
+#   endif()
+  if(CUDA_NVCC_DEPEND)
+    #message("CUDA_NVCC_DEPEND found")
+    foreach(f ${CUDA_NVCC_DEPEND})
+      # message("searching for ${f}")
+      if(NOT EXISTS ${f})
+        #message("file ${f} not found")
+        set(CUDA_NVCC_DEPEND_REGENERATE TRUE)
+      endif()
+    endforeach()
+  else()
+    #message("CUDA_NVCC_DEPEND false")
+    # No dependencies, so regenerate the file.
+    set(CUDA_NVCC_DEPEND_REGENERATE TRUE)
+  endif()
+
+  #message("CUDA_NVCC_DEPEND_REGENERATE = ${CUDA_NVCC_DEPEND_REGENERATE}")
+  # No incoming dependencies, so we need to generate them.  Make the
+  # output depend on the dependency file itself, which should cause the
+  # rule to re-run.
+  if(CUDA_NVCC_DEPEND_REGENERATE)
+    set(CUDA_NVCC_DEPEND ${dependency_file})
+    #message("Generating an empty dependency_file: ${dependency_file}")
+    file(WRITE ${dependency_file} "#FindCUDA.cmake generated file.  Do not edit.\n")
+  endif()
+
+endmacro()
+
+###############################################################################
+###############################################################################
+# Setup variables' defaults
+###############################################################################
+###############################################################################
+
+# Allow the user to specify if the device code is supposed to be 32 or 64 bit.
+if(CMAKE_SIZEOF_VOID_P EQUAL 8)
+  set(CUDA_64_BIT_DEVICE_CODE_DEFAULT ON)
+else()
+  set(CUDA_64_BIT_DEVICE_CODE_DEFAULT OFF)
+endif()
+option(CUDA_64_BIT_DEVICE_CODE "Compile device code in 64 bit mode" ${CUDA_64_BIT_DEVICE_CODE_DEFAULT})
+
+# Attach the build rule to the source file in VS.  This option
+option(CUDA_ATTACH_VS_BUILD_RULE_TO_CUDA_FILE "Attach the build rule to the CUDA source file.  Enable only when the CUDA source file is added to at most one target." ON)
+
+# Prints out extra information about the cuda file during compilation
+option(CUDA_BUILD_CUBIN "Generate and parse .cubin files in Device mode." OFF)
+
+# Set whether we are using emulation or device mode.
+option(CUDA_BUILD_EMULATION "Build in Emulation mode" OFF)
+
+# Where to put the generated output.
+set(CUDA_GENERATED_OUTPUT_DIR "" CACHE PATH "Directory to put all the output files.  If blank it will default to the CMAKE_CURRENT_BINARY_DIR")
+
+# Parse HOST_COMPILATION mode.
+option(CUDA_HOST_COMPILATION_CPP "Generated file extension" ON)
+
+# Extra user settable flags
+set(CUDA_NVCC_FLAGS "" CACHE STRING "Semi-colon delimit multiple arguments.")
+
+if(CMAKE_GENERATOR MATCHES "Visual Studio")
+  set(CUDA_HOST_COMPILER "$(VCInstallDir)bin" CACHE FILEPATH "Host side compiler used by NVCC")
+else()
+  # Using cc which is symlink to clang may let NVCC think it is GCC and issue
+  # unhandled -dumpspecs option to clang. Also in case neither
+  # CMAKE_C_COMPILER is defined (project does not use C language) nor
+  # CUDA_HOST_COMPILER is specified manually we should skip -ccbin and let
+  # nvcc use its own default C compiler.
+  if(DEFINED CMAKE_C_COMPILER AND NOT DEFINED CUDA_HOST_COMPILER)
+    get_filename_component(c_compiler_realpath "${CMAKE_C_COMPILER}" REALPATH)
+  else()
+    set(c_compiler_realpath "")
+  endif()
+  set(CUDA_HOST_COMPILER "${c_compiler_realpath}" CACHE FILEPATH "Host side compiler used by NVCC")
+endif()
+
+# Propagate the host flags to the host compiler via -Xcompiler
+option(CUDA_PROPAGATE_HOST_FLAGS "Propage C/CXX_FLAGS and friends to the host compiler via -Xcompile" ON)
+
+# Enable CUDA_SEPARABLE_COMPILATION
+option(CUDA_SEPARABLE_COMPILATION "Compile CUDA objects with separable compilation enabled.  Requires CUDA 5.0+" OFF)
+
+# Specifies whether the commands used when compiling the .cu file will be printed out.
+option(CUDA_VERBOSE_BUILD "Print out the commands run while compiling the CUDA source file.  With the Makefile generator this defaults to VERBOSE variable specified on the command line, but can be forced on with this option." OFF)
+
+mark_as_advanced(
+  CUDA_64_BIT_DEVICE_CODE
+  CUDA_ATTACH_VS_BUILD_RULE_TO_CUDA_FILE
+  CUDA_GENERATED_OUTPUT_DIR
+  CUDA_HOST_COMPILATION_CPP
+  CUDA_NVCC_FLAGS
+  CUDA_PROPAGATE_HOST_FLAGS
+  )
+
+# Makefile and similar generators don't define CMAKE_CONFIGURATION_TYPES, so we
+# need to add another entry for the CMAKE_BUILD_TYPE.  We also need to add the
+# standerd set of 4 build types (Debug, MinSizeRel, Release, and RelWithDebInfo)
+# for completeness.  We need run this loop in order to accomodate the addition
+# of extra configuration types.  Duplicate entries will be removed by
+# REMOVE_DUPLICATES.
+set(CUDA_configuration_types ${CMAKE_CONFIGURATION_TYPES} ${CMAKE_BUILD_TYPE} Debug MinSizeRel Release RelWithDebInfo)
+list(REMOVE_DUPLICATES CUDA_configuration_types)
+foreach(config ${CUDA_configuration_types})
+    string(TOUPPER ${config} config_upper)
+    set(CUDA_NVCC_FLAGS_${config_upper} "" CACHE STRING "Semi-colon delimit multiple arguments.")
+    mark_as_advanced(CUDA_NVCC_FLAGS_${config_upper})
+endforeach()
+
+###############################################################################
+###############################################################################
+# Locate CUDA, Set Build Type, etc.
+###############################################################################
+###############################################################################
+
+macro(cuda_unset_include_and_libraries)
+  unset(CUDA_TOOLKIT_INCLUDE CACHE)
+  unset(CUDA_CUDART_LIBRARY CACHE)
+  unset(CUDA_CUDA_LIBRARY CACHE)
+  # Make sure you run this before you unset CUDA_VERSION.
+  if(CUDA_VERSION VERSION_EQUAL "3.0")
+    # This only existed in the 3.0 version of the CUDA toolkit
+    unset(CUDA_CUDARTEMU_LIBRARY CACHE)
+  endif()
+  unset(CUDA_cupti_LIBRARY CACHE)
+  unset(CUDA_cublas_LIBRARY CACHE)
+  unset(CUDA_cublasemu_LIBRARY CACHE)
+  unset(CUDA_cufft_LIBRARY CACHE)
+  unset(CUDA_cufftemu_LIBRARY CACHE)
+  unset(CUDA_curand_LIBRARY CACHE)
+  unset(CUDA_cusparse_LIBRARY CACHE)
+  unset(CUDA_npp_LIBRARY CACHE)
+  unset(CUDA_nppc_LIBRARY CACHE)
+  unset(CUDA_nppi_LIBRARY CACHE)
+  unset(CUDA_npps_LIBRARY CACHE)
+  unset(CUDA_nvcuvenc_LIBRARY CACHE)
+  unset(CUDA_nvcuvid_LIBRARY CACHE)
+endmacro()
+
+# Check to see if the CUDA_TOOLKIT_ROOT_DIR and CUDA_SDK_ROOT_DIR have changed,
+# if they have then clear the cache variables, so that will be detected again.
+if(DEFINED CUDA_TOOLKIT_ROOT_DIR_INTERNAL AND (NOT "${CUDA_TOOLKIT_ROOT_DIR}" STREQUAL "${CUDA_TOOLKIT_ROOT_DIR_INTERNAL}"))
+  unset(CUDA_TARGET_TRIPLET CACHE)
+  unset(CUDA_TOOLKIT_TARGET_DIR CACHE)
+  unset(CUDA_NVCC_EXECUTABLE CACHE)
+  unset(CUDA_VERSION CACHE)
+  cuda_unset_include_and_libraries()
+endif()
+
+if(DEFINED CUDA_TARGET_TRIPLET_INTERNAL AND (NOT "${CUDA_TARGET_TRIPLET}" STREQUAL "${CUDA_TARGET_TRIPLET_INTERNAL}") OR
+   (DEFINED CUDA_TOOLKIT_TARGET_DIR  AND DEFINED CUDA_TOOLKIT_TARGET_DIR_INTERNAL AND NOT "${CUDA_TOOLKIT_TARGET_DIR}" STREQUAL "${CUDA_TOOLKIT_TARGET_DIR_INTERNAL}"))
+  cuda_unset_include_and_libraries()
+endif()
+
+if(NOT "${CUDA_SDK_ROOT_DIR}" STREQUAL "${CUDA_SDK_ROOT_DIR_INTERNAL}")
+  # No specific variables to catch.  Use this kind of code before calling
+  # find_package(CUDA) to clean up any variables that may depend on this path.
+
+  #   unset(MY_SPECIAL_CUDA_SDK_INCLUDE_DIR CACHE)
+  #   unset(MY_SPECIAL_CUDA_SDK_LIBRARY CACHE)
+endif()
+
+# Search for the cuda distribution.
+if(NOT CUDA_TOOLKIT_ROOT_DIR)
+
+  # Search in the CUDA_BIN_PATH first.
+  find_path(CUDA_TOOLKIT_ROOT_DIR
+    NAMES nvcc nvcc.exe
+    PATHS
+      ENV CUDA_PATH
+      ENV CUDA_BIN_PATH
+    PATH_SUFFIXES bin bin64
+    DOC "Toolkit location."
+    NO_DEFAULT_PATH
+    )
+  # Now search default paths
+  find_path(CUDA_TOOLKIT_ROOT_DIR
+    NAMES nvcc nvcc.exe
+    PATHS /usr/local/bin
+          /usr/local/cuda/bin
+    DOC "Toolkit location."
+    )
+
+  if (CUDA_TOOLKIT_ROOT_DIR)
+    string(REGEX REPLACE "[/\\\\]?bin[64]*[/\\\\]?$" "" CUDA_TOOLKIT_ROOT_DIR ${CUDA_TOOLKIT_ROOT_DIR})
+    # We need to force this back into the cache.
+    set(CUDA_TOOLKIT_ROOT_DIR ${CUDA_TOOLKIT_ROOT_DIR} CACHE PATH "Toolkit location." FORCE)
+  endif()
+  if (NOT EXISTS ${CUDA_TOOLKIT_ROOT_DIR})
+    if(CUDA_FIND_REQUIRED)
+      message(FATAL_ERROR "Specify CUDA_TOOLKIT_ROOT_DIR")
+    elseif(NOT CUDA_FIND_QUIETLY)
+      message("CUDA_TOOLKIT_ROOT_DIR not found or specified")
+    endif()
+  endif ()
+endif ()
+
+# CUDA_NVCC_EXECUTABLE
+find_program(CUDA_NVCC_EXECUTABLE
+  NAMES nvcc
+  PATHS "${CUDA_TOOLKIT_ROOT_DIR}"
+  ENV CUDA_PATH
+  ENV CUDA_BIN_PATH
+  PATH_SUFFIXES bin bin64
+  NO_DEFAULT_PATH
+  )
+# Search default search paths, after we search our own set of paths.
+find_program(CUDA_NVCC_EXECUTABLE nvcc)
+mark_as_advanced(CUDA_NVCC_EXECUTABLE)
+
+if(CUDA_NVCC_EXECUTABLE AND NOT CUDA_VERSION)
+  # Compute the version.
+  execute_process (COMMAND ${CUDA_NVCC_EXECUTABLE} "--version" OUTPUT_VARIABLE NVCC_OUT)
+  string(REGEX REPLACE ".*release ([0-9]+)\\.([0-9]+).*" "\\1" CUDA_VERSION_MAJOR ${NVCC_OUT})
+  string(REGEX REPLACE ".*release ([0-9]+)\\.([0-9]+).*" "\\2" CUDA_VERSION_MINOR ${NVCC_OUT})
+  set(CUDA_VERSION "${CUDA_VERSION_MAJOR}.${CUDA_VERSION_MINOR}" CACHE STRING "Version of CUDA as computed from nvcc.")
+  mark_as_advanced(CUDA_VERSION)
+else()
+  # Need to set these based off of the cached value
+  string(REGEX REPLACE "([0-9]+)\\.([0-9]+).*" "\\1" CUDA_VERSION_MAJOR "${CUDA_VERSION}")
+  string(REGEX REPLACE "([0-9]+)\\.([0-9]+).*" "\\2" CUDA_VERSION_MINOR "${CUDA_VERSION}")
+endif()
+
+# Always set this convenience variable
+set(CUDA_VERSION_STRING "${CUDA_VERSION}")
+
+# Target CPU architecture
+if(DEFINED CUDA_TARGET_CPU_ARCH)
+  set(_cuda_target_cpu_arch_initial "${CUDA_TARGET_CPU_ARCH}")
+elseif(CUDA_VERSION VERSION_GREATER "5.0" AND CMAKE_CROSSCOMPILING AND CMAKE_SYSTEM_PROCESSOR MATCHES "^(arm|ARM)")
+  set(_cuda_target_cpu_arch_initial "ARM")
+elseif(CUDA_VERSION VERSION_GREATER "6.5" AND CMAKE_CROSSCOMPILING AND CMAKE_SYSTEM_PROCESSOR MATCHES "^(aarch64|AARCH64)")
+  set(_cuda_target_cpu_arch_initial "AARCH64")
+else()
+  set(_cuda_target_cpu_arch_initial "")
+endif()
+set(CUDA_TARGET_CPU_ARCH "${_cuda_target_cpu_arch_initial}" CACHE STRING "Specify the name of the class of CPU architecture for which the input files must be compiled.")
+mark_as_advanced(CUDA_TARGET_CPU_ARCH)
+
+# Target OS variant
+if(DEFINED CUDA_TARGET_OS_VARIANT)
+  set(_cuda_target_os_variant_initial "${CUDA_TARGET_OS_VARIANT}")
+else()
+  set(_cuda_target_os_variant_initial "")
+endif()
+set(CUDA_TARGET_OS_VARIANT "${_cuda_target_os_variant_initial}" CACHE STRING "Specify the name of the class of OS for which the input files must be compiled.")
+mark_as_advanced(CUDA_TARGET_OS_VARIANT)
+
+# Target triplet
+if(DEFINED CUDA_TARGET_TRIPLET)
+  set(_cuda_target_triplet_initial "${CUDA_TARGET_TRIPLET}")
+elseif(CUDA_VERSION VERSION_GREATER "5.0" AND CMAKE_CROSSCOMPILING AND "${CUDA_TARGET_CPU_ARCH}" STREQUAL "ARM")
+  if("${CUDA_TARGET_OS_VARIANT}" STREQUAL "Android" AND EXISTS "${CUDA_TOOLKIT_ROOT_DIR}/targets/armv7-linux-androideabi")
+    set(_cuda_target_triplet_initial "armv7-linux-androideabi")
+  elseif(EXISTS "${CUDA_TOOLKIT_ROOT_DIR}/targets/armv7-linux-gnueabihf")
+    set(_cuda_target_triplet_initial "armv7-linux-gnueabihf")
+  endif()
+elseif(CUDA_VERSION VERSION_GREATER "6.5" AND CMAKE_CROSSCOMPILING AND "${CUDA_TARGET_CPU_ARCH}" STREQUAL "AARCH64")
+  if("${CUDA_TARGET_OS_VARIANT}" STREQUAL "Android" AND EXISTS "${CUDA_TOOLKIT_ROOT_DIR}/targets/aarch64-linux-androideabi")
+    set(_cuda_target_triplet_initial "aarch64-linux-androideabi")
+  elseif(EXISTS "${CUDA_TOOLKIT_ROOT_DIR}/targets/aarch64-linux-gnueabihf")
+    set(_cuda_target_triplet_initial "aarch64-linux-gnueabihf")
+  endif()
+endif()
+set(CUDA_TARGET_TRIPLET "${_cuda_target_triplet_initial}" CACHE STRING "Specify the target triplet for which the input files must be compiled.")
+file(GLOB __cuda_available_target_tiplets RELATIVE "${CUDA_TOOLKIT_ROOT_DIR}/targets" "${CUDA_TOOLKIT_ROOT_DIR}/targets/*" )
+set_property(CACHE CUDA_TARGET_TRIPLET PROPERTY STRINGS ${__cuda_available_target_tiplets})
+mark_as_advanced(CUDA_TARGET_TRIPLET)
+
+# Target directory
+if(NOT DEFINED CUDA_TOOLKIT_TARGET_DIR AND CUDA_TARGET_TRIPLET AND EXISTS "${CUDA_TOOLKIT_ROOT_DIR}/targets/${CUDA_TARGET_TRIPLET}")
+  set(CUDA_TOOLKIT_TARGET_DIR "${CUDA_TOOLKIT_ROOT_DIR}/targets/${CUDA_TARGET_TRIPLET}")
+endif()
+
+# CUDA_TOOLKIT_INCLUDE
+find_path(CUDA_TOOLKIT_INCLUDE
+  device_functions.h # Header included in toolkit
+  PATHS "${CUDA_TOOLKIT_TARGET_DIR}" "${CUDA_TOOLKIT_ROOT_DIR}"
+  ENV CUDA_PATH
+  ENV CUDA_INC_PATH
+  PATH_SUFFIXES include
+  NO_DEFAULT_PATH
+  )
+# Search default search paths, after we search our own set of paths.
+find_path(CUDA_TOOLKIT_INCLUDE device_functions.h)
+mark_as_advanced(CUDA_TOOLKIT_INCLUDE)
+
+# Set the user list of include dir to nothing to initialize it.
+set (CUDA_NVCC_INCLUDE_ARGS_USER "")
+set (CUDA_INCLUDE_DIRS ${CUDA_TOOLKIT_INCLUDE})
+
+macro(cuda_find_library_local_first_with_path_ext _var _names _doc _path_ext )
+  if(CMAKE_SIZEOF_VOID_P EQUAL 8)
+    # CUDA 3.2+ on Windows moved the library directories, so we need the new
+    # and old paths.
+    set(_cuda_64bit_lib_dir "${_path_ext}lib/x64" "${_path_ext}lib64" "${_path_ext}libx64" )
+  endif()
+  if(CUDA_VERSION VERSION_GREATER "6.0")
+    set(_cuda_static_lib_names "")
+    foreach(name ${_names})
+      list(APPEND _cuda_static_lib_names "${name}_static")
+    endforeach()
+  endif()
+  # CUDA 3.2+ on Windows moved the library directories, so we need to new
+  # (lib/Win32) and the old path (lib).
+  find_library(${_var}
+    NAMES ${_names} ${_cuda_static_lib_names}
+    PATHS "${CUDA_TOOLKIT_TARGET_DIR}" "${CUDA_TOOLKIT_ROOT_DIR}"
+    ENV CUDA_PATH
+    ENV CUDA_LIB_PATH
+    PATH_SUFFIXES ${_cuda_64bit_lib_dir} "${_path_ext}lib/Win32" "${_path_ext}lib" "${_path_ext}libWin32"
+    DOC ${_doc}
+    NO_DEFAULT_PATH
+    )
+  # Search default search paths, after we search our own set of paths.
+  find_library(${_var}
+    NAMES ${_names} ${_cuda_static_lib_names}
+    PATHS "/usr/lib/nvidia-current"
+    DOC ${_doc}
+    )
+endmacro()
+
+macro(cuda_find_library_local_first _var _names _doc)
+  cuda_find_library_local_first_with_path_ext( "${_var}" "${_names}" "${_doc}" "" )
+endmacro()
+
+macro(find_library_local_first _var _names _doc )
+  cuda_find_library_local_first( "${_var}" "${_names}" "${_doc}" "" )
+endmacro()
+
+
+# CUDA_LIBRARIES
+cuda_find_library_local_first(CUDA_CUDART_LIBRARY cudart "\"cudart\" library")
+if(CUDA_VERSION VERSION_EQUAL "3.0")
+  # The cudartemu library only existed for the 3.0 version of CUDA.
+  cuda_find_library_local_first(CUDA_CUDARTEMU_LIBRARY cudartemu "\"cudartemu\" library")
+  mark_as_advanced(
+    CUDA_CUDARTEMU_LIBRARY
+    )
+endif()
+
+# CUPTI library showed up in cuda toolkit 4.0
+if(NOT CUDA_VERSION VERSION_LESS "4.0")
+  cuda_find_library_local_first_with_path_ext(CUDA_cupti_LIBRARY cupti "\"cupti\" library" "extras/CUPTI/")
+  mark_as_advanced(CUDA_cupti_LIBRARY)
+endif()
+
+# If we are using emulation mode and we found the cudartemu library then use
+# that one instead of cudart.
+if(CUDA_BUILD_EMULATION AND CUDA_CUDARTEMU_LIBRARY)
+  set(CUDA_LIBRARIES ${CUDA_CUDARTEMU_LIBRARY})
+else()
+  set(CUDA_LIBRARIES ${CUDA_CUDART_LIBRARY})
+endif()
+
+# 1.1 toolkit on linux doesn't appear to have a separate library on
+# some platforms.
+cuda_find_library_local_first(CUDA_CUDA_LIBRARY cuda "\"cuda\" library (older versions only).")
+
+mark_as_advanced(
+  CUDA_CUDA_LIBRARY
+  CUDA_CUDART_LIBRARY
+  )
+
+#######################
+# Look for some of the toolkit helper libraries
+macro(FIND_CUDA_HELPER_LIBS _name)
+  cuda_find_library_local_first(CUDA_${_name}_LIBRARY ${_name} "\"${_name}\" library")
+  mark_as_advanced(CUDA_${_name}_LIBRARY)
+endmacro()
+
+#######################
+# Disable emulation for v3.1 onward
+if(CUDA_VERSION VERSION_GREATER "3.0")
+  if(CUDA_BUILD_EMULATION)
+    message(FATAL_ERROR "CUDA_BUILD_EMULATION is not supported in version 3.1 and onwards.  You must disable it to proceed.  You have version ${CUDA_VERSION}.")
+  endif()
+endif()
+
+# Search for additional CUDA toolkit libraries.
+if(CUDA_VERSION VERSION_LESS "3.1")
+  # Emulation libraries aren't available in version 3.1 onward.
+  find_cuda_helper_libs(cufftemu)
+  find_cuda_helper_libs(cublasemu)
+endif()
+find_cuda_helper_libs(cufft)
+find_cuda_helper_libs(cublas)
+if(NOT CUDA_VERSION VERSION_LESS "3.2")
+  # cusparse showed up in version 3.2
+  find_cuda_helper_libs(cusparse)
+  find_cuda_helper_libs(curand)
+  if (WIN32)
+    find_cuda_helper_libs(nvcuvenc)
+    find_cuda_helper_libs(nvcuvid)
+  endif()
+endif()
+if(CUDA_VERSION VERSION_GREATER "5.0")
+  # In CUDA 5.5 NPP was splitted onto 3 separate libraries.
+  find_cuda_helper_libs(nppc)
+  find_cuda_helper_libs(nppi)
+  find_cuda_helper_libs(npps)
+  set(CUDA_npp_LIBRARY "${CUDA_nppc_LIBRARY};${CUDA_nppi_LIBRARY};${CUDA_npps_LIBRARY}")
+elseif(NOT CUDA_VERSION VERSION_LESS "4.0")
+  find_cuda_helper_libs(npp)
+endif()
+
+if (CUDA_BUILD_EMULATION)
+  set(CUDA_CUFFT_LIBRARIES ${CUDA_cufftemu_LIBRARY})
+  set(CUDA_CUBLAS_LIBRARIES ${CUDA_cublasemu_LIBRARY})
+else()
+  set(CUDA_CUFFT_LIBRARIES ${CUDA_cufft_LIBRARY})
+  set(CUDA_CUBLAS_LIBRARIES ${CUDA_cublas_LIBRARY})
+endif()
+
+########################
+# Look for the SDK stuff.  As of CUDA 3.0 NVSDKCUDA_ROOT has been replaced with
+# NVSDKCOMPUTE_ROOT with the old CUDA C contents moved into the C subdirectory
+find_path(CUDA_SDK_ROOT_DIR common/inc/cutil.h
+ HINTS
+  "$ENV{NVSDKCOMPUTE_ROOT}/C"
+  ENV NVSDKCUDA_ROOT
+  "[HKEY_LOCAL_MACHINE\\SOFTWARE\\NVIDIA Corporation\\Installed Products\\NVIDIA SDK 10\\Compute;InstallDir]"
+ PATHS
+  "/Developer/GPU\ Computing/C"
+  )
+
+# Keep the CUDA_SDK_ROOT_DIR first in order to be able to override the
+# environment variables.
+set(CUDA_SDK_SEARCH_PATH
+  "${CUDA_SDK_ROOT_DIR}"
+  "${CUDA_TOOLKIT_ROOT_DIR}/local/NVSDK0.2"
+  "${CUDA_TOOLKIT_ROOT_DIR}/NVSDK0.2"
+  "${CUDA_TOOLKIT_ROOT_DIR}/NV_CUDA_SDK"
+  "$ENV{HOME}/NVIDIA_CUDA_SDK"
+  "$ENV{HOME}/NVIDIA_CUDA_SDK_MACOSX"
+  "/Developer/CUDA"
+  )
+
+# Example of how to find an include file from the CUDA_SDK_ROOT_DIR
+
+# find_path(CUDA_CUT_INCLUDE_DIR
+#   cutil.h
+#   PATHS ${CUDA_SDK_SEARCH_PATH}
+#   PATH_SUFFIXES "common/inc"
+#   DOC "Location of cutil.h"
+#   NO_DEFAULT_PATH
+#   )
+# # Now search system paths
+# find_path(CUDA_CUT_INCLUDE_DIR cutil.h DOC "Location of cutil.h")
+
+# mark_as_advanced(CUDA_CUT_INCLUDE_DIR)
+
+
+# Example of how to find a library in the CUDA_SDK_ROOT_DIR
+
+# # cutil library is called cutil64 for 64 bit builds on windows.  We don't want
+# # to get these confused, so we are setting the name based on the word size of
+# # the build.
+
+# if(CMAKE_SIZEOF_VOID_P EQUAL 8)
+#   set(cuda_cutil_name cutil64)
+# else()
+#   set(cuda_cutil_name cutil32)
+# endif()
+
+# find_library(CUDA_CUT_LIBRARY
+#   NAMES cutil ${cuda_cutil_name}
+#   PATHS ${CUDA_SDK_SEARCH_PATH}
+#   # The new version of the sdk shows up in common/lib, but the old one is in lib
+#   PATH_SUFFIXES "common/lib" "lib"
+#   DOC "Location of cutil library"
+#   NO_DEFAULT_PATH
+#   )
+# # Now search system paths
+# find_library(CUDA_CUT_LIBRARY NAMES cutil ${cuda_cutil_name} DOC "Location of cutil library")
+# mark_as_advanced(CUDA_CUT_LIBRARY)
+# set(CUDA_CUT_LIBRARIES ${CUDA_CUT_LIBRARY})
+
+
+
+#############################
+# Check for required components
+set(CUDA_FOUND TRUE)
+
+set(CUDA_TOOLKIT_ROOT_DIR_INTERNAL "${CUDA_TOOLKIT_ROOT_DIR}" CACHE INTERNAL
+  "This is the value of the last time CUDA_TOOLKIT_ROOT_DIR was set successfully." FORCE)
+set(CUDA_TARGET_TRIPLET_INTERNAL "${CUDA_TARGET_TRIPLET}" CACHE INTERNAL
+  "This is the value of the last time CUDA_TARGET_TRIPLET was set successfully." FORCE)
+set(CUDA_TOOLKIT_TARGET_DIR_INTERNAL "${CUDA_TOOLKIT_TARGET_DIR}" CACHE INTERNAL
+  "This is the value of the last time CUDA_TOOLKIT_TARGET_DIR was set successfully." FORCE)
+set(CUDA_SDK_ROOT_DIR_INTERNAL "${CUDA_SDK_ROOT_DIR}" CACHE INTERNAL
+  "This is the value of the last time CUDA_SDK_ROOT_DIR was set successfully." FORCE)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(CUDA
+  REQUIRED_VARS
+    CUDA_TOOLKIT_ROOT_DIR
+    CUDA_NVCC_EXECUTABLE
+    CUDA_INCLUDE_DIRS
+    CUDA_CUDART_LIBRARY
+  VERSION_VAR
+    CUDA_VERSION
+  )
+
+
+
+###############################################################################
+###############################################################################
+# Macros
+###############################################################################
+###############################################################################
+
+###############################################################################
+# Add include directories to pass to the nvcc command.
+macro(CUDA_INCLUDE_DIRECTORIES)
+  foreach(dir ${ARGN})
+    list(APPEND CUDA_NVCC_INCLUDE_ARGS_USER -I${dir})
+  endforeach()
+endmacro()
+
+
+##############################################################################
+cuda_find_helper_file(parse_cubin cmake)
+cuda_find_helper_file(make2cmake cmake)
+cuda_find_helper_file(run_nvcc cmake)
+
+##############################################################################
+# Separate the OPTIONS out from the sources
+#
+macro(CUDA_GET_SOURCES_AND_OPTIONS _sources _cmake_options _options)
+  set( ${_sources} )
+  set( ${_cmake_options} )
+  set( ${_options} )
+  set( _found_options FALSE )
+  foreach(arg ${ARGN})
+    if("x${arg}" STREQUAL "xOPTIONS")
+      set( _found_options TRUE )
+    elseif(
+        "x${arg}" STREQUAL "xWIN32" OR
+        "x${arg}" STREQUAL "xMACOSX_BUNDLE" OR
+        "x${arg}" STREQUAL "xEXCLUDE_FROM_ALL" OR
+        "x${arg}" STREQUAL "xSTATIC" OR
+        "x${arg}" STREQUAL "xSHARED" OR
+        "x${arg}" STREQUAL "xMODULE"
+        )
+      list(APPEND ${_cmake_options} ${arg})
+    else()
+      if ( _found_options )
+        list(APPEND ${_options} ${arg})
+      else()
+        # Assume this is a file
+        list(APPEND ${_sources} ${arg})
+      endif()
+    endif()
+  endforeach()
+endmacro()
+
+##############################################################################
+# Parse the OPTIONS from ARGN and set the variables prefixed by _option_prefix
+#
+macro(CUDA_PARSE_NVCC_OPTIONS _option_prefix)
+  set( _found_config )
+  foreach(arg ${ARGN})
+    # Determine if we are dealing with a perconfiguration flag
+    foreach(config ${CUDA_configuration_types})
+      string(TOUPPER ${config} config_upper)
+      if (arg STREQUAL "${config_upper}")
+        set( _found_config _${arg})
+        # Set arg to nothing to keep it from being processed further
+        set( arg )
+      endif()
+    endforeach()
+
+    if ( arg )
+      list(APPEND ${_option_prefix}${_found_config} "${arg}")
+    endif()
+  endforeach()
+endmacro()
+
+##############################################################################
+# Helper to add the include directory for CUDA only once
+function(CUDA_ADD_CUDA_INCLUDE_ONCE)
+  get_directory_property(_include_directories INCLUDE_DIRECTORIES)
+  set(_add TRUE)
+  if(_include_directories)
+    foreach(dir ${_include_directories})
+      if("${dir}" STREQUAL "${CUDA_INCLUDE_DIRS}")
+        set(_add FALSE)
+      endif()
+    endforeach()
+  endif()
+  if(_add)
+    include_directories(${CUDA_INCLUDE_DIRS})
+  endif()
+endfunction()
+
+function(CUDA_BUILD_SHARED_LIBRARY shared_flag)
+  set(cmake_args ${ARGN})
+  # If SHARED, MODULE, or STATIC aren't already in the list of arguments, then
+  # add SHARED or STATIC based on the value of BUILD_SHARED_LIBS.
+  list(FIND cmake_args SHARED _cuda_found_SHARED)
+  list(FIND cmake_args MODULE _cuda_found_MODULE)
+  list(FIND cmake_args STATIC _cuda_found_STATIC)
+  if( _cuda_found_SHARED GREATER -1 OR
+      _cuda_found_MODULE GREATER -1 OR
+      _cuda_found_STATIC GREATER -1)
+    set(_cuda_build_shared_libs)
+  else()
+    if (BUILD_SHARED_LIBS)
+      set(_cuda_build_shared_libs SHARED)
+    else()
+      set(_cuda_build_shared_libs STATIC)
+    endif()
+  endif()
+  set(${shared_flag} ${_cuda_build_shared_libs} PARENT_SCOPE)
+endfunction()
+
+##############################################################################
+# Helper to avoid clashes of files with the same basename but different paths.
+# This doesn't attempt to do exactly what CMake internals do, which is to only
+# add this path when there is a conflict, since by the time a second collision
+# in names is detected it's already too late to fix the first one.  For
+# consistency sake the relative path will be added to all files.
+function(CUDA_COMPUTE_BUILD_PATH path build_path)
+  #message("CUDA_COMPUTE_BUILD_PATH([${path}] ${build_path})")
+  # Only deal with CMake style paths from here on out
+  file(TO_CMAKE_PATH "${path}" bpath)
+  if (IS_ABSOLUTE "${bpath}")
+    # Absolute paths are generally unnessary, especially if something like
+    # file(GLOB_RECURSE) is used to pick up the files.
+
+    string(FIND "${bpath}" "${CMAKE_CURRENT_BINARY_DIR}" _binary_dir_pos)
+    if (_binary_dir_pos EQUAL 0)
+      file(RELATIVE_PATH bpath "${CMAKE_CURRENT_BINARY_DIR}" "${bpath}")
+    else()
+      file(RELATIVE_PATH bpath "${CMAKE_CURRENT_SOURCE_DIR}" "${bpath}")
+    endif()
+  endif()
+
+  # This recipe is from cmLocalGenerator::CreateSafeUniqueObjectFileName in the
+  # CMake source.
+
+  # Remove leading /
+  string(REGEX REPLACE "^[/]+" "" bpath "${bpath}")
+  # Avoid absolute paths by removing ':'
+  string(REPLACE ":" "_" bpath "${bpath}")
+  # Avoid relative paths that go up the tree
+  string(REPLACE "../" "__/" bpath "${bpath}")
+  # Avoid spaces
+  string(REPLACE " " "_" bpath "${bpath}")
+
+  # Strip off the filename.  I wait until here to do it, since removin the
+  # basename can make a path that looked like path/../basename turn into
+  # path/.. (notice the trailing slash).
+  get_filename_component(bpath "${bpath}" PATH)
+
+  set(${build_path} "${bpath}" PARENT_SCOPE)
+  #message("${build_path} = ${bpath}")
+endfunction()
+
+##############################################################################
+# This helper macro populates the following variables and setups up custom
+# commands and targets to invoke the nvcc compiler to generate C or PTX source
+# dependent upon the format parameter.  The compiler is invoked once with -M
+# to generate a dependency file and a second time with -cuda or -ptx to generate
+# a .cpp or .ptx file.
+# INPUT:
+#   cuda_target         - Target name
+#   format              - PTX, CUBIN, FATBIN or OBJ
+#   FILE1 .. FILEN      - The remaining arguments are the sources to be wrapped.
+#   OPTIONS             - Extra options to NVCC
+# OUTPUT:
+#   generated_files     - List of generated files
+##############################################################################
+##############################################################################
+
+macro(CUDA_WRAP_SRCS cuda_target format generated_files)
+
+  # If CMake doesn't support separable compilation, complain
+  if(CUDA_SEPARABLE_COMPILATION AND CMAKE_VERSION VERSION_LESS "2.8.10.1")
+    message(SEND_ERROR "CUDA_SEPARABLE_COMPILATION isn't supported for CMake versions less than 2.8.10.1")
+  endif()
+
+  # Set up all the command line flags here, so that they can be overridden on a per target basis.
+
+  set(nvcc_flags "")
+
+  # Emulation if the card isn't present.
+  if (CUDA_BUILD_EMULATION)
+    # Emulation.
+    set(nvcc_flags ${nvcc_flags} --device-emulation -D_DEVICEEMU -g)
+  else()
+    # Device mode.  No flags necessary.
+  endif()
+
+  if(CUDA_HOST_COMPILATION_CPP)
+    set(CUDA_C_OR_CXX CXX)
+  else()
+    if(CUDA_VERSION VERSION_LESS "3.0")
+      set(nvcc_flags ${nvcc_flags} --host-compilation C)
+    else()
+      message(WARNING "--host-compilation flag is deprecated in CUDA version >= 3.0.  Removing --host-compilation C flag" )
+    endif()
+    set(CUDA_C_OR_CXX C)
+  endif()
+
+  set(generated_extension ${CMAKE_${CUDA_C_OR_CXX}_OUTPUT_EXTENSION})
+
+  if(CUDA_64_BIT_DEVICE_CODE)
+    set(nvcc_flags ${nvcc_flags} -m64)
+  else()
+    set(nvcc_flags ${nvcc_flags} -m32)
+  endif()
+
+  if(CUDA_TARGET_CPU_ARCH AND CUDA_VERSION VERSION_LESS "7.0")
+    # CPU architecture is either ARM or X86. Patch AARCH64 to be ARM
+    string(REPLACE "AARCH64" "ARM" CUDA_TARGET_CPU_ARCH_patched ${CUDA_TARGET_CPU_ARCH})
+    set(nvcc_flags ${nvcc_flags} "--target-cpu-architecture=${CUDA_TARGET_CPU_ARCH_patched}")
+  endif()
+
+  if(CUDA_TARGET_OS_VARIANT AND CUDA_VERSION VERSION_LESS "7.0")
+    set(nvcc_flags ${nvcc_flags} "-target-os-variant=${CUDA_TARGET_OS_VARIANT}")
+  endif()
+
+  # This needs to be passed in at this stage, because VS needs to fill out the
+  # value of VCInstallDir from within VS.  Note that CCBIN is only used if
+  # -ccbin or --compiler-bindir isn't used and CUDA_HOST_COMPILER matches
+  # $(VCInstallDir)/bin.
+  if(CMAKE_GENERATOR MATCHES "Visual Studio")
+    set(ccbin_flags -D "\"CCBIN:PATH=$(VCInstallDir)bin\"" )
+  else()
+    set(ccbin_flags)
+  endif()
+
+  # Figure out which configure we will use and pass that in as an argument to
+  # the script.  We need to defer the decision until compilation time, because
+  # for VS projects we won't know if we are making a debug or release build
+  # until build time.
+  if(CMAKE_GENERATOR MATCHES "Visual Studio")
+    set( CUDA_build_configuration "$(ConfigurationName)" )
+  else()
+    set( CUDA_build_configuration "${CMAKE_BUILD_TYPE}")
+  endif()
+
+  # Initialize our list of includes with the user ones followed by the CUDA system ones.
+  set(CUDA_NVCC_INCLUDE_ARGS ${CUDA_NVCC_INCLUDE_ARGS_USER} "-I${CUDA_INCLUDE_DIRS}")
+  # Get the include directories for this directory and use them for our nvcc command.
+  # Remove duplicate entries which may be present since include_directories
+  # in CMake >= 2.8.8 does not remove them.
+  get_directory_property(CUDA_NVCC_INCLUDE_DIRECTORIES INCLUDE_DIRECTORIES)
+  list(REMOVE_DUPLICATES CUDA_NVCC_INCLUDE_DIRECTORIES)
+  if(CUDA_NVCC_INCLUDE_DIRECTORIES)
+    foreach(dir ${CUDA_NVCC_INCLUDE_DIRECTORIES})
+      list(APPEND CUDA_NVCC_INCLUDE_ARGS -I${dir})
+    endforeach()
+  endif()
+
+  # Reset these variables
+  set(CUDA_WRAP_OPTION_NVCC_FLAGS)
+  foreach(config ${CUDA_configuration_types})
+    string(TOUPPER ${config} config_upper)
+    set(CUDA_WRAP_OPTION_NVCC_FLAGS_${config_upper})
+  endforeach()
+
+  CUDA_GET_SOURCES_AND_OPTIONS(_cuda_wrap_sources _cuda_wrap_cmake_options _cuda_wrap_options ${ARGN})
+  CUDA_PARSE_NVCC_OPTIONS(CUDA_WRAP_OPTION_NVCC_FLAGS ${_cuda_wrap_options})
+
+  # Figure out if we are building a shared library.  BUILD_SHARED_LIBS is
+  # respected in CUDA_ADD_LIBRARY.
+  set(_cuda_build_shared_libs FALSE)
+  # SHARED, MODULE
+  list(FIND _cuda_wrap_cmake_options SHARED _cuda_found_SHARED)
+  list(FIND _cuda_wrap_cmake_options MODULE _cuda_found_MODULE)
+  if(_cuda_found_SHARED GREATER -1 OR _cuda_found_MODULE GREATER -1)
+    set(_cuda_build_shared_libs TRUE)
+  endif()
+  # STATIC
+  list(FIND _cuda_wrap_cmake_options STATIC _cuda_found_STATIC)
+  if(_cuda_found_STATIC GREATER -1)
+    set(_cuda_build_shared_libs FALSE)
+  endif()
+
+  # CUDA_HOST_FLAGS
+  if(_cuda_build_shared_libs)
+    # If we are setting up code for a shared library, then we need to add extra flags for
+    # compiling objects for shared libraries.
+    set(CUDA_HOST_SHARED_FLAGS ${CMAKE_SHARED_LIBRARY_${CUDA_C_OR_CXX}_FLAGS})
+  else()
+    set(CUDA_HOST_SHARED_FLAGS)
+  endif()
+  # Only add the CMAKE_{C,CXX}_FLAGS if we are propagating host flags.  We
+  # always need to set the SHARED_FLAGS, though.
+  if(CUDA_PROPAGATE_HOST_FLAGS)
+    set(_cuda_host_flags "set(CMAKE_HOST_FLAGS ${CMAKE_${CUDA_C_OR_CXX}_FLAGS} ${CUDA_HOST_SHARED_FLAGS})")
+  else()
+    set(_cuda_host_flags "set(CMAKE_HOST_FLAGS ${CUDA_HOST_SHARED_FLAGS})")
+  endif()
+
+  set(_cuda_nvcc_flags_config "# Build specific configuration flags")
+  # Loop over all the configuration types to generate appropriate flags for run_nvcc.cmake
+  foreach(config ${CUDA_configuration_types})
+    string(TOUPPER ${config} config_upper)
+    # CMAKE_FLAGS are strings and not lists.  By not putting quotes around CMAKE_FLAGS
+    # we convert the strings to lists (like we want).
+
+    if(CUDA_PROPAGATE_HOST_FLAGS)
+      # nvcc chokes on -g3 in versions previous to 3.0, so replace it with -g
+      set(_cuda_fix_g3 FALSE)
+
+      if(CMAKE_COMPILER_IS_GNUCC)
+        if (CUDA_VERSION VERSION_LESS  "3.0" OR
+            CUDA_VERSION VERSION_EQUAL "4.1" OR
+            CUDA_VERSION VERSION_EQUAL "4.2"
+            )
+          set(_cuda_fix_g3 TRUE)
+        endif()
+      endif()
+      if(_cuda_fix_g3)
+        string(REPLACE "-g3" "-g" _cuda_C_FLAGS "${CMAKE_${CUDA_C_OR_CXX}_FLAGS_${config_upper}}")
+      else()
+        set(_cuda_C_FLAGS "${CMAKE_${CUDA_C_OR_CXX}_FLAGS_${config_upper}}")
+      endif()
+
+      set(_cuda_host_flags "${_cuda_host_flags}\nset(CMAKE_HOST_FLAGS_${config_upper} ${_cuda_C_FLAGS})")
+    endif()
+
+    # Note that if we ever want CUDA_NVCC_FLAGS_<CONFIG> to be string (instead of a list
+    # like it is currently), we can remove the quotes around the
+    # ${CUDA_NVCC_FLAGS_${config_upper}} variable like the CMAKE_HOST_FLAGS_<CONFIG> variable.
+    set(_cuda_nvcc_flags_config "${_cuda_nvcc_flags_config}\nset(CUDA_NVCC_FLAGS_${config_upper} ${CUDA_NVCC_FLAGS_${config_upper}} ;; ${CUDA_WRAP_OPTION_NVCC_FLAGS_${config_upper}})")
+  endforeach()
+
+  # Get the list of definitions from the directory property
+  get_directory_property(CUDA_NVCC_DEFINITIONS COMPILE_DEFINITIONS)
+  if(CUDA_NVCC_DEFINITIONS)
+    foreach(_definition ${CUDA_NVCC_DEFINITIONS})
+      list(APPEND nvcc_flags "-D${_definition}")
+    endforeach()
+  endif()
+
+  if(_cuda_build_shared_libs)
+    list(APPEND nvcc_flags "-D${cuda_target}_EXPORTS")
+  endif()
+
+  # Reset the output variable
+  set(_cuda_wrap_generated_files "")
+
+  # Iterate over the macro arguments and create custom
+  # commands for all the .cu files.
+  foreach(file ${ARGN})
+    # Ignore any file marked as a HEADER_FILE_ONLY
+    get_source_file_property(_is_header ${file} HEADER_FILE_ONLY)
+    if(${file} MATCHES "\\.cu$" AND NOT _is_header)
+
+      # Allow per source file overrides of the format.
+      get_source_file_property(_cuda_source_format ${file} CUDA_SOURCE_PROPERTY_FORMAT)
+      if(NOT _cuda_source_format)
+        set(_cuda_source_format ${format})
+      endif()
+
+      if( ${_cuda_source_format} MATCHES "OBJ")
+        set( cuda_compile_to_external_module OFF )
+      else()
+        set( cuda_compile_to_external_module ON )
+        if( ${_cuda_source_format} MATCHES "PTX" )
+          set( cuda_compile_to_external_module_type "ptx" )
+        elseif( ${_cuda_source_format} MATCHES "CUBIN")
+          set( cuda_compile_to_external_module_type "cubin" )
+        elseif( ${_cuda_source_format} MATCHES "FATBIN")
+          set( cuda_compile_to_external_module_type "fatbin" )
+        else()
+          message( FATAL_ERROR "Invalid format flag passed to CUDA_WRAP_SRCS for file '${file}': '${_cuda_source_format}'.  Use OBJ, PTX, CUBIN or FATBIN.")
+        endif()
+      endif()
+
+      if(cuda_compile_to_external_module)
+        # Don't use any of the host compilation flags for PTX targets.
+        set(CUDA_HOST_FLAGS)
+        set(CUDA_NVCC_FLAGS_CONFIG)
+      else()
+        set(CUDA_HOST_FLAGS ${_cuda_host_flags})
+        set(CUDA_NVCC_FLAGS_CONFIG ${_cuda_nvcc_flags_config})
+      endif()
+
+      # Determine output directory
+      cuda_compute_build_path("${file}" cuda_build_path)
+      set(cuda_compile_intermediate_directory "${CMAKE_CURRENT_BINARY_DIR}/CMakeFiles/${cuda_target}.dir/${cuda_build_path}")
+      if(CUDA_GENERATED_OUTPUT_DIR)
+        set(cuda_compile_output_dir "${CUDA_GENERATED_OUTPUT_DIR}")
+      else()
+        if ( cuda_compile_to_external_module )
+          set(cuda_compile_output_dir "${CMAKE_CURRENT_BINARY_DIR}")
+        else()
+          set(cuda_compile_output_dir "${cuda_compile_intermediate_directory}")
+        endif()
+      endif()
+
+      # Add a custom target to generate a c or ptx file. ######################
+
+      get_filename_component( basename ${file} NAME )
+      if( cuda_compile_to_external_module )
+        set(generated_file_path "${cuda_compile_output_dir}")
+        set(generated_file_basename "${cuda_target}_generated_${basename}.${cuda_compile_to_external_module_type}")
+        set(format_flag "-${cuda_compile_to_external_module_type}")
+        file(MAKE_DIRECTORY "${cuda_compile_output_dir}")
+      else()
+        set(generated_file_path "${cuda_compile_output_dir}/${CMAKE_CFG_INTDIR}")
+        set(generated_file_basename "${cuda_target}_generated_${basename}${generated_extension}")
+        if(CUDA_SEPARABLE_COMPILATION)
+          set(format_flag "-dc")
+        else()
+          set(format_flag "-c")
+        endif()
+      endif()
+
+      # Set all of our file names.  Make sure that whatever filenames that have
+      # generated_file_path in them get passed in through as a command line
+      # argument, so that the ${CMAKE_CFG_INTDIR} gets expanded at run time
+      # instead of configure time.
+      set(generated_file "${generated_file_path}/${generated_file_basename}")
+      set(cmake_dependency_file "${cuda_compile_intermediate_directory}/${generated_file_basename}.depend")
+      set(NVCC_generated_dependency_file "${cuda_compile_intermediate_directory}/${generated_file_basename}.NVCC-depend")
+      set(generated_cubin_file "${generated_file_path}/${generated_file_basename}.cubin.txt")
+      set(custom_target_script "${cuda_compile_intermediate_directory}/${generated_file_basename}.cmake")
+
+      # Setup properties for obj files:
+      if( NOT cuda_compile_to_external_module )
+        set_source_files_properties("${generated_file}"
+          PROPERTIES
+          EXTERNAL_OBJECT true # This is an object file not to be compiled, but only be linked.
+          )
+      endif()
+
+      # Don't add CMAKE_CURRENT_SOURCE_DIR if the path is already an absolute path.
+      get_filename_component(file_path "${file}" PATH)
+      if(IS_ABSOLUTE "${file_path}")
+        set(source_file "${file}")
+      else()
+        set(source_file "${CMAKE_CURRENT_SOURCE_DIR}/${file}")
+      endif()
+
+      if( NOT cuda_compile_to_external_module AND CUDA_SEPARABLE_COMPILATION)
+        list(APPEND ${cuda_target}_SEPARABLE_COMPILATION_OBJECTS "${generated_file}")
+      endif()
+
+      # Bring in the dependencies.  Creates a variable CUDA_NVCC_DEPEND #######
+      cuda_include_nvcc_dependencies(${cmake_dependency_file})
+
+      # Convience string for output ###########################################
+      if(CUDA_BUILD_EMULATION)
+        set(cuda_build_type "Emulation")
+      else()
+        set(cuda_build_type "Device")
+      endif()
+
+      # Build the NVCC made dependency file ###################################
+      set(build_cubin OFF)
+      if ( NOT CUDA_BUILD_EMULATION AND CUDA_BUILD_CUBIN )
+         if ( NOT cuda_compile_to_external_module )
+           set ( build_cubin ON )
+         endif()
+      endif()
+
+      # Configure the build script
+      configure_file("${CUDA_run_nvcc}" "${custom_target_script}" @ONLY)
+
+      # So if a user specifies the same cuda file as input more than once, you
+      # can have bad things happen with dependencies.  Here we check an option
+      # to see if this is the behavior they want.
+      if(CUDA_ATTACH_VS_BUILD_RULE_TO_CUDA_FILE)
+        set(main_dep MAIN_DEPENDENCY ${source_file})
+      else()
+        set(main_dep DEPENDS ${source_file})
+      endif()
+
+      if(CUDA_VERBOSE_BUILD)
+        set(verbose_output ON)
+      elseif(CMAKE_GENERATOR MATCHES "Makefiles")
+        set(verbose_output "$(VERBOSE)")
+      else()
+        set(verbose_output OFF)
+      endif()
+
+      # Create up the comment string
+      file(RELATIVE_PATH generated_file_relative_path "${CMAKE_BINARY_DIR}" "${generated_file}")
+      if(cuda_compile_to_external_module)
+        set(cuda_build_comment_string "Building NVCC ${cuda_compile_to_external_module_type} file ${generated_file_relative_path}")
+      else()
+        set(cuda_build_comment_string "Building NVCC (${cuda_build_type}) object ${generated_file_relative_path}")
+      endif()
+
+      # Build the generated file and dependency file ##########################
+      add_custom_command(
+        OUTPUT ${generated_file}
+        # These output files depend on the source_file and the contents of cmake_dependency_file
+        ${main_dep}
+        DEPENDS ${CUDA_NVCC_DEPEND}
+        DEPENDS ${custom_target_script}
+        # Make sure the output directory exists before trying to write to it.
+        COMMAND ${CMAKE_COMMAND} -E make_directory "${generated_file_path}"
+        COMMAND ${CMAKE_COMMAND} ARGS
+          -D verbose:BOOL=${verbose_output}
+          ${ccbin_flags}
+          -D build_configuration:STRING=${CUDA_build_configuration}
+          -D "generated_file:STRING=${generated_file}"
+          -D "generated_cubin_file:STRING=${generated_cubin_file}"
+          -P "${custom_target_script}"
+        WORKING_DIRECTORY "${cuda_compile_intermediate_directory}"
+        COMMENT "${cuda_build_comment_string}"
+        )
+
+      # Make sure the build system knows the file is generated.
+      set_source_files_properties(${generated_file} PROPERTIES GENERATED TRUE)
+
+      list(APPEND _cuda_wrap_generated_files ${generated_file})
+
+      # Add the other files that we want cmake to clean on a cleanup ##########
+      list(APPEND CUDA_ADDITIONAL_CLEAN_FILES "${cmake_dependency_file}")
+      list(REMOVE_DUPLICATES CUDA_ADDITIONAL_CLEAN_FILES)
+      set(CUDA_ADDITIONAL_CLEAN_FILES ${CUDA_ADDITIONAL_CLEAN_FILES} CACHE INTERNAL "List of intermediate files that are part of the cuda dependency scanning.")
+
+    endif()
+  endforeach()
+
+  # Set the return parameter
+  set(${generated_files} ${_cuda_wrap_generated_files})
+endmacro()
+
+function(_cuda_get_important_host_flags important_flags flag_string)
+  if(CMAKE_GENERATOR MATCHES "Visual Studio")
+    string(REGEX MATCHALL "/M[DT][d]?" flags ${flag_string})
+    list(APPEND ${important_flags} ${flags})
+  else()
+    string(REGEX MATCHALL "-fPIC" flags ${flag_string})
+    list(APPEND ${important_flags} ${flags})
+  endif()
+  set(${important_flags} ${${important_flags}} PARENT_SCOPE)
+endfunction()
+
+###############################################################################
+###############################################################################
+# Separable Compilation Link
+###############################################################################
+###############################################################################
+
+# Compute the filename to be used by CUDA_LINK_SEPARABLE_COMPILATION_OBJECTS
+function(CUDA_COMPUTE_SEPARABLE_COMPILATION_OBJECT_FILE_NAME output_file_var cuda_target object_files)
+  if (object_files)
+    set(generated_extension ${CMAKE_${CUDA_C_OR_CXX}_OUTPUT_EXTENSION})
+    set(output_file "${CMAKE_CURRENT_BINARY_DIR}/CMakeFiles/${cuda_target}.dir/${CMAKE_CFG_INTDIR}/${cuda_target}_intermediate_link${generated_extension}")
+  else()
+    set(output_file)
+  endif()
+
+  set(${output_file_var} "${output_file}" PARENT_SCOPE)
+endfunction()
+
+# Setup the build rule for the separable compilation intermediate link file.
+function(CUDA_LINK_SEPARABLE_COMPILATION_OBJECTS output_file cuda_target options object_files)
+  if (object_files)
+
+    set_source_files_properties("${output_file}"
+      PROPERTIES
+      EXTERNAL_OBJECT TRUE # This is an object file not to be compiled, but only
+                           # be linked.
+      GENERATED TRUE       # This file is generated during the build
+      )
+
+    # For now we are ignoring all the configuration specific flags.
+    set(nvcc_flags)
+    CUDA_PARSE_NVCC_OPTIONS(nvcc_flags ${options})
+    if(CUDA_64_BIT_DEVICE_CODE)
+      list(APPEND nvcc_flags -m64)
+    else()
+      list(APPEND nvcc_flags -m32)
+    endif()
+    # If -ccbin, --compiler-bindir has been specified, don't do anything.  Otherwise add it here.
+    list( FIND nvcc_flags "-ccbin" ccbin_found0 )
+    list( FIND nvcc_flags "--compiler-bindir" ccbin_found1 )
+    if( ccbin_found0 LESS 0 AND ccbin_found1 LESS 0 AND CUDA_HOST_COMPILER )
+      list(APPEND nvcc_flags -ccbin "\"${CUDA_HOST_COMPILER}\"")
+    endif()
+    # Create a list of flags specified by CUDA_NVCC_FLAGS_${CONFIG}
+    set(config_specific_flags)
+    set(flags)
+    foreach(config ${CUDA_configuration_types})
+      string(TOUPPER ${config} config_upper)
+      # Add config specific flags
+      foreach(f ${CUDA_NVCC_FLAGS_${config_upper}})
+        list(APPEND config_specific_flags $<$<CONFIG:${config}>:${f}>)
+      endforeach()
+      set(important_host_flags)
+      _cuda_get_important_host_flags(important_host_flags ${CMAKE_${CUDA_C_OR_CXX}_FLAGS_${config_upper}})
+      foreach(f ${important_host_flags})
+        list(APPEND flags $<$<CONFIG:${config}>:-Xcompiler> $<$<CONFIG:${config}>:${f}>)
+      endforeach()
+    endforeach()
+    # Add our general CUDA_NVCC_FLAGS with the configuration specifig flags
+    set(nvcc_flags ${CUDA_NVCC_FLAGS} ${config_specific_flags} ${nvcc_flags})
+
+    file(RELATIVE_PATH output_file_relative_path "${CMAKE_BINARY_DIR}" "${output_file}")
+
+    # Some generators don't handle the multiple levels of custom command
+    # dependencies correctly (obj1 depends on file1, obj2 depends on obj1), so
+    # we work around that issue by compiling the intermediate link object as a
+    # pre-link custom command in that situation.
+    set(do_obj_build_rule TRUE)
+    if (MSVC_VERSION GREATER 1599)
+      # VS 2010 and 2012 have this problem.  If future versions fix this issue,
+      # it should still work, it just won't be as nice as the other method.
+      set(do_obj_build_rule FALSE)
+    endif()
+
+    if (do_obj_build_rule)
+      add_custom_command(
+        OUTPUT ${output_file}
+        DEPENDS ${object_files}
+        COMMAND ${CUDA_NVCC_EXECUTABLE} ${nvcc_flags} -dlink ${object_files} -o ${output_file}
+        ${flags}
+        COMMENT "Building NVCC intermediate link file ${output_file_relative_path}"
+        )
+    else()
+      add_custom_command(
+        TARGET ${cuda_target}
+        PRE_LINK
+        COMMAND ${CMAKE_COMMAND} -E echo "Building NVCC intermediate link file ${output_file_relative_path}"
+        COMMAND ${CUDA_NVCC_EXECUTABLE} ${nvcc_flags} ${flags} -dlink ${object_files} -o "${output_file}"
+        )
+    endif()
+ endif()
+endfunction()
+
+###############################################################################
+###############################################################################
+# ADD LIBRARY
+###############################################################################
+###############################################################################
+macro(CUDA_ADD_LIBRARY cuda_target)
+
+  CUDA_ADD_CUDA_INCLUDE_ONCE()
+
+  # Separate the sources from the options
+  CUDA_GET_SOURCES_AND_OPTIONS(_sources _cmake_options _options ${ARGN})
+  CUDA_BUILD_SHARED_LIBRARY(_cuda_shared_flag ${ARGN})
+  # Create custom commands and targets for each file.
+  CUDA_WRAP_SRCS( ${cuda_target} OBJ _generated_files ${_sources}
+    ${_cmake_options} ${_cuda_shared_flag}
+    OPTIONS ${_options} )
+
+  # Compute the file name of the intermedate link file used for separable
+  # compilation.
+  CUDA_COMPUTE_SEPARABLE_COMPILATION_OBJECT_FILE_NAME(link_file ${cuda_target} "${${cuda_target}_SEPARABLE_COMPILATION_OBJECTS}")
+
+  # Add the library.
+  add_library(${cuda_target} ${_cmake_options}
+    ${_generated_files}
+    ${_sources}
+    ${link_file}
+    )
+
+  # Add a link phase for the separable compilation if it has been enabled.  If
+  # it has been enabled then the ${cuda_target}_SEPARABLE_COMPILATION_OBJECTS
+  # variable will have been defined.
+  CUDA_LINK_SEPARABLE_COMPILATION_OBJECTS("${link_file}" ${cuda_target} "${_options}" "${${cuda_target}_SEPARABLE_COMPILATION_OBJECTS}")
+
+  target_link_libraries(${cuda_target}
+    ${CUDA_LIBRARIES}
+    )
+
+  # We need to set the linker language based on what the expected generated file
+  # would be. CUDA_C_OR_CXX is computed based on CUDA_HOST_COMPILATION_CPP.
+  set_target_properties(${cuda_target}
+    PROPERTIES
+    LINKER_LANGUAGE ${CUDA_C_OR_CXX}
+    )
+
+endmacro()
+
+
+###############################################################################
+###############################################################################
+# ADD EXECUTABLE
+###############################################################################
+###############################################################################
+macro(CUDA_ADD_EXECUTABLE cuda_target)
+
+  CUDA_ADD_CUDA_INCLUDE_ONCE()
+
+  # Separate the sources from the options
+  CUDA_GET_SOURCES_AND_OPTIONS(_sources _cmake_options _options ${ARGN})
+  # Create custom commands and targets for each file.
+  CUDA_WRAP_SRCS( ${cuda_target} OBJ _generated_files ${_sources} OPTIONS ${_options} )
+
+  # Compute the file name of the intermedate link file used for separable
+  # compilation.
+  CUDA_COMPUTE_SEPARABLE_COMPILATION_OBJECT_FILE_NAME(link_file ${cuda_target} "${${cuda_target}_SEPARABLE_COMPILATION_OBJECTS}")
+
+  # Add the library.
+  add_executable(${cuda_target} ${_cmake_options}
+    ${_generated_files}
+    ${_sources}
+    ${link_file}
+    )
+
+  # Add a link phase for the separable compilation if it has been enabled.  If
+  # it has been enabled then the ${cuda_target}_SEPARABLE_COMPILATION_OBJECTS
+  # variable will have been defined.
+  CUDA_LINK_SEPARABLE_COMPILATION_OBJECTS("${link_file}" ${cuda_target} "${_options}" "${${cuda_target}_SEPARABLE_COMPILATION_OBJECTS}")
+
+  target_link_libraries(${cuda_target}
+    ${CUDA_LIBRARIES}
+    )
+
+  # We need to set the linker language based on what the expected generated file
+  # would be. CUDA_C_OR_CXX is computed based on CUDA_HOST_COMPILATION_CPP.
+  set_target_properties(${cuda_target}
+    PROPERTIES
+    LINKER_LANGUAGE ${CUDA_C_OR_CXX}
+    )
+
+endmacro()
+
+
+###############################################################################
+###############################################################################
+# (Internal) helper for manually added cuda source files with specific targets
+###############################################################################
+###############################################################################
+macro(cuda_compile_base cuda_target format generated_files)
+
+  # Separate the sources from the options
+  CUDA_GET_SOURCES_AND_OPTIONS(_sources _cmake_options _options ${ARGN})
+  # Create custom commands and targets for each file.
+  CUDA_WRAP_SRCS( ${cuda_target} ${format} _generated_files ${_sources} ${_cmake_options}
+    OPTIONS ${_options} )
+
+  set( ${generated_files} ${_generated_files})
+
+endmacro()
+
+###############################################################################
+###############################################################################
+# CUDA COMPILE
+###############################################################################
+###############################################################################
+macro(CUDA_COMPILE generated_files)
+  cuda_compile_base(cuda_compile OBJ ${generated_files} ${ARGN})
+endmacro()
+
+###############################################################################
+###############################################################################
+# CUDA COMPILE PTX
+###############################################################################
+###############################################################################
+macro(CUDA_COMPILE_PTX generated_files)
+  cuda_compile_base(cuda_compile_ptx PTX ${generated_files} ${ARGN})
+endmacro()
+
+###############################################################################
+###############################################################################
+# CUDA COMPILE FATBIN
+###############################################################################
+###############################################################################
+macro(CUDA_COMPILE_FATBIN generated_files)
+  cuda_compile_base(cuda_compile_fatbin FATBIN ${generated_files} ${ARGN})
+endmacro()
+
+###############################################################################
+###############################################################################
+# CUDA COMPILE CUBIN
+###############################################################################
+###############################################################################
+macro(CUDA_COMPILE_CUBIN generated_files)
+  cuda_compile_base(cuda_compile_cubin CUBIN ${generated_files} ${ARGN})
+endmacro()
+
+
+###############################################################################
+###############################################################################
+# CUDA ADD CUFFT TO TARGET
+###############################################################################
+###############################################################################
+macro(CUDA_ADD_CUFFT_TO_TARGET target)
+  if (CUDA_BUILD_EMULATION)
+    target_link_libraries(${target} ${CUDA_cufftemu_LIBRARY})
+  else()
+    target_link_libraries(${target} ${CUDA_cufft_LIBRARY})
+  endif()
+endmacro()
+
+###############################################################################
+###############################################################################
+# CUDA ADD CUBLAS TO TARGET
+###############################################################################
+###############################################################################
+macro(CUDA_ADD_CUBLAS_TO_TARGET target)
+  if (CUDA_BUILD_EMULATION)
+    target_link_libraries(${target} ${CUDA_cublasemu_LIBRARY})
+  else()
+    target_link_libraries(${target} ${CUDA_cublas_LIBRARY})
+  endif()
+endmacro()
+
+###############################################################################
+###############################################################################
+# CUDA BUILD CLEAN TARGET
+###############################################################################
+###############################################################################
+macro(CUDA_BUILD_CLEAN_TARGET)
+  # Call this after you add all your CUDA targets, and you will get a convience
+  # target.  You should also make clean after running this target to get the
+  # build system to generate all the code again.
+
+  set(cuda_clean_target_name clean_cuda_depends)
+  if (CMAKE_GENERATOR MATCHES "Visual Studio")
+    string(TOUPPER ${cuda_clean_target_name} cuda_clean_target_name)
+  endif()
+  add_custom_target(${cuda_clean_target_name}
+    COMMAND ${CMAKE_COMMAND} -E remove ${CUDA_ADDITIONAL_CLEAN_FILES})
+
+  # Clear out the variable, so the next time we configure it will be empty.
+  # This is useful so that the files won't persist in the list after targets
+  # have been removed.
+  set(CUDA_ADDITIONAL_CLEAN_FILES "" CACHE INTERNAL "List of intermediate files that are part of the cuda dependency scanning.")
+endmacro()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/FindCUDA/make2cmake.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/FindCUDA/make2cmake.cmake
new file mode 100644
index 000000000..c433fa8ed
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/FindCUDA/make2cmake.cmake
@@ -0,0 +1,92 @@
+#  James Bigler, NVIDIA Corp (nvidia.com - jbigler)
+#  Abe Stephens, SCI Institute -- http://www.sci.utah.edu/~abe/FindCuda.html
+#
+#  Copyright (c) 2008 - 2009 NVIDIA Corporation.  All rights reserved.
+#
+#  Copyright (c) 2007-2009
+#  Scientific Computing and Imaging Institute, University of Utah
+#
+#  This code is licensed under the MIT License.  See the FindCUDA.cmake script
+#  for the text of the license.
+
+# The MIT License
+#
+# License for the specific language governing rights and limitations under
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+#
+
+#######################################################################
+# This converts a file written in makefile syntax into one that can be included
+# by CMake.
+
+file(READ ${input_file} depend_text)
+
+if (NOT "${depend_text}" STREQUAL "")
+
+  # message("FOUND DEPENDS")
+
+  string(REPLACE "\\ " " " depend_text ${depend_text})
+
+  # This works for the nvcc -M generated dependency files.
+  string(REGEX REPLACE "^.* : " "" depend_text ${depend_text})
+  string(REGEX REPLACE "[ \\\\]*\n" ";" depend_text ${depend_text})
+
+  set(dependency_list "")
+
+  foreach(file ${depend_text})
+
+    string(REGEX REPLACE "^ +" "" file ${file})
+
+    # OK, now if we had a UNC path, nvcc has a tendency to only output the first '/'
+    # instead of '//'.  Here we will test to see if the file exists, if it doesn't then
+    # try to prepend another '/' to the path and test again.  If it still fails remove the
+    # path.
+
+    if(NOT EXISTS "${file}")
+      if (EXISTS "/${file}")
+        set(file "/${file}")
+      else()
+        message(WARNING " Removing non-existent dependency file: ${file}")
+        set(file "")
+      endif()
+    endif()
+
+    if(NOT IS_DIRECTORY "${file}")
+      # If softlinks start to matter, we should change this to REALPATH.  For now we need
+      # to flatten paths, because nvcc can generate stuff like /bin/../include instead of
+      # just /include.
+      get_filename_component(file_absolute "${file}" ABSOLUTE)
+      list(APPEND dependency_list "${file_absolute}")
+    endif()
+
+  endforeach()
+
+else()
+  # message("FOUND NO DEPENDS")
+endif()
+
+# Remove the duplicate entries and sort them.
+list(REMOVE_DUPLICATES dependency_list)
+list(SORT dependency_list)
+
+foreach(file ${dependency_list})
+  set(cuda_nvcc_depend "${cuda_nvcc_depend} \"${file}\"\n")
+endforeach()
+
+file(WRITE ${output_file} "# Generated by: make2cmake.cmake\nSET(CUDA_NVCC_DEPEND\n ${cuda_nvcc_depend})\n\n")
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/FindCUDA/parse_cubin.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/FindCUDA/parse_cubin.cmake
new file mode 100644
index 000000000..25ceb49f3
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/FindCUDA/parse_cubin.cmake
@@ -0,0 +1,109 @@
+#  James Bigler, NVIDIA Corp (nvidia.com - jbigler)
+#  Abe Stephens, SCI Institute -- http://www.sci.utah.edu/~abe/FindCuda.html
+#
+#  Copyright (c) 2008 - 2009 NVIDIA Corporation.  All rights reserved.
+#
+#  Copyright (c) 2007-2009
+#  Scientific Computing and Imaging Institute, University of Utah
+#
+#  This code is licensed under the MIT License.  See the FindCUDA.cmake script
+#  for the text of the license.
+
+# The MIT License
+#
+# License for the specific language governing rights and limitations under
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+#
+
+#######################################################################
+# Parses a .cubin file produced by nvcc and reports statistics about the file.
+
+
+file(READ ${input_file} file_text)
+
+if (NOT "${file_text}" STREQUAL "")
+
+  string(REPLACE ";" "\\;" file_text ${file_text})
+  string(REPLACE "\ncode" ";code" file_text ${file_text})
+
+  list(LENGTH file_text len)
+
+  foreach(line ${file_text})
+
+    # Only look at "code { }" blocks.
+    if(line MATCHES "^code")
+
+      # Break into individual lines.
+      string(REGEX REPLACE "\n" ";" line ${line})
+
+      foreach(entry ${line})
+
+        # Extract kernel names.
+        if (${entry} MATCHES "[^g]name = ([^ ]+)")
+          set(entry "${CMAKE_MATCH_1}")
+
+          # Check to see if the kernel name starts with "_"
+          set(skip FALSE)
+          # if (${entry} MATCHES "^_")
+            # Skip the rest of this block.
+            # message("Skipping ${entry}")
+            # set(skip TRUE)
+          # else ()
+            message("Kernel:    ${entry}")
+          # endif ()
+
+        endif()
+
+        # Skip the rest of the block if necessary
+        if(NOT skip)
+
+          # Registers
+          if (${entry} MATCHES "reg([ ]+)=([ ]+)([^ ]+)")
+            set(entry "${CMAKE_MATCH_3}")
+            message("Registers: ${entry}")
+          endif()
+
+          # Local memory
+          if (${entry} MATCHES "lmem([ ]+)=([ ]+)([^ ]+)")
+            set(entry "${CMAKE_MATCH_3}")
+            message("Local:     ${entry}")
+          endif()
+
+          # Shared memory
+          if (${entry} MATCHES "smem([ ]+)=([ ]+)([^ ]+)")
+            set(entry "${CMAKE_MATCH_3}")
+            message("Shared:    ${entry}")
+          endif()
+
+          if (${entry} MATCHES "^}")
+            message("")
+          endif()
+
+        endif()
+
+
+      endforeach()
+
+    endif()
+
+  endforeach()
+
+else()
+  # message("FOUND NO DEPENDS")
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/FindCUDA/run_nvcc.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/FindCUDA/run_nvcc.cmake
new file mode 100644
index 000000000..abdd3079e
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/FindCUDA/run_nvcc.cmake
@@ -0,0 +1,288 @@
+#  James Bigler, NVIDIA Corp (nvidia.com - jbigler)
+#
+#  Copyright (c) 2008 - 2009 NVIDIA Corporation.  All rights reserved.
+#
+#  This code is licensed under the MIT License.  See the FindCUDA.cmake script
+#  for the text of the license.
+
+# The MIT License
+#
+# License for the specific language governing rights and limitations under
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the "Software"),
+# to deal in the Software without restriction, including without limitation
+# the rights to use, copy, modify, merge, publish, distribute, sublicense,
+# and/or sell copies of the Software, and to permit persons to whom the
+# Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+# DEALINGS IN THE SOFTWARE.
+
+
+##########################################################################
+# This file runs the nvcc commands to produce the desired output file along with
+# the dependency file needed by CMake to compute dependencies.  In addition the
+# file checks the output of each command and if the command fails it deletes the
+# output files.
+
+# Input variables
+#
+# verbose:BOOL=<>          OFF: Be as quiet as possible (default)
+#                          ON : Describe each step
+#
+# build_configuration:STRING=<> Typically one of Debug, MinSizeRel, Release, or
+#                               RelWithDebInfo, but it should match one of the
+#                               entries in CUDA_HOST_FLAGS. This is the build
+#                               configuration used when compiling the code.  If
+#                               blank or unspecified Debug is assumed as this is
+#                               what CMake does.
+#
+# generated_file:STRING=<> File to generate.  This argument must be passed in.
+#
+# generated_cubin_file:STRING=<> File to generate.  This argument must be passed
+#                                                   in if build_cubin is true.
+
+if(NOT generated_file)
+  message(FATAL_ERROR "You must specify generated_file on the command line")
+endif()
+
+# Set these up as variables to make reading the generated file easier
+set(CMAKE_COMMAND "@CMAKE_COMMAND@") # path
+set(source_file "@source_file@") # path
+set(NVCC_generated_dependency_file "@NVCC_generated_dependency_file@") # path
+set(cmake_dependency_file "@cmake_dependency_file@") # path
+set(CUDA_make2cmake "@CUDA_make2cmake@") # path
+set(CUDA_parse_cubin "@CUDA_parse_cubin@") # path
+set(build_cubin @build_cubin@) # bool
+set(CUDA_HOST_COMPILER "@CUDA_HOST_COMPILER@") # path
+# We won't actually use these variables for now, but we need to set this, in
+# order to force this file to be run again if it changes.
+set(generated_file_path "@generated_file_path@") # path
+set(generated_file_internal "@generated_file@") # path
+set(generated_cubin_file_internal "@generated_cubin_file@") # path
+
+set(CUDA_NVCC_EXECUTABLE "@CUDA_NVCC_EXECUTABLE@") # path
+set(CUDA_NVCC_FLAGS @CUDA_NVCC_FLAGS@ ;; @CUDA_WRAP_OPTION_NVCC_FLAGS@) # list
+@CUDA_NVCC_FLAGS_CONFIG@
+set(nvcc_flags @nvcc_flags@) # list
+set(CUDA_NVCC_INCLUDE_ARGS "@CUDA_NVCC_INCLUDE_ARGS@") # list (needs to be in quotes to handle spaces properly).
+set(format_flag "@format_flag@") # string
+
+if(build_cubin AND NOT generated_cubin_file)
+  message(FATAL_ERROR "You must specify generated_cubin_file on the command line")
+endif()
+
+# This is the list of host compilation flags.  It C or CXX should already have
+# been chosen by FindCUDA.cmake.
+@CUDA_HOST_FLAGS@
+
+# Take the compiler flags and package them up to be sent to the compiler via -Xcompiler
+set(nvcc_host_compiler_flags "")
+# If we weren't given a build_configuration, use Debug.
+if(NOT build_configuration)
+  set(build_configuration Debug)
+endif()
+string(TOUPPER "${build_configuration}" build_configuration)
+#message("CUDA_NVCC_HOST_COMPILER_FLAGS = ${CUDA_NVCC_HOST_COMPILER_FLAGS}")
+foreach(flag ${CMAKE_HOST_FLAGS} ${CMAKE_HOST_FLAGS_${build_configuration}})
+  # Extra quotes are added around each flag to help nvcc parse out flags with spaces.
+  set(nvcc_host_compiler_flags "${nvcc_host_compiler_flags},\"${flag}\"")
+endforeach()
+if (nvcc_host_compiler_flags)
+  set(nvcc_host_compiler_flags "-Xcompiler" ${nvcc_host_compiler_flags})
+endif()
+#message("nvcc_host_compiler_flags = \"${nvcc_host_compiler_flags}\"")
+# Add the build specific configuration flags
+list(APPEND CUDA_NVCC_FLAGS ${CUDA_NVCC_FLAGS_${build_configuration}})
+
+# Any -ccbin existing in CUDA_NVCC_FLAGS gets highest priority
+list( FIND CUDA_NVCC_FLAGS "-ccbin" ccbin_found0 )
+list( FIND CUDA_NVCC_FLAGS "--compiler-bindir" ccbin_found1 )
+if( ccbin_found0 LESS 0 AND ccbin_found1 LESS 0 AND CUDA_HOST_COMPILER )
+  if (CUDA_HOST_COMPILER STREQUAL "$(VCInstallDir)bin" AND DEFINED CCBIN)
+    set(CCBIN -ccbin "${CCBIN}")
+  else()
+    set(CCBIN -ccbin "${CUDA_HOST_COMPILER}")
+  endif()
+endif()
+
+# cuda_execute_process - Executes a command with optional command echo and status message.
+#
+#   status  - Status message to print if verbose is true
+#   command - COMMAND argument from the usual execute_process argument structure
+#   ARGN    - Remaining arguments are the command with arguments
+#
+#   CUDA_result - return value from running the command
+#
+# Make this a macro instead of a function, so that things like RESULT_VARIABLE
+# and other return variables are present after executing the process.
+macro(cuda_execute_process status command)
+  set(_command ${command})
+  if(NOT "x${_command}" STREQUAL "xCOMMAND")
+    message(FATAL_ERROR "Malformed call to cuda_execute_process.  Missing COMMAND as second argument. (command = ${command})")
+  endif()
+  if(verbose)
+    execute_process(COMMAND "${CMAKE_COMMAND}" -E echo -- ${status})
+    # Now we need to build up our command string.  We are accounting for quotes
+    # and spaces, anything else is left up to the user to fix if they want to
+    # copy and paste a runnable command line.
+    set(cuda_execute_process_string)
+    foreach(arg ${ARGN})
+      # If there are quotes, excape them, so they come through.
+      string(REPLACE "\"" "\\\"" arg ${arg})
+      # Args with spaces need quotes around them to get them to be parsed as a single argument.
+      if(arg MATCHES " ")
+        list(APPEND cuda_execute_process_string "\"${arg}\"")
+      else()
+        list(APPEND cuda_execute_process_string ${arg})
+      endif()
+    endforeach()
+    # Echo the command
+    execute_process(COMMAND ${CMAKE_COMMAND} -E echo ${cuda_execute_process_string})
+  endif()
+  # Run the command
+  execute_process(COMMAND ${ARGN} RESULT_VARIABLE CUDA_result )
+endmacro()
+
+# Delete the target file
+cuda_execute_process(
+  "Removing ${generated_file}"
+  COMMAND "${CMAKE_COMMAND}" -E remove "${generated_file}"
+  )
+
+# For CUDA 2.3 and below, -G -M doesn't work, so remove the -G flag
+# for dependency generation and hope for the best.
+set(depends_CUDA_NVCC_FLAGS "${CUDA_NVCC_FLAGS}")
+set(CUDA_VERSION @CUDA_VERSION@)
+if(CUDA_VERSION VERSION_LESS "3.0")
+  cmake_policy(PUSH)
+  # CMake policy 0007 NEW states that empty list elements are not
+  # ignored.  I'm just setting it to avoid the warning that's printed.
+  cmake_policy(SET CMP0007 NEW)
+  # Note that this will remove all occurances of -G.
+  list(REMOVE_ITEM depends_CUDA_NVCC_FLAGS "-G")
+  cmake_policy(POP)
+endif()
+
+# nvcc doesn't define __CUDACC__ for some reason when generating dependency files.  This
+# can cause incorrect dependencies when #including files based on this macro which is
+# defined in the generating passes of nvcc invokation.  We will go ahead and manually
+# define this for now until a future version fixes this bug.
+set(CUDACC_DEFINE -D__CUDACC__)
+
+# Generate the dependency file
+cuda_execute_process(
+  "Generating dependency file: ${NVCC_generated_dependency_file}"
+  COMMAND "${CUDA_NVCC_EXECUTABLE}"
+  -M
+  ${CUDACC_DEFINE}
+  "${source_file}"
+  -o "${NVCC_generated_dependency_file}"
+  ${CCBIN}
+  ${nvcc_flags}
+  ${nvcc_host_compiler_flags}
+  ${depends_CUDA_NVCC_FLAGS}
+  -DNVCC
+  ${CUDA_NVCC_INCLUDE_ARGS}
+  )
+
+if(CUDA_result)
+  message(FATAL_ERROR "Error generating ${generated_file}")
+endif()
+
+# Generate the cmake readable dependency file to a temp file.  Don't put the
+# quotes just around the filenames for the input_file and output_file variables.
+# CMake will pass the quotes through and not be able to find the file.
+cuda_execute_process(
+  "Generating temporary cmake readable file: ${cmake_dependency_file}.tmp"
+  COMMAND "${CMAKE_COMMAND}"
+  -D "input_file:FILEPATH=${NVCC_generated_dependency_file}"
+  -D "output_file:FILEPATH=${cmake_dependency_file}.tmp"
+  -P "${CUDA_make2cmake}"
+  )
+
+if(CUDA_result)
+  message(FATAL_ERROR "Error generating ${generated_file}")
+endif()
+
+# Copy the file if it is different
+cuda_execute_process(
+  "Copy if different ${cmake_dependency_file}.tmp to ${cmake_dependency_file}"
+  COMMAND "${CMAKE_COMMAND}" -E copy_if_different "${cmake_dependency_file}.tmp" "${cmake_dependency_file}"
+  )
+
+if(CUDA_result)
+  message(FATAL_ERROR "Error generating ${generated_file}")
+endif()
+
+# Delete the temporary file
+cuda_execute_process(
+  "Removing ${cmake_dependency_file}.tmp and ${NVCC_generated_dependency_file}"
+  COMMAND "${CMAKE_COMMAND}" -E remove "${cmake_dependency_file}.tmp" "${NVCC_generated_dependency_file}"
+  )
+
+if(CUDA_result)
+  message(FATAL_ERROR "Error generating ${generated_file}")
+endif()
+
+# Generate the code
+cuda_execute_process(
+  "Generating ${generated_file}"
+  COMMAND "${CUDA_NVCC_EXECUTABLE}"
+  "${source_file}"
+  ${format_flag} -o "${generated_file}"
+  ${CCBIN}
+  ${nvcc_flags}
+  ${nvcc_host_compiler_flags}
+  ${CUDA_NVCC_FLAGS}
+  -DNVCC
+  ${CUDA_NVCC_INCLUDE_ARGS}
+  )
+
+if(CUDA_result)
+  # Since nvcc can sometimes leave half done files make sure that we delete the output file.
+  cuda_execute_process(
+    "Removing ${generated_file}"
+    COMMAND "${CMAKE_COMMAND}" -E remove "${generated_file}"
+    )
+  message(FATAL_ERROR "Error generating file ${generated_file}")
+else()
+  if(verbose)
+    message("Generated ${generated_file} successfully.")
+  endif()
+endif()
+
+# Cubin resource report commands.
+if( build_cubin )
+  # Run with -cubin to produce resource usage report.
+  cuda_execute_process(
+    "Generating ${generated_cubin_file}"
+    COMMAND "${CUDA_NVCC_EXECUTABLE}"
+    "${source_file}"
+    ${CUDA_NVCC_FLAGS}
+    ${nvcc_flags}
+    ${CCBIN}
+    ${nvcc_host_compiler_flags}
+    -DNVCC
+    -cubin
+    -o "${generated_cubin_file}"
+    ${CUDA_NVCC_INCLUDE_ARGS}
+    )
+
+  # Execute the parser script.
+  cuda_execute_process(
+    "Executing the parser script"
+    COMMAND  "${CMAKE_COMMAND}"
+    -D "input_file:STRING=${generated_cubin_file}"
+    -P "${CUDA_parse_cubin}"
+    )
+
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVCRTLinkage.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVCRTLinkage.cmake
new file mode 100644
index 000000000..2168c72e6
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVCRTLinkage.cmake
@@ -0,0 +1,97 @@
+if(NOT MSVC)
+  message(FATAL_ERROR "CRT options are available only for MSVC")
+endif()
+
+#if (${CMAKE_SYSTEM_NAME} MATCHES "WindowsStore" OR ${CMAKE_SYSTEM_NAME} MATCHES "WindowsPhone")
+#  set(WINRT TRUE)
+
+if (WINRT)
+  add_definitions(/DWINVER=_WIN32_WINNT_WIN8 /DNTDDI_VERSION=NTDDI_WIN8 /D_WIN32_WINNT=_WIN32_WINNT_WIN8)
+endif()
+
+# Removing LNK4075 warnings for debug WinRT builds
+# "LNK4075: ignoring '/INCREMENTAL' due to '/OPT:ICF' specification"
+# "LNK4075: ignoring '/INCREMENTAL' due to '/OPT:REF' specification"
+if(MSVC AND WINRT)
+  # Optional verification checks since we don't know existing contents of variables below
+  string(REPLACE "/OPT:ICF " "/OPT:NOICF " CMAKE_EXE_LINKER_FLAGS_DEBUG "${CMAKE_EXE_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/OPT:REF " "/OPT:NOREF " CMAKE_EXE_LINKER_FLAGS_DEBUG "${CMAKE_EXE_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/INCREMENTAL:YES " "/INCREMENTAL:NO " CMAKE_EXE_LINKER_FLAGS_DEBUG "${CMAKE_EXE_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/INCREMENTAL " "/INCREMENTAL:NO " CMAKE_EXE_LINKER_FLAGS_DEBUG "${CMAKE_EXE_LINKER_FLAGS_DEBUG}")
+
+  string(REPLACE "/OPT:ICF " "/OPT:NOICF " CMAKE_MODULE_LINKER_FLAGS_DEBUG "${CMAKE_MODULE_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/OPT:REF " "/OPT:NORE F" CMAKE_MODULE_LINKER_FLAGS_DEBUG "${CMAKE_MODULE_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/INCREMENTAL:YES " "/INCREMENTAL:NO " CMAKE_MODULE_LINKER_FLAGS_DEBUG "${CMAKE_MODULE_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/INCREMENTAL " "/INCREMENTAL:NO " CMAKE_MODULE_LINKER_FLAGS_DEBUG "${CMAKE_MODULE_LINKER_FLAGS_DEBUG}")
+
+  string(REPLACE "/OPT:ICF " "/OPT:NOICF " CMAKE_SHARED_LINKER_FLAGS_DEBUG "${CMAKE_SHARED_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/OPT:REF " "/OPT:NOREF " CMAKE_SHARED_LINKER_FLAGS_DEBUG "${CMAKE_SHARED_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/INCREMENTAL:YES " "/INCREMENTAL:NO " CMAKE_SHARED_LINKER_FLAGS_DEBUG "${CMAKE_SHARED_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/INCREMENTAL " "/INCREMENTAL:NO " CMAKE_SHARED_LINKER_FLAGS_DEBUG "${CMAKE_SHARED_LINKER_FLAGS_DEBUG}")
+
+  # Mandatory
+  set(CMAKE_MODULE_LINKER_FLAGS_DEBUG  "${CMAKE_MODULE_LINKER_FLAGS_DEBUG} /INCREMENTAL:NO /OPT:NOREF /OPT:NOICF")
+  set(CMAKE_EXE_LINKER_FLAGS_DEBUG     "${CMAKE_EXE_LINKER_FLAGS_DEBUG} /INCREMENTAL:NO /OPT:NOREF /OPT:NOICF")
+  set(CMAKE_SHARED_LINKER_FLAGS_DEBUG  "${CMAKE_SHARED_LINKER_FLAGS_DEBUG} /INCREMENTAL:NO /OPT:NOREF /OPT:NOICF")
+endif()
+
+if(NOT BUILD_SHARED_LIBS AND BUILD_WITH_STATIC_CRT)
+  foreach(flag_var
+          CMAKE_C_FLAGS CMAKE_C_FLAGS_DEBUG CMAKE_C_FLAGS_RELEASE
+          CMAKE_C_FLAGS_MINSIZEREL CMAKE_C_FLAGS_RELWITHDEBINFO
+          CMAKE_CXX_FLAGS CMAKE_CXX_FLAGS_DEBUG CMAKE_CXX_FLAGS_RELEASE
+          CMAKE_CXX_FLAGS_MINSIZEREL CMAKE_CXX_FLAGS_RELWITHDEBINFO)
+    if(${flag_var} MATCHES "/MD")
+      string(REGEX REPLACE "/MD" "/MT" ${flag_var} "${${flag_var}}")
+    endif()
+    if(${flag_var} MATCHES "/MDd")
+      string(REGEX REPLACE "/MDd" "/MTd" ${flag_var} "${${flag_var}}")
+    endif()
+  endforeach(flag_var)
+
+  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /NODEFAULTLIB:atlthunk.lib /NODEFAULTLIB:msvcrt.lib /NODEFAULTLIB:msvcrtd.lib")
+  set(CMAKE_EXE_LINKER_FLAGS_DEBUG "${CMAKE_EXE_LINKER_FLAGS_DEBUG} /NODEFAULTLIB:libcmt.lib")
+  set(CMAKE_EXE_LINKER_FLAGS_RELEASE "${CMAKE_EXE_LINKER_FLAGS_RELEASE} /NODEFAULTLIB:libcmtd.lib")
+else()
+  foreach(flag_var
+          CMAKE_C_FLAGS CMAKE_C_FLAGS_DEBUG CMAKE_C_FLAGS_RELEASE
+          CMAKE_C_FLAGS_MINSIZEREL CMAKE_C_FLAGS_RELWITHDEBINFO
+          CMAKE_CXX_FLAGS CMAKE_CXX_FLAGS_DEBUG CMAKE_CXX_FLAGS_RELEASE
+          CMAKE_CXX_FLAGS_MINSIZEREL CMAKE_CXX_FLAGS_RELWITHDEBINFO)
+    if(${flag_var} MATCHES "/MT")
+      string(REGEX REPLACE "/MT" "/MD" ${flag_var} "${${flag_var}}")
+    endif()
+    if(${flag_var} MATCHES "/MTd")
+      string(REGEX REPLACE "/MTd" "/MDd" ${flag_var} "${${flag_var}}")
+    endif()
+  endforeach(flag_var)
+endif()
+
+if(CMAKE_VERSION VERSION_GREATER "2.8.6")
+  include(ProcessorCount)
+  ProcessorCount(N)
+  if(NOT N EQUAL 0)
+    SET(CMAKE_C_FLAGS   "${CMAKE_C_FLAGS}   /MP${N} ")
+    SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /MP${N} ")
+  endif()
+endif()
+
+if(NOT BUILD_WITH_DEBUG_INFO AND NOT MSVC)
+  string(REPLACE "/debug" "" CMAKE_EXE_LINKER_FLAGS_DEBUG "${CMAKE_EXE_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/DEBUG" "" CMAKE_EXE_LINKER_FLAGS_DEBUG "${CMAKE_EXE_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/INCREMENTAL:YES" "/INCREMENTAL:NO" CMAKE_EXE_LINKER_FLAGS_DEBUG "${CMAKE_EXE_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/INCREMENTAL " "/INCREMENTAL:NO " CMAKE_EXE_LINKER_FLAGS_DEBUG "${CMAKE_EXE_LINKER_FLAGS_DEBUG}")
+
+  string(REPLACE "/debug" "" CMAKE_MODULE_LINKER_FLAGS_DEBUG "${CMAKE_MODULE_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/DEBUG" "" CMAKE_MODULE_LINKER_FLAGS_DEBUG "${CMAKE_MODULE_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/INCREMENTAL:YES" "/INCREMENTAL:NO" CMAKE_MODULE_LINKER_FLAGS_DEBUG "${CMAKE_MODULE_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/INCREMENTAL " "/INCREMENTAL:NO " CMAKE_MODULE_LINKER_FLAGS_DEBUG "${CMAKE_MODULE_LINKER_FLAGS_DEBUG}")
+
+  string(REPLACE "/debug" "" CMAKE_SHARED_LINKER_FLAGS_DEBUG "${CMAKE_SHARED_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/DEBUG" "" CMAKE_SHARED_LINKER_FLAGS_DEBUG "${CMAKE_SHARED_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/INCREMENTAL:YES" "/INCREMENTAL:NO" CMAKE_SHARED_LINKER_FLAGS_DEBUG "${CMAKE_SHARED_LINKER_FLAGS_DEBUG}")
+  string(REPLACE "/INCREMENTAL " "/INCREMENTAL:NO " CMAKE_SHARED_LINKER_FLAGS_DEBUG "${CMAKE_SHARED_LINKER_FLAGS_DEBUG}")
+
+  string(REPLACE "/Zi" "" CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG}")
+  string(REPLACE "/Zi" "" CMAKE_CXX_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG}")
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVCompilerOptions.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVCompilerOptions.cmake
new file mode 100644
index 000000000..6c235ebfb
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVCompilerOptions.cmake
@@ -0,0 +1,349 @@
+if(MINGW OR (X86 AND UNIX AND NOT APPLE))
+  # mingw compiler is known to produce unstable SSE code with -O3 hence we are trying to use -O2 instead
+  if(CMAKE_COMPILER_IS_GNUCXX)
+    foreach(flags CMAKE_CXX_FLAGS CMAKE_CXX_FLAGS_RELEASE CMAKE_CXX_FLAGS_DEBUG)
+      string(REPLACE "-O3" "-O2" ${flags} "${${flags}}")
+    endforeach()
+  endif()
+
+  if(CMAKE_COMPILER_IS_GNUCC)
+    foreach(flags CMAKE_C_FLAGS CMAKE_C_FLAGS_RELEASE CMAKE_C_FLAGS_DEBUG)
+      string(REPLACE "-O3" "-O2" ${flags} "${${flags}}")
+    endforeach()
+  endif()
+endif()
+
+if(MSVC)
+  string(REGEX REPLACE "^  *| * $" "" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
+  string(REGEX REPLACE "^  *| * $" "" CMAKE_CXX_FLAGS_INIT "${CMAKE_CXX_FLAGS_INIT}")
+  if(CMAKE_CXX_FLAGS STREQUAL CMAKE_CXX_FLAGS_INIT)
+    # override cmake default exception handling option
+    string(REPLACE "/EHsc" "/EHa" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}"  CACHE STRING "Flags used by the compiler during all build types." FORCE)
+  endif()
+endif()
+
+set(OPENCV_EXTRA_FLAGS "")
+set(OPENCV_EXTRA_C_FLAGS "")
+set(OPENCV_EXTRA_CXX_FLAGS "")
+set(OPENCV_EXTRA_FLAGS_RELEASE "")
+set(OPENCV_EXTRA_FLAGS_DEBUG "")
+set(OPENCV_EXTRA_EXE_LINKER_FLAGS "")
+set(OPENCV_EXTRA_EXE_LINKER_FLAGS_RELEASE "")
+set(OPENCV_EXTRA_EXE_LINKER_FLAGS_DEBUG "")
+
+macro(add_extra_compiler_option option)
+  if(CMAKE_BUILD_TYPE)
+    set(CMAKE_TRY_COMPILE_CONFIGURATION ${CMAKE_BUILD_TYPE})
+  endif()
+  ocv_check_flag_support(CXX "${option}" _varname "${OPENCV_EXTRA_CXX_FLAGS} ${ARGN}")
+  if(${_varname})
+    set(OPENCV_EXTRA_CXX_FLAGS "${OPENCV_EXTRA_CXX_FLAGS} ${option}")
+  endif()
+
+  ocv_check_flag_support(C "${option}" _varname "${OPENCV_EXTRA_C_FLAGS} ${ARGN}")
+  if(${_varname})
+    set(OPENCV_EXTRA_C_FLAGS "${OPENCV_EXTRA_C_FLAGS} ${option}")
+  endif()
+endmacro()
+
+# OpenCV fails some tests when 'char' is 'unsigned' by default
+add_extra_compiler_option(-fsigned-char)
+
+if(MINGW)
+  # http://gcc.gnu.org/bugzilla/show_bug.cgi?id=40838
+  # here we are trying to workaround the problem
+  add_extra_compiler_option(-mstackrealign)
+  if(NOT HAVE_CXX_MSTACKREALIGN)
+    add_extra_compiler_option(-mpreferred-stack-boundary=2)
+  endif()
+endif()
+
+if(CMAKE_COMPILER_IS_GNUCXX)
+  # High level of warnings.
+  add_extra_compiler_option(-W)
+  add_extra_compiler_option(-Wall)
+  add_extra_compiler_option(-Werror=return-type)
+  add_extra_compiler_option(-Werror=non-virtual-dtor)
+  add_extra_compiler_option(-Werror=address)
+  add_extra_compiler_option(-Werror=sequence-point)
+  add_extra_compiler_option(-Wformat)
+  add_extra_compiler_option(-Werror=format-security -Wformat)
+  add_extra_compiler_option(-Wmissing-declarations)
+  add_extra_compiler_option(-Wmissing-prototypes)
+  add_extra_compiler_option(-Wstrict-prototypes)
+  add_extra_compiler_option(-Wundef)
+  add_extra_compiler_option(-Winit-self)
+  add_extra_compiler_option(-Wpointer-arith)
+  add_extra_compiler_option(-Wshadow)
+  add_extra_compiler_option(-Wsign-promo)
+
+  if(ENABLE_NOISY_WARNINGS)
+    add_extra_compiler_option(-Wcast-align)
+    add_extra_compiler_option(-Wstrict-aliasing=2)
+  else()
+    add_extra_compiler_option(-Wno-narrowing)
+    add_extra_compiler_option(-Wno-delete-non-virtual-dtor)
+    add_extra_compiler_option(-Wno-unnamed-type-template-args)
+  endif()
+  add_extra_compiler_option(-fdiagnostics-show-option)
+
+  # The -Wno-long-long is required in 64bit systems when including sytem headers.
+  if(X86_64)
+    add_extra_compiler_option(-Wno-long-long)
+  endif()
+
+  # We need pthread's
+  if(UNIX AND NOT ANDROID AND NOT (APPLE AND CMAKE_COMPILER_IS_CLANGCXX))
+    add_extra_compiler_option(-pthread)
+  endif()
+
+  if(CMAKE_COMPILER_IS_CLANGCXX)
+    add_extra_compiler_option(-Qunused-arguments)
+  endif()
+
+  if(OPENCV_WARNINGS_ARE_ERRORS)
+    add_extra_compiler_option(-Werror)
+  endif()
+
+  if(X86 AND NOT MINGW64 AND NOT X86_64 AND NOT APPLE)
+    add_extra_compiler_option(-march=i686)
+  endif()
+
+  if(APPLE)
+    add_extra_compiler_option(-Wno-semicolon-before-method-body)
+  endif()
+
+  # Other optimizations
+  if(ENABLE_OMIT_FRAME_POINTER)
+    add_extra_compiler_option(-fomit-frame-pointer)
+  else()
+    add_extra_compiler_option(-fno-omit-frame-pointer)
+  endif()
+  if(ENABLE_FAST_MATH)
+    add_extra_compiler_option(-ffast-math)
+  endif()
+  if(ENABLE_POWERPC)
+    add_extra_compiler_option("-mcpu=G3 -mtune=G5")
+  endif()
+  if(ENABLE_SSE)
+    add_extra_compiler_option(-msse)
+  endif()
+  if(ENABLE_SSE2)
+    add_extra_compiler_option(-msse2)
+  elseif(X86 OR X86_64)
+    add_extra_compiler_option(-mno-sse2)
+  endif()
+  if(ENABLE_NEON)
+    add_extra_compiler_option("-mfpu=neon")
+  endif()
+  if(ENABLE_VFPV3 AND NOT ENABLE_NEON)
+    add_extra_compiler_option("-mfpu=vfpv3")
+  endif()
+
+  # SSE3 and further should be disabled under MingW because it generates compiler errors
+  if(NOT MINGW)
+    if(ENABLE_AVX)
+      add_extra_compiler_option(-mavx)
+    elseif(X86 OR X86_64)
+      add_extra_compiler_option(-mno-avx)
+    endif()
+    if(ENABLE_AVX2)
+      add_extra_compiler_option(-mavx2)
+
+      if(ENABLE_FMA3)
+        add_extra_compiler_option(-mfma)
+      endif()
+    endif()
+
+    # GCC depresses SSEx instructions when -mavx is used. Instead, it generates new AVX instructions or AVX equivalence for all SSEx instructions when needed.
+    if(NOT OPENCV_EXTRA_CXX_FLAGS MATCHES "-mavx")
+      if(ENABLE_SSE3)
+        add_extra_compiler_option(-msse3)
+      elseif(X86 OR X86_64)
+        add_extra_compiler_option(-mno-sse3)
+      endif()
+
+      if(ENABLE_SSSE3)
+        add_extra_compiler_option(-mssse3)
+      elseif(X86 OR X86_64)
+        add_extra_compiler_option(-mno-ssse3)
+      endif()
+
+      if(ENABLE_SSE41)
+        add_extra_compiler_option(-msse4.1)
+      elseif(X86 OR X86_64)
+        add_extra_compiler_option(-mno-sse4.1)
+      endif()
+
+      if(ENABLE_SSE42)
+        add_extra_compiler_option(-msse4.2)
+      elseif(X86 OR X86_64)
+        add_extra_compiler_option(-mno-sse4.2)
+      endif()
+
+      if(ENABLE_POPCNT)
+        add_extra_compiler_option(-mpopcnt)
+      endif()
+    endif()
+  endif(NOT MINGW)
+
+  if(X86 OR X86_64)
+    if(NOT APPLE AND CMAKE_SIZEOF_VOID_P EQUAL 4)
+      if(OPENCV_EXTRA_CXX_FLAGS MATCHES "-m(sse2|avx)")
+        add_extra_compiler_option(-mfpmath=sse)# !! important - be on the same wave with x64 compilers
+      else()
+        add_extra_compiler_option(-mfpmath=387)
+      endif()
+    endif()
+  endif()
+
+  # Profiling?
+  if(ENABLE_PROFILING)
+    add_extra_compiler_option("-pg -g")
+    # turn off incompatible options
+    foreach(flags CMAKE_CXX_FLAGS CMAKE_C_FLAGS CMAKE_CXX_FLAGS_RELEASE CMAKE_C_FLAGS_RELEASE CMAKE_CXX_FLAGS_DEBUG CMAKE_C_FLAGS_DEBUG
+                  OPENCV_EXTRA_FLAGS_RELEASE OPENCV_EXTRA_FLAGS_DEBUG OPENCV_EXTRA_C_FLAGS OPENCV_EXTRA_CXX_FLAGS)
+      string(REPLACE "-fomit-frame-pointer" "" ${flags} "${${flags}}")
+      string(REPLACE "-ffunction-sections" "" ${flags} "${${flags}}")
+    endforeach()
+  elseif(NOT APPLE AND NOT ANDROID)
+    # Remove unreferenced functions: function level linking
+    add_extra_compiler_option(-ffunction-sections)
+  endif()
+
+  if(ENABLE_COVERAGE)
+    set(OPENCV_EXTRA_C_FLAGS "${OPENCV_EXTRA_C_FLAGS} --coverage")
+    set(OPENCV_EXTRA_CXX_FLAGS "${OPENCV_EXTRA_CXX_FLAGS} --coverage")
+  endif()
+
+  set(OPENCV_EXTRA_FLAGS_RELEASE "${OPENCV_EXTRA_FLAGS_RELEASE} -DNDEBUG")
+  set(OPENCV_EXTRA_FLAGS_DEBUG "${OPENCV_EXTRA_FLAGS_DEBUG} -O0 -DDEBUG -D_DEBUG")
+endif()
+
+if(MSVC)
+  set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _SCL_SECURE_NO_WARNINGS")
+  # 64-bit portability warnings, in MSVC80
+  if(MSVC80)
+    set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /Wp64")
+  endif()
+
+  if(BUILD_WITH_DEBUG_INFO)
+    set(OPENCV_EXTRA_EXE_LINKER_FLAGS_RELEASE "${OPENCV_EXTRA_EXE_LINKER_FLAGS_RELEASE} /debug")
+  endif()
+
+  # Remove unreferenced functions: function level linking
+  set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /Gy")
+  if(NOT MSVC_VERSION LESS 1400)
+    set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /bigobj")
+  endif()
+  if(BUILD_WITH_DEBUG_INFO)
+    set(OPENCV_EXTRA_FLAGS_RELEASE "${OPENCV_EXTRA_FLAGS_RELEASE} /Zi")
+  endif()
+
+  if(ENABLE_AVX2 AND NOT MSVC_VERSION LESS 1800)
+    set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /arch:AVX2")
+  endif()
+  if(ENABLE_AVX AND NOT MSVC_VERSION LESS 1600 AND NOT OPENCV_EXTRA_FLAGS MATCHES "/arch:")
+    set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /arch:AVX")
+  endif()
+
+  if(ENABLE_SSE4_1 AND CV_ICC AND NOT OPENCV_EXTRA_FLAGS MATCHES "/arch:")
+    set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /arch:SSE4.1")
+  endif()
+
+  if(ENABLE_SSE3 AND CV_ICC AND NOT OPENCV_EXTRA_FLAGS MATCHES "/arch:")
+    set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /arch:SSE3")
+  endif()
+
+  if(NOT MSVC64)
+    # 64-bit MSVC compiler uses SSE/SSE2 by default
+    if(ENABLE_SSE2 AND NOT OPENCV_EXTRA_FLAGS MATCHES "/arch:")
+      set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /arch:SSE2")
+    endif()
+    if(ENABLE_SSE AND NOT OPENCV_EXTRA_FLAGS MATCHES "/arch:")
+      set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /arch:SSE")
+    endif()
+  endif()
+
+  if(ENABLE_SSE OR ENABLE_SSE2 OR ENABLE_SSE3 OR ENABLE_SSE4_1 OR ENABLE_AVX OR ENABLE_AVX2)
+    set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /Oi")
+  endif()
+
+  if(X86 OR X86_64)
+    if(CMAKE_SIZEOF_VOID_P EQUAL 4 AND ENABLE_SSE2)
+      set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /fp:fast") # !! important - be on the same wave with x64 compilers
+    endif()
+  endif()
+
+  if(OPENCV_WARNINGS_ARE_ERRORS)
+    set(OPENCV_EXTRA_FLAGS "${OPENCV_EXTRA_FLAGS} /WX")
+  endif()
+endif()
+
+if(MSVC12 AND NOT CMAKE_GENERATOR MATCHES "Visual Studio")
+  set(OPENCV_EXTRA_C_FLAGS "${OPENCV_EXTRA_C_FLAGS} /FS")
+  set(OPENCV_EXTRA_CXX_FLAGS "${OPENCV_EXTRA_CXX_FLAGS} /FS")
+endif()
+
+# Extra link libs if the user selects building static libs:
+if(NOT BUILD_SHARED_LIBS AND CMAKE_COMPILER_IS_GNUCXX AND NOT ANDROID)
+  # Android does not need these settings because they are already set by toolchain file
+  set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} stdc++)
+  set(OPENCV_EXTRA_FLAGS "-fPIC ${OPENCV_EXTRA_FLAGS}")
+endif()
+
+# Add user supplied extra options (optimization, etc...)
+# ==========================================================
+set(OPENCV_EXTRA_FLAGS         "${OPENCV_EXTRA_FLAGS}"         CACHE INTERNAL "Extra compiler options")
+set(OPENCV_EXTRA_C_FLAGS       "${OPENCV_EXTRA_C_FLAGS}"       CACHE INTERNAL "Extra compiler options for C sources")
+set(OPENCV_EXTRA_CXX_FLAGS     "${OPENCV_EXTRA_CXX_FLAGS}"     CACHE INTERNAL "Extra compiler options for C++ sources")
+set(OPENCV_EXTRA_FLAGS_RELEASE "${OPENCV_EXTRA_FLAGS_RELEASE}" CACHE INTERNAL "Extra compiler options for Release build")
+set(OPENCV_EXTRA_FLAGS_DEBUG   "${OPENCV_EXTRA_FLAGS_DEBUG}"   CACHE INTERNAL "Extra compiler options for Debug build")
+set(OPENCV_EXTRA_EXE_LINKER_FLAGS         "${OPENCV_EXTRA_EXE_LINKER_FLAGS}"         CACHE INTERNAL "Extra linker flags")
+set(OPENCV_EXTRA_EXE_LINKER_FLAGS_RELEASE "${OPENCV_EXTRA_EXE_LINKER_FLAGS_RELEASE}" CACHE INTERNAL "Extra linker flags for Release build")
+set(OPENCV_EXTRA_EXE_LINKER_FLAGS_DEBUG   "${OPENCV_EXTRA_EXE_LINKER_FLAGS_DEBUG}"   CACHE INTERNAL "Extra linker flags for Debug build")
+
+# set default visibility to hidden
+if(CMAKE_COMPILER_IS_GNUCXX AND CMAKE_OPENCV_GCC_VERSION_NUM GREATER 399)
+  add_extra_compiler_option(-fvisibility=hidden)
+  add_extra_compiler_option(-fvisibility-inlines-hidden)
+endif()
+
+#combine all "extra" options
+set(CMAKE_C_FLAGS           "${CMAKE_C_FLAGS} ${OPENCV_EXTRA_FLAGS} ${OPENCV_EXTRA_C_FLAGS}")
+set(CMAKE_CXX_FLAGS         "${CMAKE_CXX_FLAGS} ${OPENCV_EXTRA_FLAGS} ${OPENCV_EXTRA_CXX_FLAGS}")
+set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} ${OPENCV_EXTRA_FLAGS_RELEASE}")
+set(CMAKE_C_FLAGS_RELEASE   "${CMAKE_C_FLAGS_RELEASE} ${OPENCV_EXTRA_FLAGS_RELEASE}")
+set(CMAKE_CXX_FLAGS_DEBUG   "${CMAKE_CXX_FLAGS_DEBUG} ${OPENCV_EXTRA_FLAGS_DEBUG}")
+set(CMAKE_C_FLAGS_DEBUG     "${CMAKE_C_FLAGS_DEBUG} ${OPENCV_EXTRA_FLAGS_DEBUG}")
+set(CMAKE_EXE_LINKER_FLAGS         "${CMAKE_EXE_LINKER_FLAGS} ${OPENCV_EXTRA_EXE_LINKER_FLAGS}")
+set(CMAKE_EXE_LINKER_FLAGS_RELEASE "${CMAKE_EXE_LINKER_FLAGS_RELEASE} ${OPENCV_EXTRA_EXE_LINKER_FLAGS_RELEASE}")
+set(CMAKE_EXE_LINKER_FLAGS_DEBUG   "${CMAKE_EXE_LINKER_FLAGS_DEBUG} ${OPENCV_EXTRA_EXE_LINKER_FLAGS_DEBUG}")
+
+if(MSVC)
+  # avoid warnings from MSVC about overriding the /W* option
+  # we replace /W3 with /W4 only for C++ files,
+  # since all the 3rd-party libraries OpenCV uses are in C,
+  # and we do not care about their warnings.
+  string(REPLACE "/W3" "/W4" CMAKE_CXX_FLAGS         "${CMAKE_CXX_FLAGS}")
+  string(REPLACE "/W3" "/W4" CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE}")
+  string(REPLACE "/W3" "/W4" CMAKE_CXX_FLAGS_DEBUG   "${CMAKE_CXX_FLAGS_DEBUG}")
+
+  if(NOT ENABLE_NOISY_WARNINGS AND MSVC_VERSION EQUAL 1400)
+    ocv_warnings_disable(CMAKE_CXX_FLAGS /wd4510 /wd4610 /wd4312 /wd4201 /wd4244 /wd4328 /wd4267)
+  endif()
+
+  # allow extern "C" functions throw exceptions
+  foreach(flags CMAKE_C_FLAGS CMAKE_C_FLAGS_RELEASE CMAKE_C_FLAGS_RELEASE CMAKE_CXX_FLAGS CMAKE_CXX_FLAGS_RELEASE CMAKE_CXX_FLAGS_DEBUG)
+    string(REPLACE "/EHsc-" "/EHs" ${flags} "${${flags}}")
+    string(REPLACE "/EHsc"  "/EHs" ${flags} "${${flags}}")
+
+    string(REPLACE "/Zm1000" "" ${flags} "${${flags}}")
+  endforeach()
+
+  if(NOT ENABLE_NOISY_WARNINGS)
+    ocv_warnings_disable(CMAKE_CXX_FLAGS /wd4251) # class 'std::XXX' needs to have dll-interface to be used by clients of YYY
+    ocv_warnings_disable(CMAKE_CXX_FLAGS /wd4324) # 'struct_name' : structure was padded due to __declspec(align())
+  endif()
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVConfig.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVConfig.cmake
new file mode 100644
index 000000000..83bcb39fe
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVConfig.cmake
@@ -0,0 +1,173 @@
+# ===================================================================================
+#  The OpenCV CMake configuration file
+#
+#             ** File generated automatically, do not modify **
+#
+#  Usage from an external project:
+#    In your CMakeLists.txt, add these lines:
+#
+#    FIND_PACKAGE(OpenCV REQUIRED)
+#    TARGET_LINK_LIBRARIES(MY_TARGET_NAME ${OpenCV_LIBS})
+#
+#    Or you can search for specific OpenCV modules:
+#
+#    FIND_PACKAGE(OpenCV REQUIRED core imgcodecs)
+#
+#    If the module is found then OPENCV_<MODULE>_FOUND is set to TRUE.
+#
+#    This file will define the following variables:
+#      - OpenCV_LIBS                     : The list of libraries to link against.
+#      - OpenCV_LIB_DIR                  : The directory(es) where lib files are. Calling LINK_DIRECTORIES
+#                                          with this path is NOT needed.
+#      - OpenCV_INCLUDE_DIRS             : The OpenCV include directories.
+#      - OpenCV_COMPUTE_CAPABILITIES     : The version of compute capability
+#      - OpenCV_ANDROID_NATIVE_API_LEVEL : Minimum required level of Android API
+#      - OpenCV_VERSION                  : The version of this OpenCV build. Example: "2.4.0"
+#      - OpenCV_VERSION_MAJOR            : Major version part of OpenCV_VERSION. Example: "2"
+#      - OpenCV_VERSION_MINOR            : Minor version part of OpenCV_VERSION. Example: "4"
+#      - OpenCV_VERSION_PATCH            : Patch version part of OpenCV_VERSION. Example: "0"
+#
+#    Advanced variables:
+#      - OpenCV_SHARED
+#      - OpenCV_CONFIG_PATH
+#      - OpenCV_LIB_COMPONENTS
+#
+# ===================================================================================
+#
+#    Windows pack specific options:
+#      - OpenCV_STATIC
+#      - OpenCV_CUDA
+
+if(CMAKE_VERSION VERSION_GREATER 2.6)
+  get_property(OpenCV_LANGUAGES GLOBAL PROPERTY ENABLED_LANGUAGES)
+  if(NOT ";${OpenCV_LANGUAGES};" MATCHES ";CXX;")
+    enable_language(CXX)
+  endif()
+endif()
+
+if(NOT DEFINED OpenCV_STATIC)
+  # look for global setting
+  if(BUILD_SHARED_LIBS)
+    set(OpenCV_STATIC OFF)
+  else()
+    set(OpenCV_STATIC ON)
+  endif()
+endif()
+
+if(NOT DEFINED OpenCV_CUDA)
+  # if user' app uses CUDA, then it probably wants CUDA-enabled OpenCV binaries
+  if(CUDA_FOUND)
+    set(OpenCV_CUDA ON)
+  endif()
+endif()
+
+if(MSVC)
+  if(CMAKE_CL_64)
+    set(OpenCV_ARCH x64)
+    set(OpenCV_TBB_ARCH intel64)
+  elseif((CMAKE_GENERATOR MATCHES "ARM") OR ("${arch_hint}" STREQUAL "ARM") OR (CMAKE_VS_EFFECTIVE_PLATFORMS MATCHES "ARM|arm"))
+    # see Modules/CmakeGenericSystem.cmake
+    set(OpenCV_ARCH ARM)
+  else()
+    set(OpenCV_ARCH x86)
+    set(OpenCV_TBB_ARCH ia32)
+  endif()
+  if(MSVC_VERSION EQUAL 1400)
+    set(OpenCV_RUNTIME vc8)
+  elseif(MSVC_VERSION EQUAL 1500)
+    set(OpenCV_RUNTIME vc9)
+  elseif(MSVC_VERSION EQUAL 1600)
+    set(OpenCV_RUNTIME vc10)
+  elseif(MSVC_VERSION EQUAL 1700)
+    set(OpenCV_RUNTIME vc11)
+  elseif(MSVC_VERSION EQUAL 1800)
+    set(OpenCV_RUNTIME vc12)
+  elseif(MSVC_VERSION EQUAL 1900)
+    set(OpenCV_RUNTIME vc14)
+  endif()
+elseif(MINGW)
+  set(OpenCV_RUNTIME mingw)
+
+  execute_process(COMMAND ${CMAKE_CXX_COMPILER} -dumpmachine
+                  OUTPUT_VARIABLE OPENCV_GCC_TARGET_MACHINE
+                  OUTPUT_STRIP_TRAILING_WHITESPACE)
+  if(OPENCV_GCC_TARGET_MACHINE MATCHES "amd64|x86_64|AMD64")
+    set(MINGW64 1)
+    set(OpenCV_ARCH x64)
+  else()
+    set(OpenCV_ARCH x86)
+  endif()
+endif()
+
+if(CMAKE_VERSION VERSION_GREATER 2.6.2)
+  unset(OpenCV_CONFIG_PATH CACHE)
+endif()
+
+if(NOT OpenCV_FIND_QUIETLY)
+  message(STATUS "OpenCV ARCH: ${OpenCV_ARCH}")
+  message(STATUS "OpenCV RUNTIME: ${OpenCV_RUNTIME}")
+  message(STATUS "OpenCV STATIC: ${OpenCV_STATIC}")
+endif()
+
+get_filename_component(OpenCV_CONFIG_PATH "${CMAKE_CURRENT_LIST_FILE}" PATH CACHE)
+if(OpenCV_RUNTIME AND OpenCV_ARCH)
+  if(OpenCV_STATIC AND EXISTS "${OpenCV_CONFIG_PATH}/${OpenCV_ARCH}/${OpenCV_RUNTIME}/staticlib/OpenCVConfig.cmake")
+    if(OpenCV_CUDA AND EXISTS "${OpenCV_CONFIG_PATH}/gpu/${OpenCV_ARCH}/${OpenCV_RUNTIME}/staticlib/OpenCVConfig.cmake")
+      set(OpenCV_LIB_PATH "${OpenCV_CONFIG_PATH}/gpu/${OpenCV_ARCH}/${OpenCV_RUNTIME}/staticlib")
+    else()
+      set(OpenCV_LIB_PATH "${OpenCV_CONFIG_PATH}/${OpenCV_ARCH}/${OpenCV_RUNTIME}/staticlib")
+    endif()
+  elseif(EXISTS "${OpenCV_CONFIG_PATH}/${OpenCV_ARCH}/${OpenCV_RUNTIME}/lib/OpenCVConfig.cmake")
+    if(OpenCV_CUDA AND EXISTS "${OpenCV_CONFIG_PATH}/gpu/${OpenCV_ARCH}/${OpenCV_RUNTIME}/lib/OpenCVConfig.cmake")
+      set(OpenCV_LIB_PATH "${OpenCV_CONFIG_PATH}/gpu/${OpenCV_ARCH}/${OpenCV_RUNTIME}/lib")
+    else()
+      set(OpenCV_LIB_PATH "${OpenCV_CONFIG_PATH}/${OpenCV_ARCH}/${OpenCV_RUNTIME}/lib")
+    endif()
+  endif()
+endif()
+
+if(OpenCV_LIB_PATH AND EXISTS "${OpenCV_LIB_PATH}/OpenCVConfig.cmake")
+  set(OpenCV_LIB_DIR_OPT "${OpenCV_LIB_PATH}" CACHE PATH "Path where release OpenCV libraries are located" FORCE)
+  set(OpenCV_LIB_DIR_DBG "${OpenCV_LIB_PATH}" CACHE PATH "Path where debug OpenCV libraries are located" FORCE)
+  set(OpenCV_3RDPARTY_LIB_DIR_OPT "${OpenCV_LIB_PATH}" CACHE PATH "Path where release 3rdparty OpenCV dependencies are located" FORCE)
+  set(OpenCV_3RDPARTY_LIB_DIR_DBG "${OpenCV_LIB_PATH}" CACHE PATH "Path where debug 3rdparty OpenCV dependencies are located" FORCE)
+
+  include("${OpenCV_LIB_PATH}/OpenCVConfig.cmake")
+
+  if(OpenCV_CUDA)
+    set(_OpenCV_LIBS "")
+    foreach(_lib ${OpenCV_LIBS})
+      string(REPLACE "${OpenCV_CONFIG_PATH}/gpu/${OpenCV_ARCH}/${OpenCV_RUNTIME}" "${OpenCV_CONFIG_PATH}/${OpenCV_ARCH}/${OpenCV_RUNTIME}" _lib2 "${_lib}")
+      if(NOT EXISTS "${_lib}" AND EXISTS "${_lib2}")
+        list(APPEND _OpenCV_LIBS "${_lib2}")
+      else()
+        list(APPEND _OpenCV_LIBS "${_lib}")
+      endif()
+    endforeach()
+    set(OpenCV_LIBS ${_OpenCV_LIBS})
+  endif()
+  set(OpenCV_FOUND TRUE CACHE BOOL "" FORCE)
+  set(OPENCV_FOUND TRUE CACHE BOOL "" FORCE)
+
+  if(NOT OpenCV_FIND_QUIETLY)
+    message(STATUS "Found OpenCV ${OpenCV_VERSION} in ${OpenCV_LIB_PATH}")
+    if(NOT OpenCV_LIB_PATH MATCHES "/staticlib")
+      get_filename_component(_OpenCV_LIB_PATH "${OpenCV_LIB_PATH}/../bin" ABSOLUTE)
+      file(TO_NATIVE_PATH "${_OpenCV_LIB_PATH}" _OpenCV_LIB_PATH)
+      message(STATUS "You might need to add ${_OpenCV_LIB_PATH} to your PATH to be able to run your applications.")
+      if(OpenCV_LIB_PATH MATCHES "/gpu/")
+        string(REPLACE "\\gpu" "" _OpenCV_LIB_PATH2 "${_OpenCV_LIB_PATH}")
+        message(STATUS "GPU support is enabled so you might also need ${_OpenCV_LIB_PATH2} in your PATH (it must go after the ${_OpenCV_LIB_PATH}).")
+      endif()
+    endif()
+  endif()
+else()
+  if(NOT OpenCV_FIND_QUIETLY)
+    message(WARNING
+"Found OpenCV Windows Pack but it has no binaries compatible with your configuration.
+You should manually point CMake variable OpenCV_DIR to your build of OpenCV library."
+    )
+  endif()
+  set(OpenCV_FOUND FALSE CACHE BOOL "" FORCE)
+  set(OPENCV_FOUND FALSE CACHE BOOL "" FORCE)
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectAndroidSDK.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectAndroidSDK.cmake
new file mode 100644
index 000000000..3bfb10e2d
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectAndroidSDK.cmake
@@ -0,0 +1,385 @@
+if(EXISTS "${ANDROID_EXECUTABLE}")
+  set(ANDROID_SDK_DETECT_QUIET TRUE)
+endif()
+
+file(TO_CMAKE_PATH "$ENV{ProgramFiles}" ProgramFiles_ENV_PATH)
+file(TO_CMAKE_PATH "$ENV{HOME}" HOME_ENV_PATH)
+
+if(CMAKE_HOST_WIN32)
+  set(ANDROID_SDK_OS windows)
+elseif(CMAKE_HOST_APPLE)
+  set(ANDROID_SDK_OS macosx)
+else()
+  set(ANDROID_SDK_OS linux)
+endif()
+
+#find android SDK: search in ANDROID_SDK first
+find_host_program(ANDROID_EXECUTABLE
+  NAMES android.bat android
+  PATH_SUFFIXES tools
+  PATHS
+    ENV ANDROID_SDK
+  DOC "Android SDK location"
+  NO_DEFAULT_PATH
+  )
+
+# Now search default paths
+find_host_program(ANDROID_EXECUTABLE
+  NAMES android.bat android
+  PATH_SUFFIXES android-sdk-${ANDROID_SDK_OS}/tools
+                android-sdk-${ANDROID_SDK_OS}_x86/tools
+                android-sdk-${ANDROID_SDK_OS}_86/tools
+                android-sdk/tools
+  PATHS /opt
+        "${HOME_ENV_PATH}/NVPACK"
+        "$ENV{SystemDrive}/NVPACK"
+        "${ProgramFiles_ENV_PATH}/Android"
+  DOC "Android SDK location"
+  )
+
+if(ANDROID_EXECUTABLE)
+  if(NOT ANDROID_SDK_DETECT_QUIET)
+    message(STATUS "Found android tool: ${ANDROID_EXECUTABLE}")
+  endif()
+
+  get_filename_component(ANDROID_SDK_TOOLS_PATH "${ANDROID_EXECUTABLE}" PATH)
+
+  #read source.properties
+  if(EXISTS "${ANDROID_SDK_TOOLS_PATH}/source.properties")
+    file(STRINGS "${ANDROID_SDK_TOOLS_PATH}/source.properties" ANDROID_SDK_TOOLS_SOURCE_PROPERTIES_LINES REGEX "^[ ]*[^#].*$")
+    foreach(line ${ANDROID_SDK_TOOLS_SOURCE_PROPERTIES_LINES})
+      string(REPLACE "\\:" ":" line ${line})
+      string(REPLACE "=" ";" line ${line})
+      list(GET line 0 line_name)
+      list(GET line 1 line_value)
+      string(REPLACE "." "_" line_name ${line_name})
+      SET(ANDROID_TOOLS_${line_name} "${line_value}" CACHE INTERNAL "from ${ANDROID_SDK_TOOLS_PATH}/source.properties")
+      MARK_AS_ADVANCED(ANDROID_TOOLS_${line_name})
+    endforeach()
+  endif()
+
+  #fix missing revision (SDK tools before r9 don't set revision number correctly)
+  if(NOT ANDROID_TOOLS_Pkg_Revision)
+    SET(ANDROID_TOOLS_Pkg_Revision "Unknown" CACHE INTERNAL "")
+    MARK_AS_ADVANCED(ANDROID_TOOLS_Pkg_Revision)
+  endif()
+
+  #fix missing description
+  if(NOT ANDROID_TOOLS_Pkg_Desc)
+    SET(ANDROID_TOOLS_Pkg_Desc "Android SDK Tools, revision ${ANDROID_TOOLS_Pkg_Revision}." CACHE INTERNAL "")
+    MARK_AS_ADVANCED(ANDROID_TOOLS_Pkg_Desc)
+  endif()
+
+  #warn about outdated SDK
+  if(NOT ANDROID_TOOLS_Pkg_Revision GREATER 13)
+    SET(ANDROID_TOOLS_Pkg_Desc "${ANDROID_TOOLS_Pkg_Desc} It is recommended to update your SDK tools to revision 14 or newer." CACHE INTERNAL "")
+  endif()
+
+  if(ANDROID_TOOLS_Pkg_Revision GREATER 13)
+    SET(ANDROID_PROJECT_PROPERTIES_FILE project.properties)
+    SET(ANDROID_ANT_PROPERTIES_FILE ant.properties)
+  else()
+    SET(ANDROID_PROJECT_PROPERTIES_FILE default.properties)
+    SET(ANDROID_ANT_PROPERTIES_FILE build.properties)
+  endif()
+
+  set(ANDROID_MANIFEST_FILE AndroidManifest.xml)
+  set(ANDROID_LIB_PROJECT_FILES build.xml local.properties proguard-project.txt ${ANDROID_PROJECT_PROPERTIES_FILE})
+  set(ANDROID_PROJECT_FILES ${ANDROID_LIB_PROJECT_FILES})
+
+  #get installed targets
+  if(ANDROID_TOOLS_Pkg_Revision GREATER 11)
+    execute_process(COMMAND ${ANDROID_EXECUTABLE} list target -c
+      RESULT_VARIABLE ANDROID_PROCESS
+      OUTPUT_VARIABLE ANDROID_SDK_TARGETS
+      ERROR_VARIABLE ANDROID_PROCESS_ERRORS
+      OUTPUT_STRIP_TRAILING_WHITESPACE
+      )
+    string(REGEX MATCHALL "[^\n]+" ANDROID_SDK_TARGETS "${ANDROID_SDK_TARGETS}")
+  else()
+    #old SDKs (r11 and older) don't provide compact list
+    execute_process(COMMAND ${ANDROID_EXECUTABLE} list target
+      RESULT_VARIABLE ANDROID_PROCESS
+      OUTPUT_VARIABLE ANDROID_SDK_TARGETS_FULL
+      ERROR_VARIABLE ANDROID_PROCESS_ERRORS
+      OUTPUT_STRIP_TRAILING_WHITESPACE
+      )
+    string(REGEX MATCHALL "(^|\n)id: [0-9]+ or \"([^\n]+[0-9+])\"(\n|$)" ANDROID_SDK_TARGETS_FULL "${ANDROID_SDK_TARGETS_FULL}")
+
+    SET(ANDROID_SDK_TARGETS "")
+    if(ANDROID_PROCESS EQUAL 0)
+      foreach(line ${ANDROID_SDK_TARGETS_FULL})
+        string(REGEX REPLACE "(^|\n)id: [0-9]+ or \"([^\n]+[0-9+])\"(\n|$)" "\\2" line "${line}")
+        list(APPEND ANDROID_SDK_TARGETS "${line}")
+      endforeach()
+    endif()
+  endif()
+
+  if(NOT ANDROID_PROCESS EQUAL 0)
+    message(ERROR "Failed to get list of installed Android targets.")
+    set(ANDROID_EXECUTABLE "ANDROID_EXECUTABLE-NOTFOUND")
+  endif()
+
+  # clear ANDROID_SDK_TARGET if no target is provided by user
+  if(NOT ANDROID_SDK_TARGET)
+    set(ANDROID_SDK_TARGET "" CACHE STRING "Android SDK target for the OpenCV Java API and samples")
+  endif()
+  if(ANDROID_SDK_TARGETS)
+    set_property( CACHE ANDROID_SDK_TARGET PROPERTY STRINGS ${ANDROID_SDK_TARGETS} )
+  endif()
+endif(ANDROID_EXECUTABLE)
+
+# finds minimal installed SDK target compatible with provided names or API levels
+# usage:
+#   get_compatible_android_api_level(VARIABLE [level1] [level2] ...)
+macro(android_get_compatible_target VAR)
+  set(${VAR} "${VAR}-NOTFOUND")
+  if(ANDROID_SDK_TARGETS)
+    list(GET ANDROID_SDK_TARGETS 0 __lvl)
+    string(REGEX MATCH "[0-9]+$" __lvl "${__lvl}")
+
+    #find minimal level mathing to all provided levels
+    foreach(lvl ${ARGN})
+      string(REGEX MATCH "[0-9]+$" __level "${lvl}")
+      if(__level GREATER __lvl)
+        set(__lvl ${__level})
+      endif()
+    endforeach()
+
+    #search for compatible levels
+    foreach(lvl ${ANDROID_SDK_TARGETS})
+      string(REGEX MATCH "[0-9]+$" __level "${lvl}")
+      if(__level EQUAL __lvl)
+        #look for exact match
+        foreach(usrlvl ${ARGN})
+          if("${usrlvl}" STREQUAL "${lvl}")
+            set(${VAR} "${lvl}")
+            break()
+          endif()
+        endforeach()
+        if("${${VAR}}" STREQUAL "${lvl}")
+          break() #exact match was found
+        elseif(NOT ${VAR})
+          set(${VAR} "${lvl}")
+        endif()
+      elseif(__level GREATER __lvl)
+        if(NOT ${VAR})
+          set(${VAR} "${lvl}")
+        endif()
+        break()
+      endif()
+    endforeach()
+
+    unset(__lvl)
+    unset(__level)
+  endif()
+endmacro()
+
+unset(__android_project_chain CACHE)
+
+# add_android_project(target_name ${path} NATIVE_DEPS opencv_core LIBRARY_DEPS ${OpenCV_BINARY_DIR} SDK_TARGET 11)
+macro(add_android_project target path)
+  # parse arguments
+  set(android_proj_arglist NATIVE_DEPS LIBRARY_DEPS SDK_TARGET IGNORE_JAVA IGNORE_MANIFEST COPY_LIBS)
+  set(__varname "android_proj_")
+  foreach(v ${android_proj_arglist})
+    set(${__varname}${v} "")
+  endforeach()
+  foreach(arg ${ARGN})
+    set(__var "${__varname}")
+    foreach(v ${android_proj_arglist})
+      if("${v}" STREQUAL "${arg}")
+        set(__varname "android_proj_${v}")
+        break()
+      endif()
+    endforeach()
+    if(__var STREQUAL __varname)
+      list(APPEND ${__var} "${arg}")
+    endif()
+  endforeach()
+
+  # get compatible SDK target
+  android_get_compatible_target(android_proj_sdk_target ${ANDROID_NATIVE_API_LEVEL} ${android_proj_SDK_TARGET})
+
+  if(NOT android_proj_sdk_target)
+    message(WARNING "Can not find any SDK target compatible with: ${ANDROID_NATIVE_API_LEVEL} ${android_proj_SDK_TARGET}
+                     The project ${target} will not be build")
+  endif()
+
+  # check native dependencies
+  if(android_proj_IGNORE_JAVA)
+    ocv_check_dependencies(${android_proj_NATIVE_DEPS})
+  else()
+    ocv_check_dependencies(${android_proj_NATIVE_DEPS} opencv_java)
+  endif()
+
+  if(EXISTS "${path}/jni/Android.mk" )
+    # find if native_app_glue is used
+    file(STRINGS "${path}/jni/Android.mk" NATIVE_APP_GLUE REGEX ".*(call import-module,android/native_app_glue)" )
+    if(NATIVE_APP_GLUE)
+      if(ANDROID_NATIVE_API_LEVEL LESS 9 OR NOT EXISTS "${ANDROID_NDK}/sources/android/native_app_glue")
+        set(OCV_DEPENDENCIES_FOUND FALSE)
+      endif()
+    endif()
+  endif()
+
+  if(OCV_DEPENDENCIES_FOUND AND android_proj_sdk_target AND ANDROID_EXECUTABLE AND ANT_EXECUTABLE AND ANDROID_TOOLS_Pkg_Revision GREATER 13 AND EXISTS "${path}/${ANDROID_MANIFEST_FILE}")
+
+    project(${target})
+    set(android_proj_bin_dir "${CMAKE_CURRENT_BINARY_DIR}/.build")
+
+    # get project sources
+    file(GLOB_RECURSE android_proj_files RELATIVE "${path}" "${path}/res/*" "${path}/src/*")
+
+    if(NOT android_proj_IGNORE_MANIFEST)
+      list(APPEND android_proj_files ${ANDROID_MANIFEST_FILE})
+    endif()
+
+    # copy sources out from the build tree
+    set(android_proj_file_deps "")
+    foreach(f ${android_proj_files})
+      add_custom_command(
+        OUTPUT "${android_proj_bin_dir}/${f}"
+        COMMAND ${CMAKE_COMMAND} -E copy "${path}/${f}" "${android_proj_bin_dir}/${f}"
+        MAIN_DEPENDENCY "${path}/${f}"
+        COMMENT "Copying ${f}")
+      list(APPEND android_proj_file_deps "${path}/${f}" "${android_proj_bin_dir}/${f}")
+    endforeach()
+
+    set(android_proj_lib_deps_commands "")
+    set(android_proj_target_files ${ANDROID_PROJECT_FILES})
+    ocv_list_add_prefix(android_proj_target_files "${android_proj_bin_dir}/")
+
+    # process Android library dependencies
+    foreach(dep ${android_proj_LIBRARY_DEPS})
+      file(RELATIVE_PATH __dep "${android_proj_bin_dir}" "${dep}")
+      list(APPEND android_proj_lib_deps_commands
+        COMMAND ${ANDROID_EXECUTABLE} --silent update project --path "${android_proj_bin_dir}" --library "${__dep}")
+    endforeach()
+
+    # fix Android project
+    add_custom_command(
+        OUTPUT ${android_proj_target_files}
+        COMMAND ${CMAKE_COMMAND} -E remove ${android_proj_target_files}
+        COMMAND ${ANDROID_EXECUTABLE} --silent update project --path "${android_proj_bin_dir}" --target "${android_proj_sdk_target}" --name "${target}"
+        ${android_proj_lib_deps_commands}
+        MAIN_DEPENDENCY "${android_proj_bin_dir}/${ANDROID_MANIFEST_FILE}"
+        DEPENDS "${path}/${ANDROID_MANIFEST_FILE}"
+        COMMENT "Updating Android project at ${path}. SDK target: ${android_proj_sdk_target}"
+        )
+
+    list(APPEND android_proj_file_deps ${android_proj_target_files})
+
+    # build native part
+    file(GLOB_RECURSE android_proj_jni_files "${path}/jni/*.c" "${path}/jni/*.h" "${path}/jni/*.cpp" "${path}/jni/*.hpp")
+    ocv_list_filterout(android_proj_jni_files "\\\\.svn")
+
+    if(android_proj_jni_files AND EXISTS ${path}/jni/Android.mk AND NOT DEFINED JNI_LIB_NAME)
+      # find local module name in Android.mk file to build native lib
+      file(STRINGS "${path}/jni/Android.mk" JNI_LIB_NAME REGEX "LOCAL_MODULE[ ]*:=[ ]*.*" )
+      string(REGEX REPLACE "LOCAL_MODULE[ ]*:=[ ]*([a-zA-Z_][a-zA-Z_0-9]*)[ ]*" "\\1" JNI_LIB_NAME "${JNI_LIB_NAME}")
+
+      if(JNI_LIB_NAME)
+        if(NATIVE_APP_GLUE)
+          include_directories(${ANDROID_NDK}/sources/android/native_app_glue)
+          list(APPEND android_proj_jni_files ${ANDROID_NDK}/sources/android/native_app_glue/android_native_app_glue.c)
+          ocv_warnings_disable(CMAKE_C_FLAGS -Wstrict-prototypes -Wunused-parameter -Wmissing-prototypes)
+          set(android_proj_NATIVE_DEPS ${android_proj_NATIVE_DEPS} android)
+        endif()
+
+        add_library(${JNI_LIB_NAME} MODULE ${android_proj_jni_files})
+        ocv_target_include_modules_recurse(${JNI_LIB_NAME} ${android_proj_NATIVE_DEPS})
+        ocv_target_include_directories(${JNI_LIB_NAME} "${path}/jni")
+        ocv_target_link_libraries(${JNI_LIB_NAME} ${OPENCV_LINKER_LIBS} ${android_proj_NATIVE_DEPS})
+
+        set_target_properties(${JNI_LIB_NAME} PROPERTIES
+            OUTPUT_NAME "${JNI_LIB_NAME}"
+            LIBRARY_OUTPUT_DIRECTORY "${android_proj_bin_dir}/libs/${ANDROID_NDK_ABI_NAME}"
+            )
+
+        get_target_property(android_proj_jni_location "${JNI_LIB_NAME}" LOCATION)
+        if (NOT (CMAKE_BUILD_TYPE MATCHES "debug"))
+            add_custom_command(TARGET ${JNI_LIB_NAME} POST_BUILD COMMAND ${CMAKE_STRIP} --strip-unneeded "${android_proj_jni_location}")
+        endif()
+      endif()
+    endif()
+
+    # build java part
+    if(android_proj_IGNORE_JAVA)
+      add_custom_command(
+         OUTPUT "${android_proj_bin_dir}/bin/${target}-debug.apk"
+         COMMAND ${ANT_EXECUTABLE} -q -noinput -k debug
+         COMMAND ${CMAKE_COMMAND} -E touch "${android_proj_bin_dir}/bin/${target}-debug.apk" # needed because ant does not update the timestamp of updated apk
+         WORKING_DIRECTORY "${android_proj_bin_dir}"
+         MAIN_DEPENDENCY "${android_proj_bin_dir}/${ANDROID_MANIFEST_FILE}"
+         DEPENDS ${android_proj_file_deps} ${JNI_LIB_NAME})
+    else()
+      add_custom_command(
+         OUTPUT "${android_proj_bin_dir}/bin/${target}-debug.apk"
+         COMMAND ${ANT_EXECUTABLE} -q -noinput -k debug
+         COMMAND ${CMAKE_COMMAND} -E touch "${android_proj_bin_dir}/bin/${target}-debug.apk" # needed because ant does not update the timestamp of updated apk
+         WORKING_DIRECTORY "${android_proj_bin_dir}"
+         MAIN_DEPENDENCY "${android_proj_bin_dir}/${ANDROID_MANIFEST_FILE}"
+         DEPENDS "${OpenCV_BINARY_DIR}/bin/classes.jar.dephelper" opencv_java # as we are part of OpenCV we can just force this dependency
+         DEPENDS ${android_proj_file_deps} ${JNI_LIB_NAME})
+    endif()
+
+    unset(JNI_LIB_NAME)
+
+    add_custom_target(${target} ALL SOURCES "${android_proj_bin_dir}/bin/${target}-debug.apk" )
+    if(NOT android_proj_IGNORE_JAVA)
+      add_dependencies(${target} opencv_java)
+    endif()
+    if(android_proj_native_deps)
+      add_dependencies(${target} ${android_proj_native_deps})
+    endif()
+
+    if (android_proj_COPY_LIBS OR ANDROID_EXAMPLES_WITH_LIBS)
+      message(STATUS "Android project with libs: " ${target})
+      add_custom_target(
+        ${target}_copy_libs
+        COMMAND ${CMAKE_COMMAND} -DSRC_DIR=${OpenCV_BINARY_DIR}/lib -DDST_DIR=${android_proj_bin_dir}/libs -P ${OpenCV_SOURCE_DIR}/cmake/copyAndroidLibs.cmake
+        WORKING_DIRECTORY ${OpenCV_BINARY_DIR}/lib
+      )
+      add_dependencies(${target} ${target}_copy_libs)
+      if (ANDROID_EXAMPLES_WITH_LIBS)
+        add_dependencies(${target}_copy_libs "${OpenCV_BINARY_DIR}/bin/classes.jar.dephelper" opencv_java)
+      endif()
+    endif()
+
+    if(__android_project_chain)
+      add_dependencies(${target} ${__android_project_chain})
+    endif()
+    set(__android_project_chain ${target} CACHE INTERNAL "auxiliary variable used for Android progects chaining")
+
+    # put the final .apk to the OpenCV's bin folder
+    add_custom_command(TARGET ${target} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy "${android_proj_bin_dir}/bin/${target}-debug.apk" "${OpenCV_BINARY_DIR}/bin/${target}.apk")
+    if(INSTALL_ANDROID_EXAMPLES AND "${target}" MATCHES "^example-")
+      #apk
+      install(FILES "${OpenCV_BINARY_DIR}/bin/${target}.apk" DESTINATION "samples" COMPONENT samples)
+      get_filename_component(sample_dir "${path}" NAME)
+      #java part
+      list(REMOVE_ITEM android_proj_files ${ANDROID_MANIFEST_FILE})
+      foreach(f ${android_proj_files} ${ANDROID_MANIFEST_FILE})
+        get_filename_component(install_subdir "${f}" PATH)
+        install(FILES "${android_proj_bin_dir}/${f}" DESTINATION "samples/${sample_dir}/${install_subdir}" COMPONENT samples)
+      endforeach()
+      #jni part + eclipse files
+      file(GLOB_RECURSE jni_files RELATIVE "${path}" "${path}/jni/*" "${path}/.cproject")
+      ocv_list_filterout(jni_files "\\\\.svn")
+      foreach(f ${jni_files} ".classpath" ".project" ".settings/org.eclipse.jdt.core.prefs")
+        get_filename_component(install_subdir "${f}" PATH)
+        install(FILES "${path}/${f}" DESTINATION "samples/${sample_dir}/${install_subdir}" COMPONENT samples)
+      endforeach()
+      #update proj
+      if(android_proj_lib_deps_commands)
+        set(inst_lib_opt " --library ../../sdk/java")
+      endif()
+      install(CODE "EXECUTE_PROCESS(COMMAND ${ANDROID_EXECUTABLE} --silent update project --path . --target \"${android_proj_sdk_target}\" --name \"${target}\" ${inst_lib_opt}
+                                    WORKING_DIRECTORY \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/samples/${sample_dir}\"
+                                   )"  COMPONENT samples)
+      #empty 'gen'
+      install(CODE "MAKE_DIRECTORY(\"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/samples/${sample_dir}/gen\")" COMPONENT samples)
+    endif()
+  endif()
+endmacro()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectApacheAnt.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectApacheAnt.cmake
new file mode 100644
index 000000000..7b7e9a6da
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectApacheAnt.cmake
@@ -0,0 +1,31 @@
+file(TO_CMAKE_PATH "$ENV{ANT_DIR}" ANT_DIR_ENV_PATH)
+file(TO_CMAKE_PATH "$ENV{ProgramFiles}" ProgramFiles_ENV_PATH)
+
+if(CMAKE_HOST_WIN32)
+  set(ANT_NAME ant.bat)
+else()
+  set(ANT_NAME ant)
+endif()
+
+find_host_program(ANT_EXECUTABLE NAMES ${ANT_NAME}
+  PATHS "${ANT_DIR_ENV_PATH}/bin" "${ProgramFiles_ENV_PATH}/apache-ant/bin"
+  NO_DEFAULT_PATH
+  )
+
+find_host_program(ANT_EXECUTABLE NAMES ${ANT_NAME})
+
+if(ANT_EXECUTABLE)
+  execute_process(COMMAND ${ANT_EXECUTABLE} -version
+    RESULT_VARIABLE ANT_ERROR_LEVEL
+    OUTPUT_VARIABLE ANT_VERSION_FULL
+    OUTPUT_STRIP_TRAILING_WHITESPACE)
+  if (ANT_ERROR_LEVEL)
+    unset(ANT_EXECUTABLE)
+    unset(ANT_EXECUTABLE CACHE)
+  else()
+    string(REGEX MATCH "[0-9]+.[0-9]+.[0-9]+" ANT_VERSION "${ANT_VERSION_FULL}")
+    set(ANT_VERSION "${ANT_VERSION}" CACHE INTERNAL "Detected ant vesion")
+
+    message(STATUS "Found apache ant ${ANT_VERSION}: ${ANT_EXECUTABLE}")
+  endif()
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectCStripes.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectCStripes.cmake
new file mode 100644
index 000000000..279a33996
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectCStripes.cmake
@@ -0,0 +1,11 @@
+if(WIN32)
+    find_path( CSTRIPES_LIB_DIR
+               NAMES "С=.lib"
+               DOC "The path to C= lib and dll")
+    if(CSTRIPES_LIB_DIR)
+        ocv_include_directories("${CSTRIPES_LIB_DIR}/..")
+        link_directories("${CSTRIPES_LIB_DIR}")
+        set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} "C=")
+        set(HAVE_CSTRIPES 1)
+    endif()
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectCUDA.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectCUDA.cmake
new file mode 100644
index 000000000..5789421a4
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectCUDA.cmake
@@ -0,0 +1,257 @@
+if(WIN32 AND NOT MSVC)
+  message(STATUS "CUDA compilation is disabled (due to only Visual Studio compiler supported on your platform).")
+  return()
+endif()
+
+if(CMAKE_COMPILER_IS_GNUCXX AND NOT APPLE AND CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+  message(STATUS "CUDA compilation is disabled (due to Clang unsupported on your platform).")
+  return()
+endif()
+
+set(CMAKE_MODULE_PATH "${OpenCV_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH})
+
+if(ANDROID)
+  set(CUDA_TARGET_OS_VARIANT "Android")
+endif()
+find_host_package(CUDA "${MIN_VER_CUDA}" QUIET)
+
+list(REMOVE_AT CMAKE_MODULE_PATH 0)
+
+if(CUDA_FOUND)
+  set(HAVE_CUDA 1)
+
+  if(WITH_CUFFT)
+    set(HAVE_CUFFT 1)
+  endif()
+
+  if(WITH_CUBLAS)
+    set(HAVE_CUBLAS 1)
+  endif()
+
+  if(WITH_NVCUVID)
+    find_cuda_helper_libs(nvcuvid)
+    if(WIN32)
+      find_cuda_helper_libs(nvcuvenc)
+    endif()
+    set(HAVE_NVCUVID 1)
+  endif()
+
+  message(STATUS "CUDA detected: " ${CUDA_VERSION})
+
+  set(_generations "Fermi" "Kepler")
+  if(NOT CMAKE_CROSSCOMPILING)
+    list(APPEND _generations "Auto")
+  endif()
+  set(CUDA_GENERATION "" CACHE STRING "Build CUDA device code only for specific GPU architecture. Leave empty to build for all architectures.")
+  if( CMAKE_VERSION VERSION_GREATER "2.8" )
+    set_property( CACHE CUDA_GENERATION PROPERTY STRINGS "" ${_generations} )
+  endif()
+
+  if(CUDA_GENERATION)
+    if(NOT ";${_generations};" MATCHES ";${CUDA_GENERATION};")
+      string(REPLACE ";" ", " _generations "${_generations}")
+      message(FATAL_ERROR "ERROR: ${_generations} Generations are suppered.")
+    endif()
+    unset(CUDA_ARCH_BIN CACHE)
+    unset(CUDA_ARCH_PTX CACHE)
+  endif()
+
+  set(__cuda_arch_ptx "")
+  if(CUDA_GENERATION STREQUAL "Fermi")
+    set(__cuda_arch_bin "2.0 2.1(2.0)")
+  elseif(CUDA_GENERATION STREQUAL "Kepler")
+    if(${CUDA_VERSION} VERSION_LESS "5.0")
+      set(__cuda_arch_bin "3.0")
+    else()
+      set(__cuda_arch_bin "3.0 3.5")
+    endif()
+  elseif(CUDA_GENERATION STREQUAL "Auto")
+    execute_process( COMMAND "${CUDA_NVCC_EXECUTABLE}" "${OpenCV_SOURCE_DIR}/cmake/checks/OpenCVDetectCudaArch.cu" "--run"
+                     WORKING_DIRECTORY "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/"
+                     RESULT_VARIABLE _nvcc_res OUTPUT_VARIABLE _nvcc_out
+                     ERROR_QUIET OUTPUT_STRIP_TRAILING_WHITESPACE)
+    if(NOT _nvcc_res EQUAL 0)
+      message(STATUS "Automatic detection of CUDA generation failed. Going to build for all known architectures.")
+    else()
+      set(__cuda_arch_bin "${_nvcc_out}")
+      string(REPLACE "2.1" "2.1(2.0)" __cuda_arch_bin "${__cuda_arch_bin}")
+    endif()
+  endif()
+
+  if(NOT DEFINED __cuda_arch_bin)
+    if(ANDROID)
+      if(ARM)
+        set(__cuda_arch_bin "3.2")
+        set(__cuda_arch_ptx "")
+      elseif(AARCH64)
+        set(__cuda_arch_bin "5.3")
+        set(__cuda_arch_ptx "")
+      endif()
+    else()
+      if(${CUDA_VERSION} VERSION_LESS "5.0")
+        set(__cuda_arch_bin "1.1 1.2 1.3 2.0 2.1(2.0) 3.0")
+      elseif(${CUDA_VERSION} VERSION_GREATER "6.5")
+        set(__cuda_arch_bin "2.0 2.1(2.0) 3.0 3.5")
+      else()
+        set(__cuda_arch_bin "1.1 1.2 1.3 2.0 2.1(2.0) 3.0 3.5")
+      endif()
+      set(__cuda_arch_ptx "3.0")
+    endif()
+  endif()
+
+  set(CUDA_ARCH_BIN ${__cuda_arch_bin} CACHE STRING "Specify 'real' GPU architectures to build binaries for, BIN(PTX) format is supported")
+  set(CUDA_ARCH_PTX ${__cuda_arch_ptx} CACHE STRING "Specify 'virtual' PTX architectures to build PTX intermediate code for")
+
+  string(REGEX REPLACE "\\." "" ARCH_BIN_NO_POINTS "${CUDA_ARCH_BIN}")
+  string(REGEX REPLACE "\\." "" ARCH_PTX_NO_POINTS "${CUDA_ARCH_PTX}")
+
+  # Ckeck if user specified 1.0 compute capability: we don't support it
+  string(REGEX MATCH "1.0" HAS_ARCH_10 "${CUDA_ARCH_BIN} ${CUDA_ARCH_PTX}")
+  set(CUDA_ARCH_BIN_OR_PTX_10 0)
+  if(NOT ${HAS_ARCH_10} STREQUAL "")
+    set(CUDA_ARCH_BIN_OR_PTX_10 1)
+  endif()
+
+  # NVCC flags to be set
+  set(NVCC_FLAGS_EXTRA "")
+
+  # These vars will be passed into the templates
+  set(OPENCV_CUDA_ARCH_BIN "")
+  set(OPENCV_CUDA_ARCH_PTX "")
+  set(OPENCV_CUDA_ARCH_FEATURES "")
+
+  # Tell NVCC to add binaries for the specified GPUs
+  string(REGEX MATCHALL "[0-9()]+" ARCH_LIST "${ARCH_BIN_NO_POINTS}")
+  foreach(ARCH IN LISTS ARCH_LIST)
+    if(ARCH MATCHES "([0-9]+)\\(([0-9]+)\\)")
+      # User explicitly specified PTX for the concrete BIN
+      set(NVCC_FLAGS_EXTRA ${NVCC_FLAGS_EXTRA} -gencode arch=compute_${CMAKE_MATCH_2},code=sm_${CMAKE_MATCH_1})
+      set(OPENCV_CUDA_ARCH_BIN "${OPENCV_CUDA_ARCH_BIN} ${CMAKE_MATCH_1}")
+      set(OPENCV_CUDA_ARCH_FEATURES "${OPENCV_CUDA_ARCH_FEATURES} ${CMAKE_MATCH_2}")
+    else()
+      # User didn't explicitly specify PTX for the concrete BIN, we assume PTX=BIN
+      set(NVCC_FLAGS_EXTRA ${NVCC_FLAGS_EXTRA} -gencode arch=compute_${ARCH},code=sm_${ARCH})
+      set(OPENCV_CUDA_ARCH_BIN "${OPENCV_CUDA_ARCH_BIN} ${ARCH}")
+      set(OPENCV_CUDA_ARCH_FEATURES "${OPENCV_CUDA_ARCH_FEATURES} ${ARCH}")
+    endif()
+  endforeach()
+
+  # Tell NVCC to add PTX intermediate code for the specified architectures
+  string(REGEX MATCHALL "[0-9]+" ARCH_LIST "${ARCH_PTX_NO_POINTS}")
+  foreach(ARCH IN LISTS ARCH_LIST)
+    set(NVCC_FLAGS_EXTRA ${NVCC_FLAGS_EXTRA} -gencode arch=compute_${ARCH},code=compute_${ARCH})
+    set(OPENCV_CUDA_ARCH_PTX "${OPENCV_CUDA_ARCH_PTX} ${ARCH}")
+    set(OPENCV_CUDA_ARCH_FEATURES "${OPENCV_CUDA_ARCH_FEATURES} ${ARCH}")
+  endforeach()
+
+  # These vars will be processed in other scripts
+  set(CUDA_NVCC_FLAGS ${CUDA_NVCC_FLAGS} ${NVCC_FLAGS_EXTRA})
+  set(OpenCV_CUDA_CC "${NVCC_FLAGS_EXTRA}")
+
+  if(ANDROID)
+    set(CUDA_NVCC_FLAGS ${CUDA_NVCC_FLAGS} "-Xptxas;-dlcm=ca")
+  endif()
+
+  message(STATUS "CUDA NVCC target flags: ${CUDA_NVCC_FLAGS}")
+
+  OCV_OPTION(CUDA_FAST_MATH "Enable --use_fast_math for CUDA compiler " OFF)
+
+  if(CUDA_FAST_MATH)
+    set(CUDA_NVCC_FLAGS ${CUDA_NVCC_FLAGS} --use_fast_math)
+  endif()
+
+  mark_as_advanced(CUDA_BUILD_CUBIN CUDA_BUILD_EMULATION CUDA_VERBOSE_BUILD CUDA_SDK_ROOT_DIR)
+
+  macro(ocv_cuda_compile VAR)
+    foreach(var CMAKE_CXX_FLAGS CMAKE_CXX_FLAGS_RELEASE CMAKE_CXX_FLAGS_DEBUG)
+      set(${var}_backup_in_cuda_compile_ "${${var}}")
+
+      # we remove /EHa as it generates warnings under windows
+      string(REPLACE "/EHa" "" ${var} "${${var}}")
+
+      # we remove -ggdb3 flag as it leads to preprocessor errors when compiling CUDA files (CUDA 4.1)
+      string(REPLACE "-ggdb3" "" ${var} "${${var}}")
+
+      # we remove -Wsign-promo as it generates warnings under linux
+      string(REPLACE "-Wsign-promo" "" ${var} "${${var}}")
+
+      # we remove -Wno-sign-promo as it generates warnings under linux
+      string(REPLACE "-Wno-sign-promo" "" ${var} "${${var}}")
+
+      # we remove -Wno-delete-non-virtual-dtor because it's used for C++ compiler
+      # but NVCC uses C compiler by default
+      string(REPLACE "-Wno-delete-non-virtual-dtor" "" ${var} "${${var}}")
+
+      # we remove -frtti because it's used for C++ compiler
+      # but NVCC uses C compiler by default
+      string(REPLACE "-frtti" "" ${var} "${${var}}")
+
+      string(REPLACE "-fvisibility-inlines-hidden" "" ${var} "${${var}}")
+    endforeach()
+
+    if(BUILD_SHARED_LIBS)
+      set(CUDA_NVCC_FLAGS ${CUDA_NVCC_FLAGS} -Xcompiler -DCVAPI_EXPORTS)
+    endif()
+
+    if(UNIX OR APPLE)
+      set(CUDA_NVCC_FLAGS ${CUDA_NVCC_FLAGS} -Xcompiler -fPIC)
+    endif()
+    if(APPLE)
+      set(CUDA_NVCC_FLAGS ${CUDA_NVCC_FLAGS} -Xcompiler -fno-finite-math-only)
+    endif()
+
+    # disabled because of multiple warnings during building nvcc auto generated files
+    if(CMAKE_COMPILER_IS_GNUCXX AND CMAKE_GCC_REGEX_VERSION VERSION_GREATER "4.6.0")
+      ocv_warnings_disable(CMAKE_CXX_FLAGS -Wunused-but-set-variable)
+    endif()
+
+    CUDA_COMPILE(${VAR} ${ARGN})
+
+    foreach(var CMAKE_CXX_FLAGS CMAKE_CXX_FLAGS_RELEASE CMAKE_CXX_FLAGS_DEBUG)
+      set(${var} "${${var}_backup_in_cuda_compile_}")
+      unset(${var}_backup_in_cuda_compile_)
+    endforeach()
+  endmacro()
+else()
+  unset(CUDA_ARCH_BIN CACHE)
+  unset(CUDA_ARCH_PTX CACHE)
+endif()
+
+if(HAVE_CUDA)
+  set(CUDA_LIBS_PATH "")
+  foreach(p ${CUDA_LIBRARIES} ${CUDA_npp_LIBRARY})
+    get_filename_component(_tmp ${p} PATH)
+    list(APPEND CUDA_LIBS_PATH ${_tmp})
+  endforeach()
+
+  if(HAVE_CUBLAS)
+    foreach(p ${CUDA_cublas_LIBRARY})
+      get_filename_component(_tmp ${p} PATH)
+      list(APPEND CUDA_LIBS_PATH ${_tmp})
+    endforeach()
+  endif()
+
+  if(HAVE_CUFFT)
+    foreach(p ${CUDA_cufft_LIBRARY})
+      get_filename_component(_tmp ${p} PATH)
+      list(APPEND CUDA_LIBS_PATH ${_tmp})
+    endforeach()
+  endif()
+
+  list(REMOVE_DUPLICATES CUDA_LIBS_PATH)
+  link_directories(${CUDA_LIBS_PATH})
+
+  set(CUDA_LIBRARIES_ABS ${CUDA_LIBRARIES})
+  ocv_convert_to_lib_name(CUDA_LIBRARIES ${CUDA_LIBRARIES})
+  set(CUDA_npp_LIBRARY_ABS ${CUDA_npp_LIBRARY})
+  ocv_convert_to_lib_name(CUDA_npp_LIBRARY ${CUDA_npp_LIBRARY})
+  if(HAVE_CUBLAS)
+    set(CUDA_cublas_LIBRARY_ABS ${CUDA_cublas_LIBRARY})
+    ocv_convert_to_lib_name(CUDA_cublas_LIBRARY ${CUDA_cublas_LIBRARY})
+  endif()
+
+  if(HAVE_CUFFT)
+    set(CUDA_cufft_LIBRARY_ABS ${CUDA_cufft_LIBRARY})
+    ocv_convert_to_lib_name(CUDA_cufft_LIBRARY ${CUDA_cufft_LIBRARY})
+  endif()
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectCXXCompiler.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectCXXCompiler.cmake
new file mode 100644
index 000000000..49413467d
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectCXXCompiler.cmake
@@ -0,0 +1,157 @@
+# ----------------------------------------------------------------------------
+# Detect Microsoft compiler:
+# ----------------------------------------------------------------------------
+if(CMAKE_CL_64)
+    set(MSVC64 1)
+endif()
+
+if(CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+  set(CMAKE_COMPILER_IS_GNUCXX 1)
+  set(CMAKE_COMPILER_IS_CLANGCXX 1)
+endif()
+if(CMAKE_C_COMPILER_ID STREQUAL "Clang")
+  set(CMAKE_COMPILER_IS_GNUCC 1)
+  set(CMAKE_COMPILER_IS_CLANGCC 1)
+endif()
+
+if((CMAKE_COMPILER_IS_CLANGCXX OR CMAKE_COMPILER_IS_CLANGCC) AND NOT CMAKE_GENERATOR MATCHES "Xcode")
+  set(ENABLE_PRECOMPILED_HEADERS OFF CACHE BOOL "" FORCE)
+endif()
+
+# ----------------------------------------------------------------------------
+# Detect Intel ICC compiler -- for -fPIC in 3rdparty ( UNIX ONLY ):
+#  see  include/opencv/cxtypes.h file for related   ICC & CV_ICC defines.
+# NOTE: The system needs to determine if the '-fPIC' option needs to be added
+#  for the 3rdparty static libs being compiled.  The CMakeLists.txt files
+#  in 3rdparty use the CV_ICC definition being set here to determine if
+#  the -fPIC flag should be used.
+# ----------------------------------------------------------------------------
+if(UNIX)
+  if  (__ICL)
+    set(CV_ICC   __ICL)
+  elseif(__ICC)
+    set(CV_ICC   __ICC)
+  elseif(__ECL)
+    set(CV_ICC   __ECL)
+  elseif(__ECC)
+    set(CV_ICC   __ECC)
+  elseif(__INTEL_COMPILER)
+    set(CV_ICC   __INTEL_COMPILER)
+  elseif(CMAKE_C_COMPILER MATCHES "icc")
+    set(CV_ICC   icc_matches_c_compiler)
+  endif()
+endif()
+
+if(MSVC AND CMAKE_C_COMPILER MATCHES "icc")
+  set(CV_ICC   __INTEL_COMPILER_FOR_WINDOWS)
+endif()
+
+# ----------------------------------------------------------------------------
+# Detect GNU version:
+# ----------------------------------------------------------------------------
+if(CMAKE_COMPILER_IS_CLANGCXX)
+  set(CMAKE_GCC_REGEX_VERSION "4.2.1")
+  set(CMAKE_OPENCV_GCC_VERSION_MAJOR 4)
+  set(CMAKE_OPENCV_GCC_VERSION_MINOR 2)
+  set(CMAKE_OPENCV_GCC_VERSION 42)
+  set(CMAKE_OPENCV_GCC_VERSION_NUM 402)
+
+  execute_process(COMMAND ${CMAKE_CXX_COMPILER} ${CMAKE_CXX_COMPILER_ARG1} -v
+                  ERROR_VARIABLE CMAKE_OPENCV_CLANG_VERSION_FULL
+                  ERROR_STRIP_TRAILING_WHITESPACE)
+
+  string(REGEX MATCH "version.*$" CMAKE_OPENCV_CLANG_VERSION_FULL "${CMAKE_OPENCV_CLANG_VERSION_FULL}")
+  string(REGEX MATCH "[0-9]+\\.[0-9]+" CMAKE_CLANG_REGEX_VERSION "${CMAKE_OPENCV_CLANG_VERSION_FULL}")
+
+elseif(CMAKE_COMPILER_IS_GNUCXX)
+  execute_process(COMMAND ${CMAKE_CXX_COMPILER} ${CMAKE_CXX_COMPILER_ARG1} -dumpversion
+                OUTPUT_VARIABLE CMAKE_OPENCV_GCC_VERSION_FULL
+                OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+  execute_process(COMMAND ${CMAKE_CXX_COMPILER} ${CMAKE_CXX_COMPILER_ARG1} -v
+                ERROR_VARIABLE CMAKE_OPENCV_GCC_INFO_FULL
+                OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+  # Typical output in CMAKE_OPENCV_GCC_VERSION_FULL: "c+//0 (whatever) 4.2.3 (...)"
+  # Look for the version number
+  string(REGEX MATCH "[0-9]+\\.[0-9]+\\.[0-9]+" CMAKE_GCC_REGEX_VERSION "${CMAKE_OPENCV_GCC_VERSION_FULL}")
+  if(NOT CMAKE_GCC_REGEX_VERSION)
+    string(REGEX MATCH "[0-9]+\\.[0-9]+" CMAKE_GCC_REGEX_VERSION "${CMAKE_OPENCV_GCC_VERSION_FULL}")
+  endif()
+
+  # Split the three parts:
+  string(REGEX MATCHALL "[0-9]+" CMAKE_OPENCV_GCC_VERSIONS "${CMAKE_GCC_REGEX_VERSION}")
+
+  list(GET CMAKE_OPENCV_GCC_VERSIONS 0 CMAKE_OPENCV_GCC_VERSION_MAJOR)
+  list(GET CMAKE_OPENCV_GCC_VERSIONS 1 CMAKE_OPENCV_GCC_VERSION_MINOR)
+
+  set(CMAKE_OPENCV_GCC_VERSION ${CMAKE_OPENCV_GCC_VERSION_MAJOR}${CMAKE_OPENCV_GCC_VERSION_MINOR})
+  math(EXPR CMAKE_OPENCV_GCC_VERSION_NUM "${CMAKE_OPENCV_GCC_VERSION_MAJOR}*100 + ${CMAKE_OPENCV_GCC_VERSION_MINOR}")
+  message(STATUS "Detected version of GNU GCC: ${CMAKE_OPENCV_GCC_VERSION} (${CMAKE_OPENCV_GCC_VERSION_NUM})")
+
+  if(WIN32)
+    execute_process(COMMAND ${CMAKE_CXX_COMPILER} -dumpmachine
+              OUTPUT_VARIABLE OPENCV_GCC_TARGET_MACHINE
+              OUTPUT_STRIP_TRAILING_WHITESPACE)
+    if(OPENCV_GCC_TARGET_MACHINE MATCHES "amd64|x86_64|AMD64")
+      set(MINGW64 1)
+    endif()
+  endif()
+endif()
+
+if(MSVC64 OR MINGW64)
+  set(X86_64 1)
+elseif(MINGW OR (MSVC AND NOT CMAKE_CROSSCOMPILING))
+  set(X86 1)
+elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "amd64.*|x86_64.*|AMD64.*")
+  set(X86_64 1)
+elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "i686.*|i386.*|x86.*|amd64.*|AMD64.*")
+  set(X86 1)
+elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "^(arm.*|ARM.*)")
+  set(ARM 1)
+elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "^(aarch64.*|AARCH64.*)")
+  set(AARCH64 1)
+endif()
+
+
+# Similar code exists in OpenCVConfig.cmake
+if(NOT DEFINED OpenCV_STATIC)
+  # look for global setting
+  if(NOT DEFINED BUILD_SHARED_LIBS OR BUILD_SHARED_LIBS)
+    set(OpenCV_STATIC OFF)
+  else()
+    set(OpenCV_STATIC ON)
+  endif()
+endif()
+
+if(MSVC)
+  if(CMAKE_CL_64)
+    set(OpenCV_ARCH x64)
+  elseif((CMAKE_GENERATOR MATCHES "ARM") OR ("${arch_hint}" STREQUAL "ARM") OR (CMAKE_VS_EFFECTIVE_PLATFORMS MATCHES "ARM|arm"))
+    # see Modules/CmakeGenericSystem.cmake
+    set(OpenCV_ARCH ARM)
+  else()
+    set(OpenCV_ARCH x86)
+  endif()
+  if(MSVC_VERSION EQUAL 1400)
+    set(OpenCV_RUNTIME vc8)
+  elseif(MSVC_VERSION EQUAL 1500)
+    set(OpenCV_RUNTIME vc9)
+  elseif(MSVC_VERSION EQUAL 1600)
+    set(OpenCV_RUNTIME vc10)
+  elseif(MSVC_VERSION EQUAL 1700)
+    set(OpenCV_RUNTIME vc11)
+  elseif(MSVC_VERSION EQUAL 1800)
+    set(OpenCV_RUNTIME vc12)
+  elseif(MSVC_VERSION EQUAL 1900)
+    set(OpenCV_RUNTIME vc14)
+  endif()
+elseif(MINGW)
+  set(OpenCV_RUNTIME mingw)
+
+  if(MINGW64)
+    set(OpenCV_ARCH x64)
+  else()
+    set(OpenCV_ARCH x86)
+  endif()
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectDirectX.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectDirectX.cmake
new file mode 100644
index 000000000..913698620
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectDirectX.cmake
@@ -0,0 +1,14 @@
+if(WIN32)
+  try_compile(__VALID_DIRECTX
+    "${OpenCV_BINARY_DIR}"
+    "${OpenCV_SOURCE_DIR}/cmake/checks/directx.cpp"
+    OUTPUT_VARIABLE TRY_OUT
+  )
+  if(NOT __VALID_DIRECTX)
+    return()
+  endif()
+  set(HAVE_DIRECTX ON)
+  set(HAVE_D3D11 ON)
+  set(HAVE_D3D10 ON)
+  set(HAVE_D3D9 ON)
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectOpenCL.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectOpenCL.cmake
new file mode 100644
index 000000000..67e10ede8
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectOpenCL.cmake
@@ -0,0 +1,87 @@
+if(APPLE)
+  set(OPENCL_FOUND YES)
+  set(OPENCL_LIBRARY "-framework OpenCL" CACHE STRING "OpenCL library")
+  set(OPENCL_INCLUDE_DIR "" CACHE STRING "OpenCL include directory")
+  mark_as_advanced(OPENCL_INCLUDE_DIR OPENCL_LIBRARY)
+  set(HAVE_OPENCL_STATIC ON)
+else(APPLE)
+  set(OPENCL_FOUND YES)
+  set(HAVE_OPENCL_STATIC OFF)
+  set(OPENCL_INCLUDE_DIR "${OpenCV_SOURCE_DIR}/3rdparty/include/opencl/1.2")
+endif(APPLE)
+
+if(WINRT)
+  set(OPENCL_FOUND NO)
+  set(HAVE_OPENCL_STATIC OFF)
+endif(WINRT)
+
+if(OPENCL_FOUND)
+  if(NOT HAVE_OPENCL_STATIC)
+    try_compile(__VALID_OPENCL
+      "${OpenCV_BINARY_DIR}"
+      "${OpenCV_SOURCE_DIR}/cmake/checks/opencl.cpp"
+      CMAKE_FLAGS "-DINCLUDE_DIRECTORIES:STRING=${OPENCL_INCLUDE_DIR}"
+      OUTPUT_VARIABLE TRY_OUT
+      )
+    if(NOT TRY_OUT MATCHES "OpenCL is valid")
+      message(WARNING "Can't use OpenCL")
+      return()
+    endif()
+  endif()
+
+  if(NOT WINRT)
+    set(HAVE_OPENCL 1)
+  endif()
+
+  if(WITH_OPENCL_SVM)
+    set(HAVE_OPENCL_SVM 1)
+  endif()
+
+  if(HAVE_OPENCL_STATIC)
+    set(OPENCL_LIBRARIES "${OPENCL_LIBRARY}")
+  else()
+    unset(OPENCL_LIBRARIES)
+  endif()
+
+  set(OPENCL_INCLUDE_DIRS ${OPENCL_INCLUDE_DIR})
+
+  if(WITH_OPENCLAMDFFT)
+    find_path(CLAMDFFT_ROOT_DIR
+              NAMES include/clAmdFft.h
+              PATHS ENV CLAMDFFT_PATH ENV ProgramFiles
+              PATH_SUFFIXES clAmdFft AMD/clAmdFft
+              DOC "AMD FFT root directory"
+              NO_DEFAULT_PATH)
+
+    find_path(CLAMDFFT_INCLUDE_DIR
+              NAMES clAmdFft.h
+              HINTS ${CLAMDFFT_ROOT_DIR}
+              PATH_SUFFIXES include
+              DOC "clAmdFft include directory")
+
+    if(CLAMDFFT_INCLUDE_DIR)
+      set(HAVE_CLAMDFFT 1)
+      list(APPEND OPENCL_INCLUDE_DIRS "${CLAMDFFT_INCLUDE_DIR}")
+    endif()
+  endif()
+
+  if(WITH_OPENCLAMDBLAS)
+    find_path(CLAMDBLAS_ROOT_DIR
+              NAMES include/clAmdBlas.h
+              PATHS ENV CLAMDBLAS_PATH ENV ProgramFiles
+              PATH_SUFFIXES clAmdBlas AMD/clAmdBlas
+              DOC "AMD FFT root directory"
+              NO_DEFAULT_PATH)
+
+    find_path(CLAMDBLAS_INCLUDE_DIR
+              NAMES clAmdBlas.h
+              HINTS ${CLAMDBLAS_ROOT_DIR}
+              PATH_SUFFIXES include
+              DOC "clAmdFft include directory")
+
+    if(CLAMDBLAS_INCLUDE_DIR)
+      set(HAVE_CLAMDBLAS 1)
+      list(APPEND OPENCL_INCLUDE_DIRS "${CLAMDBLAS_INCLUDE_DIR}")
+    endif()
+  endif()
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectPython.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectPython.cmake
new file mode 100644
index 000000000..f883525c8
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectPython.cmake
@@ -0,0 +1,239 @@
+# Find specified Python version
+# Arguments:
+#   preferred_version (value): Version to check for first
+#   min_version (value): Minimum supported version
+#   library_env (value): Name of Python library ENV variable to check
+#   include_dir_env (value): Name of Python include directory ENV variable to check
+#   found (variable): Set if interpreter found
+#   executable (variable): Output of executable found
+#   version_string (variable): Output of found version
+#   version_major (variable): Output of found major version
+#   version_minor (variable): Output of found minor version
+#   libs_found (variable): Set if libs found
+#   libs_version_string (variable): Output of found libs version
+#   libraries (variable): Output of found Python libraries
+#   library (variable): Output of found Python library
+#   debug_libraries (variable): Output of found Python debug libraries
+#   debug_library (variable): Output of found Python debug library
+#   include_path (variable): Output of found Python include path
+#   include_dir (variable): Output of found Python include dir
+#   include_dir2 (variable): Output of found Python include dir2
+#   packages_path (variable): Output of found Python packages path
+#   numpy_include_dirs (variable): Output of found Python Numpy include dirs
+#   numpy_version (variable): Output of found Python Numpy version
+function(find_python preferred_version min_version library_env include_dir_env
+         found executable version_string version_major version_minor
+         libs_found libs_version_string libraries library debug_libraries
+         debug_library include_path include_dir include_dir2 packages_path
+         numpy_include_dirs numpy_version)
+
+  ocv_check_environment_variables(${executable})
+  if(${executable})
+    set(PYTHON_EXECUTABLE "${${executable}}")
+  endif()
+
+  if(WIN32 AND NOT ${executable})
+    # search for executable with the same bitness as resulting binaries
+    # standard FindPythonInterp always prefers executable from system path
+    # this is really important because we are using the interpreter for numpy search and for choosing the install location
+    foreach(_CURRENT_VERSION ${Python_ADDITIONAL_VERSIONS} "${preferred_version}" "${min_version}")
+      find_host_program(PYTHON_EXECUTABLE
+        NAMES python${_CURRENT_VERSION} python
+        PATHS
+          [HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Python\\\\PythonCore\\\\${_CURRENT_VERSION}\\\\InstallPath]
+          [HKEY_CURRENT_USER\\\\SOFTWARE\\\\Python\\\\PythonCore\\\\${_CURRENT_VERSION}\\\\InstallPath]
+        NO_SYSTEM_ENVIRONMENT_PATH
+      )
+    endforeach()
+  endif()
+
+  find_host_package(PythonInterp "${preferred_version}")
+  if(NOT PYTHONINTERP_FOUND)
+    find_host_package(PythonInterp "${min_version}")
+  endif()
+
+  if(PYTHONINTERP_FOUND)
+    # Copy outputs
+    set(_found ${PYTHONINTERP_FOUND})
+    set(_executable ${PYTHON_EXECUTABLE})
+    set(_version_string ${PYTHON_VERSION_STRING})
+    set(_version_major ${PYTHON_VERSION_MAJOR})
+    set(_version_minor ${PYTHON_VERSION_MINOR})
+    set(_version_patch ${PYTHON_VERSION_PATCH})
+
+    # Clear find_host_package side effects
+    unset(PYTHONINTERP_FOUND)
+    unset(PYTHON_EXECUTABLE CACHE)
+    unset(PYTHON_VERSION_STRING)
+    unset(PYTHON_VERSION_MAJOR)
+    unset(PYTHON_VERSION_MINOR)
+    unset(PYTHON_VERSION_PATCH)
+  endif()
+
+  if(_found)
+    set(_version_major_minor "${_version_major}.${_version_minor}")
+
+    if(NOT ANDROID AND NOT IOS)
+      ocv_check_environment_variables(${library_env} ${include_dir_env})
+      if(NOT ${${library_env}} EQUAL "")
+          set(PYTHON_LIBRARY "${${library_env}}")
+      endif()
+      if(NOT ${${include_dir_env}} EQUAL "")
+          set(PYTHON_INCLUDE_DIR "${${include_dir_env}}")
+      endif()
+
+      # not using _version_string here, because it might not conform to the CMake version format
+      if(CMAKE_CROSSCOMPILING)
+        # builder version can differ from target, matching base version (e.g. 2.7)
+        find_host_package(PythonLibs "${_version_major_minor}")
+      else()
+        find_host_package(PythonLibs "${_version_major_minor}.${_version_patch}" EXACT)
+      endif()
+
+      if(PYTHONLIBS_FOUND)
+        # Copy outputs
+        set(_libs_found ${PYTHONLIBS_FOUND})
+        set(_libraries ${PYTHON_LIBRARIES})
+        set(_include_path ${PYTHON_INCLUDE_PATH})
+        set(_include_dirs ${PYTHON_INCLUDE_DIRS})
+        set(_debug_libraries ${PYTHON_DEBUG_LIBRARIES})
+        set(_libs_version_string ${PYTHONLIBS_VERSION_STRING})
+        set(_debug_library ${PYTHON_DEBUG_LIBRARY})
+        set(_library ${PYTHON_LIBRARY})
+        set(_library_debug ${PYTHON_LIBRARY_DEBUG})
+        set(_library_release ${PYTHON_LIBRARY_RELEASE})
+        set(_include_dir ${PYTHON_INCLUDE_DIR})
+        set(_include_dir2 ${PYTHON_INCLUDE_DIR2})
+
+        # Clear find_host_package side effects
+        unset(PYTHONLIBS_FOUND)
+        unset(PYTHON_LIBRARIES)
+        unset(PYTHON_INCLUDE_PATH)
+        unset(PYTHON_INCLUDE_DIRS)
+        unset(PYTHON_DEBUG_LIBRARIES)
+        unset(PYTHONLIBS_VERSION_STRING)
+        unset(PYTHON_DEBUG_LIBRARY CACHE)
+        unset(PYTHON_LIBRARY)
+        unset(PYTHON_LIBRARY_DEBUG)
+        unset(PYTHON_LIBRARY_RELEASE)
+        unset(PYTHON_LIBRARY CACHE)
+        unset(PYTHON_LIBRARY_DEBUG CACHE)
+        unset(PYTHON_LIBRARY_RELEASE CACHE)
+        unset(PYTHON_INCLUDE_DIR CACHE)
+        unset(PYTHON_INCLUDE_DIR2 CACHE)
+      endif()
+    endif()
+
+    if(NOT ANDROID AND NOT IOS)
+      if(CMAKE_HOST_UNIX)
+        execute_process(COMMAND ${_executable} -c "from distutils.sysconfig import *; print(get_python_lib())"
+                        RESULT_VARIABLE _cvpy_process
+                        OUTPUT_VARIABLE _std_packages_path
+                        OUTPUT_STRIP_TRAILING_WHITESPACE)
+        if("${_std_packages_path}" MATCHES "site-packages")
+          set(_packages_path "python${_version_major_minor}/site-packages")
+        else() #debian based assumed, install to the dist-packages.
+          set(_packages_path "python${_version_major_minor}/dist-packages")
+        endif()
+        if(EXISTS "${CMAKE_INSTALL_PREFIX}/lib${LIB_SUFFIX}/${${packages_path}}")
+          set(_packages_path "lib${LIB_SUFFIX}/${_packages_path}")
+        else()
+          set(_packages_path "lib/${_packages_path}")
+        endif()
+      elseif(CMAKE_HOST_WIN32)
+        get_filename_component(_path "${_executable}" PATH)
+        file(TO_CMAKE_PATH "${_path}" _path)
+        if(NOT EXISTS "${_path}/Lib/site-packages")
+          unset(_path)
+          get_filename_component(_path "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Python\\PythonCore\\${_version_major_minor}\\InstallPath]" ABSOLUTE)
+          if(NOT _path)
+             get_filename_component(_path "[HKEY_CURRENT_USER\\SOFTWARE\\Python\\PythonCore\\${_version_major_minor}\\InstallPath]" ABSOLUTE)
+          endif()
+          file(TO_CMAKE_PATH "${_path}" _path)
+        endif()
+        set(_packages_path "${_path}/Lib/site-packages")
+        unset(_path)
+      endif()
+
+      set(_numpy_include_dirs ${${numpy_include_dirs}})
+
+      if(NOT _numpy_include_dirs)
+        if(CMAKE_CROSSCOMPILING)
+          message(STATUS "Cannot probe for Python/Numpy support (because we are cross-compiling OpenCV)")
+          message(STATUS "If you want to enable Python/Numpy support, set the following variables:")
+          message(STATUS "  PYTHON2_INCLUDE_PATH")
+          message(STATUS "  PYTHON2_LIBRARIES")
+          message(STATUS "  PYTHON2_NUMPY_INCLUDE_DIRS")
+          message(STATUS "  PYTHON3_INCLUDE_PATH")
+          message(STATUS "  PYTHON3_LIBRARIES")
+          message(STATUS "  PYTHON3_NUMPY_INCLUDE_DIRS")
+        else()
+          # Attempt to discover the NumPy include directory. If this succeeds, then build python API with NumPy
+          execute_process(COMMAND "${_executable}" -c "import os; os.environ['DISTUTILS_USE_SDK']='1'; import numpy.distutils; print(os.pathsep.join(numpy.distutils.misc_util.get_numpy_include_dirs()))"
+                          RESULT_VARIABLE _numpy_process
+                          OUTPUT_VARIABLE _numpy_include_dirs
+                          OUTPUT_STRIP_TRAILING_WHITESPACE)
+
+          if(NOT _numpy_process EQUAL 0)
+              unset(_numpy_include_dirs)
+          endif()
+        endif()
+      endif()
+
+      if(_numpy_include_dirs)
+        file(TO_CMAKE_PATH "${_numpy_include_dirs}" _numpy_include_dirs)
+        if(CMAKE_CROSSCOMPILING)
+          if(NOT _numpy_version)
+            set(_numpy_version "undefined - cannot be probed because of the cross-compilation")
+          endif()
+        else()
+          execute_process(COMMAND "${_executable}" -c "import numpy; print(numpy.version.version)"
+                          RESULT_VARIABLE _numpy_process
+                          OUTPUT_VARIABLE _numpy_version
+                          OUTPUT_STRIP_TRAILING_WHITESPACE)
+        endif()
+      endif()
+    endif(NOT ANDROID AND NOT IOS)
+  endif()
+
+  # Export return values
+  set(${found} "${_found}" PARENT_SCOPE)
+  set(${executable} "${_executable}" CACHE FILEPATH "Path to Python interpretor")
+  set(${version_string} "${_version_string}" PARENT_SCOPE)
+  set(${version_major} "${_version_major}" PARENT_SCOPE)
+  set(${version_minor} "${_version_minor}" PARENT_SCOPE)
+  set(${libs_found} "${_libs_found}" PARENT_SCOPE)
+  set(${libs_version_string} "${_libs_version_string}" PARENT_SCOPE)
+  set(${libraries} "${_libraries}" PARENT_SCOPE)
+  set(${library} "${_library}" CACHE FILEPATH "Path to Python library")
+  set(${debug_libraries} "${_debug_libraries}" PARENT_SCOPE)
+  set(${debug_library} "${_debug_library}" CACHE FILEPATH "Path to Python debug")
+  set(${include_path} "${_include_path}" PARENT_SCOPE)
+  set(${include_dir} "${_include_dir}" CACHE PATH "Python include dir")
+  set(${include_dir2} "${_include_dir2}" CACHE PATH "Python include dir 2")
+  set(${packages_path} "${_packages_path}" CACHE PATH "Where to install the python packages.")
+  set(${numpy_include_dirs} ${_numpy_include_dirs} CACHE PATH "Path to numpy headers")
+  set(${numpy_version} "${_numpy_version}" PARENT_SCOPE)
+endfunction(find_python)
+
+find_python(2.7 "${MIN_VER_PYTHON2}" PYTHON2_LIBRARY PYTHON2_INCLUDE_DIR
+    PYTHON2INTERP_FOUND PYTHON2_EXECUTABLE PYTHON2_VERSION_STRING
+    PYTHON2_VERSION_MAJOR PYTHON2_VERSION_MINOR PYTHON2LIBS_FOUND
+    PYTHON2LIBS_VERSION_STRING PYTHON2_LIBRARIES PYTHON2_LIBRARY
+    PYTHON2_DEBUG_LIBRARIES PYTHON2_LIBRARY_DEBUG PYTHON2_INCLUDE_PATH
+    PYTHON2_INCLUDE_DIR PYTHON2_INCLUDE_DIR2 PYTHON2_PACKAGES_PATH
+    PYTHON2_NUMPY_INCLUDE_DIRS PYTHON2_NUMPY_VERSION)
+
+find_python(3.4 "${MIN_VER_PYTHON3}" PYTHON3_LIBRARY PYTHON3_INCLUDE_DIR
+    PYTHON3INTERP_FOUND PYTHON3_EXECUTABLE PYTHON3_VERSION_STRING
+    PYTHON3_VERSION_MAJOR PYTHON3_VERSION_MINOR PYTHON3LIBS_FOUND
+    PYTHON3LIBS_VERSION_STRING PYTHON3_LIBRARIES PYTHON3_LIBRARY
+    PYTHON3_DEBUG_LIBRARIES PYTHON3_LIBRARY_DEBUG PYTHON3_INCLUDE_PATH
+    PYTHON3_INCLUDE_DIR PYTHON3_INCLUDE_DIR2 PYTHON3_PACKAGES_PATH
+    PYTHON3_NUMPY_INCLUDE_DIRS PYTHON3_NUMPY_VERSION)
+
+# Use Python 2 as default Python interpreter
+if(PYTHON2INTERP_FOUND)
+    set(PYTHON_DEFAULT_AVAILABLE "TRUE")
+    set(PYTHON_DEFAULT_EXECUTABLE "${PYTHON2_EXECUTABLE}")
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectTBB.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectTBB.cmake
new file mode 100644
index 000000000..8ff78bb3d
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectTBB.cmake
@@ -0,0 +1,92 @@
+if(BUILD_TBB)
+  add_subdirectory("${OpenCV_SOURCE_DIR}/3rdparty/tbb")
+  include_directories(SYSTEM ${TBB_INCLUDE_DIRS})
+  set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} tbb)
+  add_definitions(-DTBB_USE_GCC_BUILTINS=1 -D__TBB_GCC_BUILTIN_ATOMICS_PRESENT=1)
+  if(tbb_need_GENERIC_DWORD_LOAD_STORE)
+    add_definitions(-D__TBB_USE_GENERIC_DWORD_LOAD_STORE=1)
+  endif()
+  set(HAVE_TBB 1)
+elseif(UNIX AND NOT APPLE)
+  PKG_CHECK_MODULES(TBB tbb)
+
+  if(TBB_FOUND)
+    set(HAVE_TBB 1)
+    if(NOT ${TBB_INCLUDE_DIRS} STREQUAL "")
+      ocv_include_directories(${TBB_INCLUDE_DIRS})
+    endif()
+    link_directories(${TBB_LIBRARY_DIRS})
+    set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} ${TBB_LIBRARIES})
+  endif()
+endif()
+
+if(NOT HAVE_TBB)
+  set(TBB_DEFAULT_INCLUDE_DIRS
+    "/opt/intel/tbb/include" "/usr/local/include" "/usr/include"
+    "C:/Program Files/Intel/TBB" "C:/Program Files (x86)/Intel/TBB"
+    "C:/Program Files (x86)/tbb/include"
+    "C:/Program Files (x86)/tbb/include"
+    "${CMAKE_INSTALL_PREFIX}/include")
+
+  find_path(TBB_INCLUDE_DIRS "tbb/tbb.h" PATHS ${TBB_INCLUDE_DIR} ${TBB_DEFAULT_INCLUDE_DIRS} DOC "The path to TBB headers")
+  if(TBB_INCLUDE_DIRS)
+    if(UNIX)
+      set(TBB_LIB_DIR "${TBB_INCLUDE_DIRS}/../lib" CACHE PATH "Full path of TBB library directory")
+      link_directories("${TBB_LIB_DIR}")
+    endif()
+    if(APPLE)
+      set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} libtbb.dylib)
+    elseif(ANDROID)
+      set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS}  tbb)
+      add_definitions(-DTBB_USE_GCC_BUILTINS)
+    elseif (UNIX)
+      set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} tbb)
+    elseif (WIN32)
+      if(CMAKE_COMPILER_IS_GNUCXX)
+        set(TBB_LIB_DIR "${TBB_INCLUDE_DIRS}/../lib" CACHE PATH "Full path of TBB library directory")
+        link_directories("${TBB_LIB_DIR}")
+        set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} tbb)
+      else()
+        get_filename_component(_TBB_LIB_PATH "${TBB_INCLUDE_DIRS}/../lib" ABSOLUTE)
+
+        if(CMAKE_SYSTEM_PROCESSOR MATCHES amd64*|x86_64* OR MSVC64)
+          set(_TBB_LIB_PATH "${_TBB_LIB_PATH}/intel64")
+        else()
+          set(_TBB_LIB_PATH "${_TBB_LIB_PATH}/ia32")
+        endif()
+
+        if(MSVC80)
+          set(_TBB_LIB_PATH "${_TBB_LIB_PATH}/vc8")
+        elseif(MSVC90)
+          set(_TBB_LIB_PATH "${_TBB_LIB_PATH}/vc9")
+        elseif(MSVC10)
+          set(_TBB_LIB_PATH "${_TBB_LIB_PATH}/vc10")
+        elseif(MSVC11)
+          set(_TBB_LIB_PATH "${_TBB_LIB_PATH}/vc11")
+        elseif(MSVC12)
+          set(_TBB_LIB_PATH "${_TBB_LIB_PATH}/vc12")
+        endif()
+        set(TBB_LIB_DIR "${_TBB_LIB_PATH}" CACHE PATH "Full path of TBB library directory")
+        link_directories("${TBB_LIB_DIR}")
+      endif()
+    endif()
+
+    set(HAVE_TBB 1)
+    if(NOT "${TBB_INCLUDE_DIRS}" STREQUAL "")
+      ocv_include_directories("${TBB_INCLUDE_DIRS}")
+    endif()
+  endif(TBB_INCLUDE_DIRS)
+endif(NOT HAVE_TBB)
+
+# get TBB version
+if(HAVE_TBB)
+  find_file(TBB_STDDEF_PATH tbb/tbb_stddef.h "${TBB_INCLUDE_DIRS}")
+  mark_as_advanced(TBB _STDDEF_PATH)
+endif()
+if(HAVE_TBB AND TBB_STDDEF_PATH)
+  ocv_parse_header("${TBB_STDDEF_PATH}" TBB_VERSION_LINES TBB_VERSION_MAJOR TBB_VERSION_MINOR TBB_INTERFACE_VERSION)
+else()
+  unset(TBB_VERSION_MAJOR)
+  unset(TBB_VERSION_MINOR)
+  unset(TBB_INTERFACE_VERSION)
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectVTK.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectVTK.cmake
new file mode 100644
index 000000000..2b55a9c3f
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVDetectVTK.cmake
@@ -0,0 +1,53 @@
+if(NOT WITH_VTK OR ANDROID OR IOS)
+  return()
+endif()
+
+# VTK 6.x components
+find_package(VTK QUIET COMPONENTS vtkRenderingOpenGL vtkInteractionStyle vtkRenderingLOD vtkIOPLY vtkFiltersTexture vtkRenderingFreeType vtkIOExport NO_MODULE)
+
+# VTK 5.x components
+if(NOT VTK_FOUND)
+  find_package(VTK QUIET COMPONENTS vtkCommon NO_MODULE)
+endif()
+
+if(NOT VTK_FOUND)
+  set(HAVE_VTK OFF)
+  message(STATUS "VTK is not found. Please set -DVTK_DIR in CMake to VTK build directory, or to VTK install subdirectory with VTKConfig.cmake file")
+  return()
+endif()
+
+# Don't support ealier VTKs
+if(${VTK_VERSION} VERSION_LESS "5.8.0")
+  message(STATUS "VTK support is disabled. VTK ver. 5.8.0 is minimum required, but found VTK ver. ${VTK_VERSION}")
+  return()
+endif()
+
+# Different Qt versions can't be linked together
+if(HAVE_QT5 AND ${VTK_VERSION} VERSION_LESS "6.0.0")
+  if(VTK_USE_QT)
+    message(STATUS "VTK support is disabled. Incompatible combination: OpenCV + Qt5 and VTK ver.${VTK_VERSION} + Qt4")
+  endif()
+endif()
+
+# Different Qt versions can't be linked together. VTK 6.0.0 doesn't provide a way to get Qt version it was linked with
+if(HAVE_QT5 AND ${VTK_VERSION} VERSION_EQUAL "6.0.0" AND NOT DEFINED FORCE_VTK)
+  message(STATUS "VTK support is disabled. Possible incompatible combination: OpenCV+Qt5, and VTK ver.${VTK_VERSION} with Qt4")
+  message(STATUS "If it is known that VTK was compiled without Qt4, please define '-DFORCE_VTK=TRUE' flag in CMake")
+  return()
+endif()
+
+# Different Qt versions can't be linked together
+if(HAVE_QT AND ${VTK_VERSION} VERSION_GREATER "6.0.0" AND NOT ${VTK_QT_VERSION} STREQUAL "")
+  if(HAVE_QT5 AND ${VTK_QT_VERSION} EQUAL "4")
+    message(STATUS "VTK support is disabled. Incompatible combination: OpenCV + Qt5 and VTK ver.${VTK_VERSION} + Qt4")
+    return()
+  endif()
+
+  if(NOT HAVE_QT5 AND ${VTK_QT_VERSION} EQUAL "5")
+    message(STATUS "VTK support is disabled. Incompatible combination: OpenCV + Qt4 and VTK ver.${VTK_VERSION} + Qt5")
+    return()
+  endif()
+endif()
+
+set(HAVE_VTK ON)
+message(STATUS "Found VTK ver. ${VTK_VERSION} (usefile: ${VTK_USE_FILE})")
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVExtraTargets.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVExtraTargets.cmake
new file mode 100644
index 000000000..ecb2a3b36
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVExtraTargets.cmake
@@ -0,0 +1,38 @@
+# ----------------------------------------------------------------------------
+#   Uninstall target, for "make uninstall"
+# ----------------------------------------------------------------------------
+CONFIGURE_FILE(
+  "${OpenCV_SOURCE_DIR}/cmake/templates/cmake_uninstall.cmake.in"
+  "${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
+  @ONLY)
+
+ADD_CUSTOM_TARGET(uninstall "${CMAKE_COMMAND}" -P "${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake")
+if(ENABLE_SOLUTION_FOLDERS)
+  set_target_properties(uninstall PROPERTIES FOLDER "CMakeTargets")
+endif()
+
+
+# ----------------------------------------------------------------------------
+# target building all OpenCV modules
+# ----------------------------------------------------------------------------
+add_custom_target(opencv_modules)
+if(ENABLE_SOLUTION_FOLDERS)
+  set_target_properties(opencv_modules PROPERTIES FOLDER "extra")
+endif()
+
+
+# ----------------------------------------------------------------------------
+# targets building all tests
+# ----------------------------------------------------------------------------
+if(BUILD_TESTS)
+  add_custom_target(opencv_tests)
+  if(ENABLE_SOLUTION_FOLDERS)
+    set_target_properties(opencv_tests PROPERTIES FOLDER "extra")
+  endif()
+endif()
+if(BUILD_PERF_TESTS)
+  add_custom_target(opencv_perf_tests)
+  if(ENABLE_SOLUTION_FOLDERS)
+    set_target_properties(opencv_perf_tests PROPERTIES FOLDER "extra")
+  endif()
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindIPP.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindIPP.cmake
new file mode 100644
index 000000000..71001d9c6
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindIPP.cmake
@@ -0,0 +1,266 @@
+#
+# The script to detect Intel(R) Integrated Performance Primitives (IPP)
+# installation/package
+#
+# By default, ICV version will be used.
+# To use standalone IPP update cmake command line:
+# cmake ... -DIPPROOT=<path> ...
+#
+# Note: Backward compatibility is broken, IPPROOT environment path is ignored
+#
+#
+# On return this will define:
+#
+# HAVE_IPP          - True if Intel IPP found
+# HAVE_IPP_ICV_ONLY - True if Intel IPP ICV version is available
+# IPP_ROOT_DIR      - root of IPP installation
+# IPP_INCLUDE_DIRS  - IPP include folder
+# IPP_LIBRARIES     - IPP libraries that are used by OpenCV
+# IPP_VERSION_STR   - string with the newest detected IPP version
+# IPP_VERSION_MAJOR - numbers of IPP version (MAJOR.MINOR.BUILD)
+# IPP_VERSION_MINOR
+# IPP_VERSION_BUILD
+#
+# Created: 30 Dec 2010 by Vladimir Dudnik (vladimir.dudnik@intel.com)
+#
+
+unset(HAVE_IPP CACHE)
+unset(HAVE_IPP_ICV_ONLY)
+unset(IPP_ROOT_DIR)
+unset(IPP_INCLUDE_DIRS)
+unset(IPP_LIBRARIES)
+unset(IPP_VERSION_STR)
+unset(IPP_VERSION_MAJOR)
+unset(IPP_VERSION_MINOR)
+unset(IPP_VERSION_BUILD)
+
+if (X86 AND UNIX AND NOT APPLE AND NOT ANDROID AND BUILD_SHARED_LIBS)
+    message(STATUS "On 32-bit Linux IPP can not currently be used with dynamic libs because of linker errors. Set BUILD_SHARED_LIBS=OFF")
+    return()
+endif()
+
+set(IPP_X64 0)
+if(CMAKE_CXX_SIZEOF_DATA_PTR EQUAL 8)
+    set(IPP_X64 1)
+endif()
+if(CMAKE_CL_64)
+    set(IPP_X64 1)
+endif()
+
+# This function detects IPP version by analyzing .h file
+macro(ipp_get_version VERSION_FILE)
+  unset(_VERSION_STR)
+  unset(_MAJOR)
+  unset(_MINOR)
+  unset(_BUILD)
+
+  # read IPP version info from file
+  file(STRINGS ${VERSION_FILE} STR1 REGEX "IPP_VERSION_MAJOR")
+  file(STRINGS ${VERSION_FILE} STR2 REGEX "IPP_VERSION_MINOR")
+  file(STRINGS ${VERSION_FILE} STR3 REGEX "IPP_VERSION_BUILD")
+  if("${STR3}" STREQUAL "")
+    file(STRINGS ${VERSION_FILE} STR3 REGEX "IPP_VERSION_UPDATE")
+  endif()
+  file(STRINGS ${VERSION_FILE} STR4 REGEX "IPP_VERSION_STR")
+
+  # extract info and assign to variables
+  string(REGEX MATCHALL "[0-9]+" _MAJOR ${STR1})
+  string(REGEX MATCHALL "[0-9]+" _MINOR ${STR2})
+  string(REGEX MATCHALL "[0-9]+" _BUILD ${STR3})
+  string(REGEX MATCHALL "[0-9]+[.]+[0-9]+[^\"]+|[0-9]+[.]+[0-9]+" _VERSION_STR ${STR4})
+
+  # export info to parent scope
+  set(IPP_VERSION_STR   ${_VERSION_STR})
+  set(IPP_VERSION_MAJOR ${_MAJOR})
+  set(IPP_VERSION_MINOR ${_MINOR})
+  set(IPP_VERSION_BUILD ${_BUILD})
+endmacro()
+
+macro(_ipp_not_supported)
+  message(STATUS ${ARGN})
+  unset(HAVE_IPP)
+  unset(HAVE_IPP_ICV_ONLY)
+  unset(IPP_VERSION_STR)
+  return()
+endmacro()
+
+# This macro uses IPP_ROOT_DIR variable
+# TODO Cleanup code after ICV package stabilization
+macro(ipp_detect_version)
+  set(IPP_INCLUDE_DIRS ${IPP_ROOT_DIR}/include)
+
+  set(__msg)
+  if(EXISTS ${IPP_ROOT_DIR}/include/ippicv_redefs.h)
+    set(__msg " (ICV version)")
+    set(HAVE_IPP_ICV_ONLY 1)
+  elseif(EXISTS ${IPP_ROOT_DIR}/include/ipp.h)
+    # nothing
+  else()
+    _ipp_not_supported("Can't resolve IPP directory: ${IPP_ROOT_DIR}")
+  endif()
+
+  ipp_get_version(${IPP_INCLUDE_DIRS}/ippversion.h)
+  ocv_assert(IPP_VERSION_STR VERSION_GREATER "1.0")
+
+  message(STATUS "found IPP${__msg}: ${_MAJOR}.${_MINOR}.${_BUILD} [${IPP_VERSION_STR}]")
+  message(STATUS "at: ${IPP_ROOT_DIR}")
+
+  if(${IPP_VERSION_STR} VERSION_LESS "7.0")
+    _ipp_not_supported("IPP ${IPP_VERSION_STR} is not supported")
+  endif()
+
+  set(HAVE_IPP 1)
+
+  macro(_ipp_set_library_dir DIR)
+    if(NOT EXISTS ${DIR})
+      _ipp_not_supported("IPP library directory not found")
+    endif()
+    set(IPP_LIBRARY_DIR ${DIR})
+  endmacro()
+
+  if(APPLE)
+    _ipp_set_library_dir(${IPP_ROOT_DIR}/lib)
+  elseif(IPP_X64)
+    _ipp_set_library_dir(${IPP_ROOT_DIR}/lib/intel64)
+  else()
+    _ipp_set_library_dir(${IPP_ROOT_DIR}/lib/ia32)
+  endif()
+
+  macro(_ipp_add_library name)
+    # dynamic linking is only supported for standalone version of IPP
+    if (BUILD_WITH_DYNAMIC_IPP AND NOT HAVE_IPP_ICV_ONLY)
+      set(IPP_LIB_PREFIX ${CMAKE_SHARED_LIBRARY_PREFIX})
+      set(IPP_LIB_SUFFIX ${CMAKE_SHARED_LIBRARY_SUFFIX})
+    else ()
+      set(IPP_LIB_PREFIX ${CMAKE_STATIC_LIBRARY_PREFIX})
+      set(IPP_LIB_SUFFIX ${CMAKE_STATIC_LIBRARY_SUFFIX})
+    endif ()
+    if (EXISTS ${IPP_LIBRARY_DIR}/${IPP_LIB_PREFIX}${IPP_PREFIX}${name}${IPP_SUFFIX}${IPP_LIB_SUFFIX})
+      if (BUILD_WITH_DYNAMIC_IPP AND NOT HAVE_IPP_ICV_ONLY)
+        # When using dynamic libraries from standalone IPP it is your responsibility to install those on the target system
+        list(APPEND IPP_LIBRARIES ${IPP_LIBRARY_DIR}/${IPP_LIB_PREFIX}${IPP_PREFIX}${name}${IPP_SUFFIX}${IPP_LIB_SUFFIX})
+      else ()
+        add_library(ipp${name} STATIC IMPORTED)
+        set_target_properties(ipp${name} PROPERTIES
+          IMPORTED_LINK_INTERFACE_LIBRARIES ""
+          IMPORTED_LOCATION ${IPP_LIBRARY_DIR}/${IPP_LIB_PREFIX}${IPP_PREFIX}${name}${IPP_SUFFIX}${IPP_LIB_SUFFIX}
+        )
+        list(APPEND IPP_LIBRARIES ipp${name})
+        # CMake doesn't support "install(TARGETS ${IPP_PREFIX}${name} " command with imported targets
+        install(FILES ${IPP_LIBRARY_DIR}/${IPP_LIB_PREFIX}${IPP_PREFIX}${name}${IPP_SUFFIX}${IPP_LIB_SUFFIX}
+                DESTINATION ${OPENCV_3P_LIB_INSTALL_PATH} COMPONENT dev)
+        string(TOUPPER ${name} uname)
+        set(IPP${uname}_INSTALL_PATH "${CMAKE_INSTALL_PREFIX}/${OPENCV_3P_LIB_INSTALL_PATH}/${IPP_LIB_PREFIX}${IPP_PREFIX}${name}${IPP_SUFFIX}${IPP_LIB_SUFFIX}" CACHE INTERNAL "" FORCE)
+        set(IPP${uname}_LOCATION_PATH "${IPP_LIBRARY_DIR}/${IPP_LIB_PREFIX}${IPP_PREFIX}${name}${IPP_SUFFIX}${IPP_LIB_SUFFIX}" CACHE INTERNAL "" FORCE)
+      endif()
+    else()
+      message(STATUS "Can't find IPP library: ${name} at ${IPP_LIBRARY_DIR}/${IPP_LIB_PREFIX}${IPP_PREFIX}${name}${IPP_SUFFIX}${IPP_LIB_SUFFIX}")
+    endif()
+  endmacro()
+
+  set(IPP_PREFIX "ipp")
+  if(${IPP_VERSION_STR} VERSION_LESS "8.0")
+    if (BUILD_WITH_DYNAMIC_IPP AND NOT HAVE_IPP_ICV_ONLY)
+      set(IPP_SUFFIX "")      # dynamic not threaded libs suffix IPP 7.x
+    else ()
+      set(IPP_SUFFIX "_l")    # static not threaded libs suffix IPP 7.x
+    endif ()
+  else ()
+    if(WIN32)
+      if (BUILD_WITH_DYNAMIC_IPP AND NOT HAVE_IPP_ICV_ONLY)
+        set(IPP_SUFFIX "")    # dynamic not threaded libs suffix IPP 8.x for Windows
+      else ()
+        set(IPP_SUFFIX "mt")  # static not threaded libs suffix IPP 8.x for Windows
+      endif ()
+    else()
+      set(IPP_SUFFIX "")      # static not threaded libs suffix IPP 8.x for Linux/OS X
+    endif()
+  endif()
+
+  if(HAVE_IPP_ICV_ONLY)
+    _ipp_add_library(icv)
+  else()
+    _ipp_add_library(core)
+    _ipp_add_library(s)
+    _ipp_add_library(i)
+    _ipp_add_library(cc)
+    _ipp_add_library(cv)
+    _ipp_add_library(vm)
+    _ipp_add_library(m)
+
+    if(UNIX)
+      get_filename_component(INTEL_COMPILER_LIBRARY_DIR ${IPP_ROOT_DIR}/../lib REALPATH)
+      if(NOT EXISTS ${INTEL_COMPILER_LIBRARY_DIR})
+        get_filename_component(INTEL_COMPILER_LIBRARY_DIR ${IPP_ROOT_DIR}/../compiler/lib REALPATH)
+      endif()
+      if(NOT EXISTS ${INTEL_COMPILER_LIBRARY_DIR})
+        _ipp_not_supported("IPP configuration error: can't find Intel compiler library dir ${INTEL_COMPILER_LIBRARY_DIR}")
+      endif()
+      if(NOT APPLE)
+        if(IPP_X64)
+          if(NOT EXISTS ${INTEL_COMPILER_LIBRARY_DIR}/intel64)
+            message(SEND_ERROR "Intel compiler EM64T libraries not found")
+          endif()
+          set(INTEL_COMPILER_LIBRARY_DIR ${INTEL_COMPILER_LIBRARY_DIR}/intel64)
+        else()
+          if(NOT EXISTS ${INTEL_COMPILER_LIBRARY_DIR}/ia32)
+            message(SEND_ERROR "Intel compiler IA32 libraries not found")
+          endif()
+          set(INTEL_COMPILER_LIBRARY_DIR ${INTEL_COMPILER_LIBRARY_DIR}/ia32)
+        endif()
+      endif()
+
+      macro(_ipp_add_compiler_library name)
+        if (EXISTS ${INTEL_COMPILER_LIBRARY_DIR}/${IPP_LIB_PREFIX}${name}${CMAKE_SHARED_LIBRARY_SUFFIX})
+          list(APPEND IPP_LIBRARIES ${INTEL_COMPILER_LIBRARY_DIR}/${IPP_LIB_PREFIX}${name}${CMAKE_SHARED_LIBRARY_SUFFIX})
+        else()
+          message(STATUS "Can't find compiler library: ${name} at ${INTEL_COMPILER_LIBRARY_DIR}/${IPP_LIB_PREFIX}${name}${CMAKE_SHARED_LIBRARY_SUFFIX}")
+        endif()
+      endmacro()
+
+      _ipp_add_compiler_library(irc)
+      _ipp_add_compiler_library(imf)
+      _ipp_add_compiler_library(svml)
+    endif(UNIX)
+  endif()
+
+  #message(STATUS "IPP libs: ${IPP_LIBRARIES}")
+endmacro()
+
+# OPENCV_IPP_PATH is an environment variable for internal usage only, do not use it
+if(DEFINED ENV{OPENCV_IPP_PATH} AND NOT DEFINED IPPROOT)
+  set(IPPROOT "$ENV{OPENCV_IPP_PATH}")
+endif()
+if(NOT DEFINED IPPROOT)
+  include("${OpenCV_SOURCE_DIR}/3rdparty/ippicv/downloader.cmake")
+  if(DEFINED OPENCV_ICV_PATH)
+    set(IPPROOT "${OPENCV_ICV_PATH}")
+  else()
+    return()
+  endif()
+endif()
+
+file(TO_CMAKE_PATH "${IPPROOT}" __IPPROOT)
+if(EXISTS "${__IPPROOT}/include/ippversion.h")
+  set(IPP_ROOT_DIR ${__IPPROOT})
+  ipp_detect_version()
+endif()
+
+
+if(WIN32 AND MINGW AND NOT IPP_VERSION_MAJOR LESS 7)
+    # Since IPP built with Microsoft compiler and /GS option
+    # ======================================================
+    # From Windows SDK 7.1
+    #   (usually in "C:\Program Files\Microsoft Visual Studio 10.0\VC\lib"),
+    # to avoid undefined reference to __security_cookie and _chkstk:
+    set(MSV_RUNTMCHK "RunTmChk")
+    set(IPP_LIBRARIES ${IPP_LIBRARIES} ${MSV_RUNTMCHK}${IPP_LIB_SUFFIX})
+
+    # To avoid undefined reference to _alldiv and _chkstk
+    # ===================================================
+    # NB: it may require a recompilation of w32api (after having modified
+    #     the file ntdll.def) to export the required functions
+    #     See http://code.opencv.org/issues/1906 for additional details
+    set(MSV_NTDLL    "ntdll")
+    set(IPP_LIBRARIES ${IPP_LIBRARIES} ${MSV_NTDLL}${IPP_LIB_SUFFIX})
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindIPPAsync.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindIPPAsync.cmake
new file mode 100644
index 000000000..6f4765cbc
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindIPPAsync.cmake
@@ -0,0 +1,45 @@
+# Main variables:
+# IPP_A_LIBRARIES and IPP_A_INCLUDE to use IPP Async
+# HAVE_IPP_A for conditional compilation OpenCV with/without IPP Async
+
+# IPP_ASYNC_ROOT - root of IPP Async installation
+
+if(X86_64)
+    find_path(
+    IPP_A_INCLUDE_DIR
+    NAMES ipp_async_defs.h
+    PATHS $ENV{IPP_ASYNC_ROOT}
+    PATH_SUFFIXES include
+    DOC "Path to Intel IPP Async interface headers")
+
+    find_file(
+    IPP_A_LIBRARIES
+    NAMES ipp_async_preview.lib
+    PATHS $ENV{IPP_ASYNC_ROOT}
+    PATH_SUFFIXES lib/intel64
+    DOC "Path to Intel IPP Async interface libraries")
+
+else()
+    find_path(
+    IPP_A_INCLUDE_DIR
+    NAMES ipp_async_defs.h
+    PATHS $ENV{IPP_ASYNC_ROOT}
+    PATH_SUFFIXES include
+    DOC "Path to Intel IPP Async interface headers")
+
+    find_file(
+    IPP_A_LIBRARIES
+    NAMES ipp_async_preview.lib
+    PATHS $ENV{IPP_ASYNC_ROOT}
+    PATH_SUFFIXES lib/ia32
+    DOC "Path to Intel IPP Async interface libraries")
+endif()
+
+if(IPP_A_INCLUDE_DIR AND IPP_A_LIBRARIES)
+    set(HAVE_IPP_A TRUE)
+else()
+    set(HAVE_IPP_A FALSE)
+    message(WARNING "Intel IPP Async library directory (set by IPP_A_LIBRARIES_DIR variable) is not found or does not have Intel IPP Async libraries.")
+endif()
+
+mark_as_advanced(FORCE IPP_A_LIBRARIES IPP_A_INCLUDE_DIR)
\ No newline at end of file
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindIntelPerCSDK.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindIntelPerCSDK.cmake
new file mode 100644
index 000000000..724310560
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindIntelPerCSDK.cmake
@@ -0,0 +1,20 @@
+# Main variables:
+# INTELPERC_LIBRARIES and INTELPERC_INCLUDE to link Intel Perceptial Computing SDK modules
+# HAVE_INTELPERC for conditional compilation OpenCV with/without Intel Perceptial Computing SDK
+
+if(X86_64)
+    find_path(INTELPERC_INCLUDE_DIR "pxcsession.h" PATHS "$ENV{PCSDK_DIR}include" DOC "Path to Intel Perceptual Computing SDK interface headers")
+    find_file(INTELPERC_LIBRARIES "libpxc.lib" PATHS "$ENV{PCSDK_DIR}lib/x64" DOC "Path to Intel Perceptual Computing SDK interface libraries")
+else()
+    find_path(INTELPERC_INCLUDE_DIR "pxcsession.h" PATHS "$ENV{PCSDK_DIR}include" DOC "Path to Intel Perceptual Computing SDK interface headers")
+    find_file(INTELPERC_LIBRARIES "libpxc.lib" PATHS "$ENV{PCSDK_DIR}lib/Win32" DOC "Path to Intel Perceptual Computing SDK interface libraries")
+endif()
+
+if(INTELPERC_INCLUDE_DIR AND INTELPERC_LIBRARIES)
+    set(HAVE_INTELPERC TRUE)
+else()
+    set(HAVE_INTELPERC FALSE)
+    message(WARNING "Intel Perceptual Computing SDK library directory (set by INTELPERC_LIB_DIR variable) is not found or does not have Intel Perceptual Computing SDK libraries.")
+endif() #if(INTELPERC_INCLUDE_DIR AND INTELPERC_LIBRARIES)
+
+mark_as_advanced(FORCE INTELPERC_LIBRARIES INTELPERC_INCLUDE_DIR)
\ No newline at end of file
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLATEX.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLATEX.cmake
new file mode 100644
index 000000000..fb324ce9b
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLATEX.cmake
@@ -0,0 +1,114 @@
+# - Find Latex
+# This module finds if Latex is installed and determines where the
+# executables are. This code sets the following variables:
+#
+#  LATEX_COMPILER:       path to the LaTeX compiler
+#  PDFLATEX_COMPILER:    path to the PdfLaTeX compiler
+#  BIBTEX_COMPILER:      path to the BibTeX compiler
+#  MAKEINDEX_COMPILER:   path to the MakeIndex compiler
+#  DVIPS_CONVERTER:      path to the DVIPS converter
+#  PS2PDF_CONVERTER:     path to the PS2PDF converter
+#  LATEX2HTML_CONVERTER: path to the LaTeX2Html converter
+#
+
+IF (WIN32)
+
+  # Try to find the MikTex binary path (look for its package manager).
+
+  FIND_PATH(MIKTEX_BINARY_PATH mpm.exe
+    "[HKEY_LOCAL_MACHINE\\SOFTWARE\\MiK\\MiKTeX\\CurrentVersion\\MiKTeX;Install Root]/miktex/bin"
+    DOC
+    "Path to the MikTex binary directory."
+  )
+  MARK_AS_ADVANCED(MIKTEX_BINARY_PATH)
+
+  # Try to find the GhostScript binary path (look for gswin32).
+
+  GET_FILENAME_COMPONENT(GHOSTSCRIPT_BINARY_PATH_FROM_REGISTERY_8_00
+     "[HKEY_LOCAL_MACHINE\\SOFTWARE\\AFPL Ghostscript\\8.00;GS_DLL]" PATH
+  )
+
+  GET_FILENAME_COMPONENT(GHOSTSCRIPT_BINARY_PATH_FROM_REGISTERY_7_04
+     "[HKEY_LOCAL_MACHINE\\SOFTWARE\\AFPL Ghostscript\\7.04;GS_DLL]" PATH
+  )
+
+  FIND_PATH(GHOSTSCRIPT_BINARY_PATH gswin32.exe
+    ${GHOSTSCRIPT_BINARY_PATH_FROM_REGISTERY_8_00}
+    ${GHOSTSCRIPT_BINARY_PATH_FROM_REGISTERY_7_04}
+    DOC "Path to the GhostScript binary directory."
+  )
+  MARK_AS_ADVANCED(GHOSTSCRIPT_BINARY_PATH)
+
+  FIND_PATH(GHOSTSCRIPT_LIBRARY_PATH ps2pdf13.bat
+    "${GHOSTSCRIPT_BINARY_PATH}/../lib"
+    DOC "Path to the GhostScript library directory."
+  )
+  MARK_AS_ADVANCED(GHOSTSCRIPT_LIBRARY_PATH)
+
+ENDIF (WIN32)
+
+FIND_HOST_PROGRAM(LATEX_COMPILER
+  NAMES latex
+  PATHS ${MIKTEX_BINARY_PATH}
+        /usr/bin /usr/texbin
+)
+
+FIND_HOST_PROGRAM(PDFLATEX_COMPILER
+  NAMES pdflatex
+  PATHS ${MIKTEX_BINARY_PATH}
+        /usr/bin /usr/texbin
+)
+
+FIND_HOST_PROGRAM(BIBTEX_COMPILER
+  NAMES bibtex
+  PATHS ${MIKTEX_BINARY_PATH}
+        /usr/bin /usr/texbin
+)
+
+FIND_HOST_PROGRAM(MAKEINDEX_COMPILER
+  NAMES makeindex
+  PATHS ${MIKTEX_BINARY_PATH}
+        /usr/bin /usr/texbin
+)
+
+FIND_HOST_PROGRAM(DVIPS_CONVERTER
+  NAMES dvips
+  PATHS ${MIKTEX_BINARY_PATH}
+        /usr/bin /usr/texbin
+)
+
+FIND_HOST_PROGRAM(DVIPDF_CONVERTER
+  NAMES dvipdfm dvipdft dvipdf
+  PATHS ${MIKTEX_BINARY_PATH}
+        /usr/bin /usr/texbin
+)
+
+IF (WIN32)
+  FIND_HOST_PROGRAM(PS2PDF_CONVERTER
+    NAMES ps2pdf14.bat
+    PATHS ${GHOSTSCRIPT_LIBRARY_PATH}
+  )
+ELSE (WIN32)
+  FIND_HOST_PROGRAM(PS2PDF_CONVERTER
+    NAMES ps2pdf14 ps2pdf
+    PATHS /usr/bin /usr/texbin
+  )
+ENDIF (WIN32)
+
+FIND_HOST_PROGRAM(LATEX2HTML_CONVERTER
+  NAMES latex2html
+  PATHS ${MIKTEX_BINARY_PATH}
+        /usr/bin /usr/texbin
+)
+
+
+MARK_AS_ADVANCED(
+  LATEX_COMPILER
+  PDFLATEX_COMPILER
+  BIBTEX_COMPILER
+  MAKEINDEX_COMPILER
+  DVIPS_CONVERTER
+  DVIPDF_CONVERTER
+  PS2PDF_CONVERTER
+  LATEX2HTML_CONVERTER
+)
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLibsGUI.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLibsGUI.cmake
new file mode 100644
index 000000000..1c13619d5
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLibsGUI.cmake
@@ -0,0 +1,90 @@
+# ----------------------------------------------------------------------------
+#  Detect 3rd-party GUI libraries
+# ----------------------------------------------------------------------------
+
+#--- Win32 UI ---
+ocv_clear_vars(HAVE_WIN32UI)
+if(WITH_WIN32UI)
+  try_compile(HAVE_WIN32UI
+    "${OpenCV_BINARY_DIR}"
+    "${OpenCV_SOURCE_DIR}/cmake/checks/win32uitest.cpp"
+    CMAKE_FLAGS "-DLINK_LIBRARIES:STRING=user32;gdi32")
+endif()
+
+# --- QT4 ---
+ocv_clear_vars(HAVE_QT HAVE_QT5)
+if(WITH_QT)
+  if(NOT WITH_QT EQUAL 4)
+    find_package(Qt5Core)
+    find_package(Qt5Gui)
+    find_package(Qt5Widgets)
+    find_package(Qt5Test)
+    find_package(Qt5Concurrent)
+    if(Qt5Core_FOUND AND Qt5Gui_FOUND AND Qt5Widgets_FOUND AND Qt5Test_FOUND AND Qt5Concurrent_FOUND)
+      set(HAVE_QT5 ON)
+      set(HAVE_QT  ON)
+      find_package(Qt5OpenGL)
+      if(Qt5OpenGL_FOUND)
+        set(QT_QTOPENGL_FOUND ON)
+      endif()
+    endif()
+  endif()
+
+  if(NOT HAVE_QT)
+    find_package(Qt4 REQUIRED QtCore QtGui QtTest)
+    if(QT4_FOUND)
+      set(HAVE_QT TRUE)
+    endif()
+  endif()
+endif()
+
+# --- GTK ---
+ocv_clear_vars(HAVE_GTK HAVE_GTK3 HAVE_GTHREAD HAVE_GTKGLEXT)
+if(WITH_GTK AND NOT HAVE_QT)
+  if(NOT WITH_GTK_2_X)
+    CHECK_MODULE(gtk+-3.0 HAVE_GTK3)
+    if(HAVE_GTK3)
+      set(HAVE_GTK TRUE)
+    endif()
+  endif()
+  if(NOT HAVE_GTK)
+    CHECK_MODULE(gtk+-2.0 HAVE_GTK)
+    if(HAVE_GTK AND (ALIASOF_gtk+-2.0_VERSION VERSION_LESS MIN_VER_GTK))
+      message (FATAL_ERROR "GTK support requires a minimum version of ${MIN_VER_GTK} (${ALIASOF_gtk+-2.0_VERSION} found)")
+      set(HAVE_GTK FALSE)
+    endif()
+  endif()
+  CHECK_MODULE(gthread-2.0 HAVE_GTHREAD)
+  if(HAVE_GTK AND NOT HAVE_GTHREAD)
+    message(FATAL_ERROR "gthread not found. This library is required when building with GTK support")
+  endif()
+  if(WITH_OPENGL AND NOT HAVE_GTK3)
+    CHECK_MODULE(gtkglext-1.0 HAVE_GTKGLEXT)
+  endif()
+endif()
+
+# --- OpenGl ---
+ocv_clear_vars(HAVE_OPENGL HAVE_QT_OPENGL)
+if(WITH_OPENGL)
+  if(WITH_WIN32UI OR (HAVE_QT AND QT_QTOPENGL_FOUND) OR HAVE_GTKGLEXT)
+    find_package (OpenGL QUIET)
+    if(OPENGL_FOUND)
+      set(HAVE_OPENGL TRUE)
+      list(APPEND OPENCV_LINKER_LIBS ${OPENGL_LIBRARIES})
+      if(QT_QTOPENGL_FOUND)
+        set(HAVE_QT_OPENGL TRUE)
+      else()
+        ocv_include_directories(${OPENGL_INCLUDE_DIR})
+      endif()
+    endif()
+  endif()
+endif(WITH_OPENGL)
+
+# --- Carbon & Cocoa ---
+if(APPLE)
+  if(WITH_CARBON)
+    set(HAVE_CARBON YES)
+  elseif(NOT IOS AND CMAKE_COMPILER_IS_CLANGCXX)
+    set(HAVE_COCOA YES)
+  endif()
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLibsGrfmt.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLibsGrfmt.cmake
new file mode 100644
index 000000000..b5f38279e
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLibsGrfmt.cmake
@@ -0,0 +1,213 @@
+# ----------------------------------------------------------------------------
+#  Detect 3rd-party image IO libraries
+# ----------------------------------------------------------------------------
+
+# --- zlib (required) ---
+if(BUILD_ZLIB)
+  ocv_clear_vars(ZLIB_FOUND)
+else()
+  find_package(ZLIB "${MIN_VER_ZLIB}")
+  if(ZLIB_FOUND AND ANDROID)
+    if(ZLIB_LIBRARIES STREQUAL "${ANDROID_SYSROOT}/usr/lib/libz.so")
+      set(ZLIB_LIBRARIES z)
+    endif()
+  endif()
+endif()
+
+if(NOT ZLIB_FOUND)
+  ocv_clear_vars(ZLIB_LIBRARY ZLIB_LIBRARIES ZLIB_INCLUDE_DIRS)
+
+  set(ZLIB_LIBRARY zlib)
+  add_subdirectory("${OpenCV_SOURCE_DIR}/3rdparty/zlib")
+  set(ZLIB_INCLUDE_DIRS "${${ZLIB_LIBRARY}_SOURCE_DIR}" "${${ZLIB_LIBRARY}_BINARY_DIR}")
+  set(ZLIB_LIBRARIES ${ZLIB_LIBRARY})
+
+  ocv_parse_header2(ZLIB "${${ZLIB_LIBRARY}_SOURCE_DIR}/zlib.h" ZLIB_VERSION)
+endif()
+
+# --- libtiff (optional, should be searched after zlib) ---
+if(WITH_TIFF)
+  if(BUILD_TIFF)
+    ocv_clear_vars(TIFF_FOUND)
+  else()
+    include(FindTIFF)
+    if(TIFF_FOUND)
+      ocv_parse_header("${TIFF_INCLUDE_DIR}/tiff.h" TIFF_VERSION_LINES TIFF_VERSION_CLASSIC TIFF_VERSION_BIG TIFF_VERSION TIFF_BIGTIFF_VERSION)
+    endif()
+  endif()
+
+  if(NOT TIFF_FOUND)
+    ocv_clear_vars(TIFF_LIBRARY TIFF_LIBRARIES TIFF_INCLUDE_DIR)
+
+    set(TIFF_LIBRARY libtiff)
+    set(TIFF_LIBRARIES ${TIFF_LIBRARY})
+    add_subdirectory("${OpenCV_SOURCE_DIR}/3rdparty/libtiff")
+    set(TIFF_INCLUDE_DIR "${${TIFF_LIBRARY}_SOURCE_DIR}" "${${TIFF_LIBRARY}_BINARY_DIR}")
+    ocv_parse_header("${${TIFF_LIBRARY}_SOURCE_DIR}/tiff.h" TIFF_VERSION_LINES TIFF_VERSION_CLASSIC TIFF_VERSION_BIG TIFF_VERSION TIFF_BIGTIFF_VERSION)
+  endif()
+
+  if(TIFF_VERSION_CLASSIC AND NOT TIFF_VERSION)
+    set(TIFF_VERSION ${TIFF_VERSION_CLASSIC})
+  endif()
+
+  if(TIFF_BIGTIFF_VERSION AND NOT TIFF_VERSION_BIG)
+    set(TIFF_VERSION_BIG ${TIFF_BIGTIFF_VERSION})
+  endif()
+
+  if(NOT TIFF_VERSION_STRING AND TIFF_INCLUDE_DIR)
+    list(GET TIFF_INCLUDE_DIR 0 _TIFF_INCLUDE_DIR)
+    if(EXISTS "${_TIFF_INCLUDE_DIR}/tiffvers.h")
+      file(STRINGS "${_TIFF_INCLUDE_DIR}/tiffvers.h" tiff_version_str REGEX "^#define[\t ]+TIFFLIB_VERSION_STR[\t ]+\"LIBTIFF, Version .*")
+      string(REGEX REPLACE "^#define[\t ]+TIFFLIB_VERSION_STR[\t ]+\"LIBTIFF, Version +([^ \\n]*).*" "\\1" TIFF_VERSION_STRING "${tiff_version_str}")
+      unset(tiff_version_str)
+    endif()
+    unset(_TIFF_INCLUDE_DIR)
+  endif()
+
+  set(HAVE_TIFF YES)
+endif()
+
+# --- libjpeg (optional) ---
+if(WITH_JPEG)
+  if(BUILD_JPEG)
+    ocv_clear_vars(JPEG_FOUND)
+  else()
+    include(FindJPEG)
+  endif()
+
+  if(NOT JPEG_FOUND)
+    ocv_clear_vars(JPEG_LIBRARY JPEG_LIBRARIES JPEG_INCLUDE_DIR)
+
+    set(JPEG_LIBRARY libjpeg)
+    set(JPEG_LIBRARIES ${JPEG_LIBRARY})
+    add_subdirectory("${OpenCV_SOURCE_DIR}/3rdparty/libjpeg")
+    set(JPEG_INCLUDE_DIR "${${JPEG_LIBRARY}_SOURCE_DIR}")
+  endif()
+
+  ocv_parse_header("${JPEG_INCLUDE_DIR}/jpeglib.h" JPEG_VERSION_LINES JPEG_LIB_VERSION)
+  set(HAVE_JPEG YES)
+endif()
+
+# --- libwebp (optional) ---
+
+if(WITH_WEBP)
+  if(BUILD_WEBP)
+    ocv_clear_vars(WEBP_FOUND WEBP_LIBRARY WEBP_LIBRARIES WEBP_INCLUDE_DIR)
+  else()
+    include(cmake/OpenCVFindWebP.cmake)
+  endif()
+endif()
+
+# --- Add libwebp to 3rdparty/libwebp and compile it if not available ---
+if(WITH_WEBP AND NOT WEBP_FOUND)
+
+  set(WEBP_LIBRARY libwebp)
+  set(WEBP_LIBRARIES ${WEBP_LIBRARY})
+
+  add_subdirectory("${OpenCV_SOURCE_DIR}/3rdparty/libwebp")
+  set(WEBP_INCLUDE_DIR "${${WEBP_LIBRARY}_SOURCE_DIR}")
+endif()
+
+if(NOT WEBP_VERSION AND WEBP_INCLUDE_DIR)
+  ocv_clear_vars(ENC_MAJ_VERSION ENC_MIN_VERSION ENC_REV_VERSION)
+  if(EXISTS "${WEBP_INCLUDE_DIR}/enc/vp8enci.h")
+    ocv_parse_header("${WEBP_INCLUDE_DIR}/enc/vp8enci.h" WEBP_VERSION_LINES ENC_MAJ_VERSION ENC_MIN_VERSION ENC_REV_VERSION)
+    set(WEBP_VERSION "${ENC_MAJ_VERSION}.${ENC_MIN_VERSION}.${ENC_REV_VERSION}")
+  elseif(EXISTS "${WEBP_INCLUDE_DIR}/webp/encode.h")
+    file(STRINGS "${WEBP_INCLUDE_DIR}/webp/encode.h" WEBP_ENCODER_ABI_VERSION REGEX "#define[ \t]+WEBP_ENCODER_ABI_VERSION[ \t]+([x0-9a-f]+)" )
+    if(WEBP_ENCODER_ABI_VERSION MATCHES "#define[ \t]+WEBP_ENCODER_ABI_VERSION[ \t]+([x0-9a-f]+)")
+        set(WEBP_ENCODER_ABI_VERSION "${CMAKE_MATCH_1}")
+        set(WEBP_VERSION "encoder: ${WEBP_ENCODER_ABI_VERSION}")
+    else()
+      unset(WEBP_ENCODER_ABI_VERSION)
+    endif()
+  endif()
+endif()
+
+# --- libjasper (optional, should be searched after libjpeg) ---
+if(WITH_JASPER)
+  if(BUILD_JASPER)
+    ocv_clear_vars(JASPER_FOUND)
+  else()
+    include(FindJasper)
+  endif()
+
+  if(NOT JASPER_FOUND)
+    ocv_clear_vars(JASPER_LIBRARY JASPER_LIBRARIES JASPER_INCLUDE_DIR)
+
+    set(JASPER_LIBRARY libjasper)
+    set(JASPER_LIBRARIES ${JASPER_LIBRARY})
+    add_subdirectory("${OpenCV_SOURCE_DIR}/3rdparty/libjasper")
+    set(JASPER_INCLUDE_DIR "${${JASPER_LIBRARY}_SOURCE_DIR}")
+  endif()
+
+  set(HAVE_JASPER YES)
+
+  if(NOT JASPER_VERSION_STRING)
+    ocv_parse_header2(JASPER "${JASPER_INCLUDE_DIR}/jasper/jas_config.h" JAS_VERSION "")
+  endif()
+endif()
+
+# --- libpng (optional, should be searched after zlib) ---
+if(WITH_PNG)
+  if(BUILD_PNG)
+    ocv_clear_vars(PNG_FOUND)
+  else()
+    include(FindPNG)
+    if(PNG_FOUND)
+      include(CheckIncludeFile)
+      check_include_file("${PNG_PNG_INCLUDE_DIR}/libpng/png.h" HAVE_LIBPNG_PNG_H)
+      if(HAVE_LIBPNG_PNG_H)
+        ocv_parse_header("${PNG_PNG_INCLUDE_DIR}/libpng/png.h" PNG_VERSION_LINES PNG_LIBPNG_VER_MAJOR PNG_LIBPNG_VER_MINOR PNG_LIBPNG_VER_RELEASE)
+      else()
+        ocv_parse_header("${PNG_PNG_INCLUDE_DIR}/png.h" PNG_VERSION_LINES PNG_LIBPNG_VER_MAJOR PNG_LIBPNG_VER_MINOR PNG_LIBPNG_VER_RELEASE)
+      endif()
+    endif()
+  endif()
+
+  if(NOT PNG_FOUND)
+    ocv_clear_vars(PNG_LIBRARY PNG_LIBRARIES PNG_INCLUDE_DIR PNG_PNG_INCLUDE_DIR HAVE_LIBPNG_PNG_H PNG_DEFINITIONS)
+
+    set(PNG_LIBRARY libpng)
+    set(PNG_LIBRARIES ${PNG_LIBRARY})
+    add_subdirectory("${OpenCV_SOURCE_DIR}/3rdparty/libpng")
+    set(PNG_INCLUDE_DIR "${${PNG_LIBRARY}_SOURCE_DIR}")
+    set(PNG_DEFINITIONS "")
+    ocv_parse_header("${PNG_INCLUDE_DIR}/png.h" PNG_VERSION_LINES PNG_LIBPNG_VER_MAJOR PNG_LIBPNG_VER_MINOR PNG_LIBPNG_VER_RELEASE)
+  endif()
+
+  set(HAVE_PNG YES)
+  set(PNG_VERSION "${PNG_LIBPNG_VER_MAJOR}.${PNG_LIBPNG_VER_MINOR}.${PNG_LIBPNG_VER_RELEASE}")
+endif()
+
+# --- OpenEXR (optional) ---
+if(WITH_OPENEXR)
+  if(BUILD_OPENEXR)
+    ocv_clear_vars(OPENEXR_FOUND)
+  else()
+    include("${OpenCV_SOURCE_DIR}/cmake/OpenCVFindOpenEXR.cmake")
+  endif()
+
+  if(NOT OPENEXR_FOUND)
+    ocv_clear_vars(OPENEXR_INCLUDE_PATHS OPENEXR_LIBRARIES OPENEXR_ILMIMF_LIBRARY OPENEXR_VERSION)
+
+    set(OPENEXR_LIBRARIES IlmImf)
+    set(OPENEXR_ILMIMF_LIBRARY IlmImf)
+    add_subdirectory("${OpenCV_SOURCE_DIR}/3rdparty/openexr")
+  endif()
+
+  set(HAVE_OPENEXR YES)
+endif()
+
+# --- GDAL (optional) ---
+if(WITH_GDAL)
+    find_package(GDAL)
+
+    if(NOT GDAL_FOUND)
+        ocv_clear_vars(GDAL_LIBRARY GDAL_INCLUDE_DIR)
+        set(HAVE_GDAL NO)
+    else()
+        set(HAVE_GDAL YES)
+        ocv_include_directories(${GDAL_INCLUDE_DIR})
+    endif()
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLibsPerf.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLibsPerf.cmake
new file mode 100644
index 000000000..bda5d792a
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLibsPerf.cmake
@@ -0,0 +1,131 @@
+# ----------------------------------------------------------------------------
+#  Detect other 3rd-party performance and math libraries
+# ----------------------------------------------------------------------------
+
+# --- TBB ---
+if(WITH_TBB)
+  include("${OpenCV_SOURCE_DIR}/cmake/OpenCVDetectTBB.cmake")
+endif(WITH_TBB)
+
+# --- IPP ---
+if(WITH_IPP)
+  include("${OpenCV_SOURCE_DIR}/cmake/OpenCVFindIPP.cmake")
+  if(HAVE_IPP)
+    ocv_include_directories(${IPP_INCLUDE_DIRS})
+    list(APPEND OPENCV_LINKER_LIBS ${IPP_LIBRARIES})
+  endif()
+endif()
+
+# --- IPP Async ---
+
+if(WITH_IPP_A)
+  include("${OpenCV_SOURCE_DIR}/cmake/OpenCVFindIPPAsync.cmake")
+  if(IPP_A_INCLUDE_DIR AND IPP_A_LIBRARIES)
+    ocv_include_directories(${IPP_A_INCLUDE_DIR})
+    link_directories(${IPP_A_LIBRARIES})
+    set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} ${IPP_A_LIBRARIES})
+   endif()
+endif(WITH_IPP_A)
+
+# --- CUDA ---
+if(WITH_CUDA)
+  include("${OpenCV_SOURCE_DIR}/cmake/OpenCVDetectCUDA.cmake")
+endif(WITH_CUDA)
+
+# --- Eigen ---
+if(WITH_EIGEN)
+  find_path(EIGEN_INCLUDE_PATH "Eigen/Core"
+            PATHS /usr/local /opt /usr $ENV{EIGEN_ROOT}/include ENV ProgramFiles ENV ProgramW6432
+            PATH_SUFFIXES include/eigen3 include/eigen2 Eigen/include/eigen3 Eigen/include/eigen2
+            DOC "The path to Eigen3/Eigen2 headers"
+            CMAKE_FIND_ROOT_PATH_BOTH)
+
+  if(EIGEN_INCLUDE_PATH)
+    ocv_include_directories(${EIGEN_INCLUDE_PATH})
+    ocv_parse_header("${EIGEN_INCLUDE_PATH}/Eigen/src/Core/util/Macros.h" EIGEN_VERSION_LINES EIGEN_WORLD_VERSION EIGEN_MAJOR_VERSION EIGEN_MINOR_VERSION)
+    set(HAVE_EIGEN 1)
+  endif()
+endif(WITH_EIGEN)
+
+# --- Clp ---
+# Ubuntu: sudo apt-get install coinor-libclp-dev coinor-libcoinutils-dev
+ocv_clear_vars(HAVE_CLP)
+if(WITH_CLP)
+  if(UNIX)
+    PKG_CHECK_MODULES(CLP clp)
+    if(CLP_FOUND)
+      set(HAVE_CLP TRUE)
+      if(NOT ${CLP_INCLUDE_DIRS} STREQUAL "")
+        ocv_include_directories(${CLP_INCLUDE_DIRS})
+      endif()
+      link_directories(${CLP_LIBRARY_DIRS})
+      set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} ${CLP_LIBRARIES})
+    endif()
+  endif()
+
+  if(NOT CLP_FOUND)
+    find_path(CLP_INCLUDE_PATH "coin"
+              PATHS "/usr/local/include" "/usr/include" "/opt/include"
+              DOC "The path to Clp headers")
+    if(CLP_INCLUDE_PATH)
+      ocv_include_directories(${CLP_INCLUDE_PATH} "${CLP_INCLUDE_PATH}/coin")
+      get_filename_component(_CLP_LIBRARY_DIR "${CLP_INCLUDE_PATH}/../lib" ABSOLUTE)
+      set(CLP_LIBRARY_DIR "${_CLP_LIBRARY_DIR}" CACHE PATH "Full path of Clp library directory")
+      link_directories(${CLP_LIBRARY_DIR})
+      if(UNIX)
+        set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} Clp CoinUtils m)
+      else()
+        if(MINGW)
+            set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} Clp CoinUtils)
+        else()
+            set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} libClp libCoinUtils)
+        endif()
+      endif()
+      set(HAVE_CLP TRUE)
+    endif()
+  endif()
+endif(WITH_CLP)
+
+# --- C= ---
+if(WITH_CSTRIPES AND NOT HAVE_TBB)
+  include("${OpenCV_SOURCE_DIR}/cmake/OpenCVDetectCStripes.cmake")
+else()
+  set(HAVE_CSTRIPES 0)
+endif()
+
+# --- GCD ---
+if(APPLE AND NOT HAVE_TBB AND NOT HAVE_CSTRIPES)
+  set(HAVE_GCD 1)
+else()
+  set(HAVE_GCD 0)
+endif()
+
+# --- Concurrency ---
+if(MSVC AND NOT HAVE_TBB AND NOT HAVE_CSTRIPES)
+  set(_fname "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/concurrencytest.cpp")
+  file(WRITE "${_fname}" "#if _MSC_VER < 1600\n#error\n#endif\nint main() { return 0; }\n")
+  try_compile(HAVE_CONCURRENCY "${CMAKE_BINARY_DIR}" "${_fname}")
+  file(REMOVE "${_fname}")
+else()
+  set(HAVE_CONCURRENCY 0)
+endif()
+
+# --- OpenMP ---
+if(WITH_OPENMP)
+  find_package(OpenMP)
+  if(OPENMP_FOUND)
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${OpenMP_C_FLAGS}")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${OpenMP_CXX_FLAGS}")
+  endif()
+  set(HAVE_OPENMP "${OPENMP_FOUND}")
+endif()
+
+if(UNIX OR ANDROID)
+if(NOT APPLE AND NOT HAVE_TBB AND NOT HAVE_OPENMP)
+  set(HAVE_PTHREADS_PF 1)
+else()
+  set(HAVE_PTHREADS_PF 0)
+endif()
+else()
+  set(HAVE_PTHREADS_PF 0)
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLibsVideo.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLibsVideo.cmake
new file mode 100644
index 000000000..279787a34
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindLibsVideo.cmake
@@ -0,0 +1,319 @@
+# ----------------------------------------------------------------------------
+#  Detect 3rd-party video IO libraries
+# ----------------------------------------------------------------------------
+
+ocv_clear_vars(HAVE_VFW)
+if(WITH_VFW)
+  try_compile(HAVE_VFW
+    "${OpenCV_BINARY_DIR}"
+    "${OpenCV_SOURCE_DIR}/cmake/checks/vfwtest.cpp"
+    CMAKE_FLAGS "-DLINK_LIBRARIES:STRING=vfw32")
+endif(WITH_VFW)
+
+# --- GStreamer ---
+ocv_clear_vars(HAVE_GSTREAMER)
+# try to find gstreamer 1.x first
+if(WITH_GSTREAMER AND NOT WITH_GSTREAMER_0_10)
+  CHECK_MODULE(gstreamer-base-1.0 HAVE_GSTREAMER_BASE)
+  CHECK_MODULE(gstreamer-video-1.0 HAVE_GSTREAMER_VIDEO)
+  CHECK_MODULE(gstreamer-app-1.0 HAVE_GSTREAMER_APP)
+  CHECK_MODULE(gstreamer-riff-1.0 HAVE_GSTREAMER_RIFF)
+  CHECK_MODULE(gstreamer-pbutils-1.0 HAVE_GSTREAMER_PBUTILS)
+
+  if(HAVE_GSTREAMER_BASE AND HAVE_GSTREAMER_VIDEO AND HAVE_GSTREAMER_APP AND HAVE_GSTREAMER_RIFF AND HAVE_GSTREAMER_PBUTILS)
+      set(HAVE_GSTREAMER TRUE)
+      set(GSTREAMER_BASE_VERSION ${ALIASOF_gstreamer-base-1.0_VERSION})
+      set(GSTREAMER_VIDEO_VERSION ${ALIASOF_gstreamer-video-1.0_VERSION})
+      set(GSTREAMER_APP_VERSION ${ALIASOF_gstreamer-app-1.0_VERSION})
+      set(GSTREAMER_RIFF_VERSION ${ALIASOF_gstreamer-riff-1.0_VERSION})
+      set(GSTREAMER_PBUTILS_VERSION ${ALIASOF_gstreamer-pbutils-1.0_VERSION})
+  endif()
+
+endif(WITH_GSTREAMER AND NOT WITH_GSTREAMER_0_10)
+
+# if gstreamer 1.x was not found, or we specified we wanted 0.10, try to find it
+if(WITH_GSTREAMER AND NOT HAVE_GSTREAMER OR WITH_GSTREAMER_0_10)
+  CHECK_MODULE(gstreamer-base-0.10 HAVE_GSTREAMER_BASE)
+  CHECK_MODULE(gstreamer-video-0.10 HAVE_GSTREAMER_VIDEO)
+  CHECK_MODULE(gstreamer-app-0.10 HAVE_GSTREAMER_APP)
+  CHECK_MODULE(gstreamer-riff-0.10 HAVE_GSTREAMER_RIFF)
+  CHECK_MODULE(gstreamer-pbutils-0.10 HAVE_GSTREAMER_PBUTILS)
+
+  if(HAVE_GSTREAMER_BASE AND HAVE_GSTREAMER_VIDEO AND HAVE_GSTREAMER_APP AND HAVE_GSTREAMER_RIFF AND HAVE_GSTREAMER_PBUTILS)
+      set(HAVE_GSTREAMER TRUE)
+      set(GSTREAMER_BASE_VERSION ${ALIASOF_gstreamer-base-0.10_VERSION})
+      set(GSTREAMER_VIDEO_VERSION ${ALIASOF_gstreamer-video-0.10_VERSION})
+      set(GSTREAMER_APP_VERSION ${ALIASOF_gstreamer-app-0.10_VERSION})
+      set(GSTREAMER_RIFF_VERSION ${ALIASOF_gstreamer-riff-0.10_VERSION})
+      set(GSTREAMER_PBUTILS_VERSION ${ALIASOF_gstreamer-pbutils-0.10_VERSION})
+  endif()
+endif(WITH_GSTREAMER AND NOT HAVE_GSTREAMER OR WITH_GSTREAMER_0_10)
+
+# --- unicap ---
+ocv_clear_vars(HAVE_UNICAP)
+if(WITH_UNICAP)
+  CHECK_MODULE(libunicap HAVE_UNICAP_)
+  CHECK_MODULE(libucil HAVE_UNICAP_UCIL)
+  if(HAVE_UNICAP_ AND HAVE_UNICAP_UCIL)
+    set(HAVE_UNICAP TRUE)
+  endif()
+endif(WITH_UNICAP)
+
+# --- PvApi ---
+ocv_clear_vars(HAVE_PVAPI)
+if(WITH_PVAPI)
+  find_path(PVAPI_INCLUDE_PATH "PvApi.h"
+            PATHS /usr/local /opt /usr ENV ProgramFiles ENV ProgramW6432
+            PATH_SUFFIXES include "Allied Vision Technologies/GigESDK/inc-pc" "AVT GigE SDK/inc-pc" "GigESDK/inc-pc"
+            DOC "The path to PvAPI header")
+
+  if(PVAPI_INCLUDE_PATH)
+    if(X86 AND NOT WIN32)
+      set(PVAPI_SDK_SUBDIR x86)
+    elseif(X86_64)
+      set(PVAPI_SDK_SUBDIR x64)
+    elseif(ARM)
+      set(PVAPI_SDK_SUBDIR arm)
+    endif()
+
+    get_filename_component(_PVAPI_LIBRARY "${PVAPI_INCLUDE_PATH}/../lib-pc" ABSOLUTE)
+    if(PVAPI_SDK_SUBDIR)
+      set(_PVAPI_LIBRARY "${_PVAPI_LIBRARY}/${PVAPI_SDK_SUBDIR}")
+    endif()
+    if(NOT WIN32 AND CMAKE_COMPILER_IS_GNUCXX)
+      set(_PVAPI_LIBRARY "${_PVAPI_LIBRARY}/${CMAKE_OPENCV_GCC_VERSION_MAJOR}.${CMAKE_OPENCV_GCC_VERSION_MINOR}")
+    endif()
+
+    if(WIN32)
+      if(MINGW)
+        set(PVAPI_DEFINITIONS "-DPVDECL=__stdcall")
+      endif(MINGW)
+      set(PVAPI_LIBRARY "${_PVAPI_LIBRARY}/PvAPI.lib" CACHE PATH "The PvAPI library")
+    else(WIN32)
+      set(PVAPI_LIBRARY "${_PVAPI_LIBRARY}/${CMAKE_STATIC_LIBRARY_PREFIX}PvAPI${CMAKE_STATIC_LIBRARY_SUFFIX}" CACHE PATH "The PvAPI library")
+    endif(WIN32)
+    if(EXISTS "${PVAPI_LIBRARY}")
+      set(HAVE_PVAPI TRUE)
+    endif()
+  endif(PVAPI_INCLUDE_PATH)
+endif(WITH_PVAPI)
+
+# --- GigEVisionSDK ---
+ocv_clear_vars(HAVE_GIGE_API)
+if(WITH_GIGEAPI)
+  find_path(GIGEAPI_INCLUDE_PATH "GigEVisionSDK.h"
+            PATHS /usr/local /var /opt /usr ENV ProgramFiles ENV ProgramW6432
+            PATH_SUFFIXES include "Smartek Vision Technologies/GigEVisionSDK/gige_cpp" "GigEVisionSDK/gige_cpp" "GigEVisionSDK/gige_c"
+            DOC "The path to Smartek GigEVisionSDK header")
+  FIND_LIBRARY(GIGEAPI_LIBRARIES NAMES GigEVisionSDK)
+  if(GIGEAPI_LIBRARIES AND GIGEAPI_INCLUDE_PATH)
+    set(HAVE_GIGE_API TRUE)
+  endif()
+endif(WITH_GIGEAPI)
+
+# --- Dc1394 ---
+ocv_clear_vars(HAVE_DC1394 HAVE_DC1394_2)
+if(WITH_1394)
+  if(WIN32 AND MINGW)
+      find_path(CMU1394_INCLUDE_PATH "/1394common.h"
+                PATH_SUFFIXES include
+                DOC "The path to cmu1394 headers")
+      find_path(DC1394_2_INCLUDE_PATH "/dc1394/dc1394.h"
+                PATH_SUFFIXES include
+                DOC "The path to DC1394 2.x headers")
+      if(CMU1394_INCLUDE_PATH AND DC1394_2_INCLUDE_PATH)
+        set(CMU1394_LIB_DIR  "${CMU1394_INCLUDE_PATH}/../lib"  CACHE PATH "Full path of CMU1394 library directory")
+        set(DC1394_2_LIB_DIR "${DC1394_2_INCLUDE_PATH}/../lib" CACHE PATH "Full path of DC1394 2.x library directory")
+        if(EXISTS "${CMU1394_LIB_DIR}/lib1394camera.a" AND EXISTS "${DC1394_2_LIB_DIR}/libdc1394.a")
+          set(HAVE_DC1394_2 TRUE)
+        endif()
+      endif()
+      if(HAVE_DC1394_2)
+        ocv_parse_pkg("libdc1394-2" "${DC1394_2_LIB_DIR}/pkgconfig" "")
+        ocv_include_directories(${DC1394_2_INCLUDE_PATH})
+        set(VIDEOIO_LIBRARIES ${VIDEOIO_LIBRARIES}
+            "${DC1394_2_LIB_DIR}/libdc1394.a"
+            "${CMU1394_LIB_DIR}/lib1394camera.a")
+      endif(HAVE_DC1394_2)
+  else(WIN32 AND MINGW)
+    CHECK_MODULE(libdc1394-2 HAVE_DC1394_2)
+    if(NOT HAVE_DC1394_2)
+      CHECK_MODULE(libdc1394 HAVE_DC1394)
+    endif()
+  endif(WIN32 AND MINGW)
+endif(WITH_1394)
+
+# --- xine ---
+ocv_clear_vars(HAVE_XINE)
+if(WITH_XINE)
+  CHECK_MODULE(libxine HAVE_XINE)
+endif(WITH_XINE)
+
+# --- V4L ---
+ocv_clear_vars(HAVE_LIBV4L HAVE_CAMV4L HAVE_CAMV4L2 HAVE_VIDEOIO)
+if(WITH_V4L)
+  if(WITH_LIBV4L)
+    CHECK_MODULE(libv4l1 HAVE_LIBV4L1)
+    CHECK_MODULE(libv4l2 HAVE_LIBV4L2)
+    if(HAVE_LIBV4L1 AND HAVE_LIBV4L2)
+      set(HAVE_LIBV4L YES)
+    else()
+      set(HAVE_LIBV4L NO)
+    endif()
+  endif()
+  CHECK_INCLUDE_FILE(linux/videodev.h HAVE_CAMV4L)
+  CHECK_INCLUDE_FILE(linux/videodev2.h HAVE_CAMV4L2)
+  CHECK_INCLUDE_FILE(sys/videoio.h HAVE_VIDEOIO)
+endif(WITH_V4L)
+
+# --- OpenNI ---
+ocv_clear_vars(HAVE_OPENNI HAVE_OPENNI_PRIME_SENSOR_MODULE)
+if(WITH_OPENNI)
+  include("${OpenCV_SOURCE_DIR}/cmake/OpenCVFindOpenNI.cmake")
+endif(WITH_OPENNI)
+
+ocv_clear_vars(HAVE_OPENNI2)
+if(WITH_OPENNI2)
+  include("${OpenCV_SOURCE_DIR}/cmake/OpenCVFindOpenNI2.cmake")
+endif(WITH_OPENNI2)
+
+# --- XIMEA ---
+ocv_clear_vars(HAVE_XIMEA)
+if(WITH_XIMEA)
+  include("${OpenCV_SOURCE_DIR}/cmake/OpenCVFindXimea.cmake")
+  if(XIMEA_FOUND)
+    set(HAVE_XIMEA TRUE)
+  endif()
+endif(WITH_XIMEA)
+
+# --- FFMPEG ---
+ocv_clear_vars(HAVE_FFMPEG HAVE_FFMPEG_CODEC HAVE_FFMPEG_FORMAT HAVE_FFMPEG_UTIL HAVE_FFMPEG_SWSCALE HAVE_FFMPEG_RESAMPLE HAVE_GENTOO_FFMPEG HAVE_FFMPEG_FFMPEG)
+if(WITH_FFMPEG)
+  if(WIN32 AND NOT ARM)
+    include("${OpenCV_SOURCE_DIR}/3rdparty/ffmpeg/ffmpeg_version.cmake")
+  elseif(UNIX)
+    CHECK_MODULE(libavcodec HAVE_FFMPEG_CODEC)
+    CHECK_MODULE(libavformat HAVE_FFMPEG_FORMAT)
+    CHECK_MODULE(libavutil HAVE_FFMPEG_UTIL)
+    CHECK_MODULE(libswscale HAVE_FFMPEG_SWSCALE)
+    CHECK_MODULE(libavresample HAVE_FFMPEG_RESAMPLE)
+
+    CHECK_INCLUDE_FILE(libavformat/avformat.h HAVE_GENTOO_FFMPEG)
+    CHECK_INCLUDE_FILE(ffmpeg/avformat.h HAVE_FFMPEG_FFMPEG)
+    if(NOT HAVE_GENTOO_FFMPEG AND NOT HAVE_FFMPEG_FFMPEG)
+      if(EXISTS /usr/include/ffmpeg/libavformat/avformat.h OR HAVE_FFMPEG_SWSCALE)
+        set(HAVE_GENTOO_FFMPEG TRUE)
+      endif()
+    endif()
+    if(HAVE_FFMPEG_CODEC AND HAVE_FFMPEG_FORMAT AND HAVE_FFMPEG_UTIL AND HAVE_FFMPEG_SWSCALE)
+      set(HAVE_FFMPEG TRUE)
+    endif()
+
+    if(HAVE_FFMPEG)
+      # Find the bzip2 library because it is required on some systems
+      FIND_LIBRARY(BZIP2_LIBRARIES NAMES bz2 bzip2)
+      if(NOT BZIP2_LIBRARIES)
+        # Do an other trial
+        FIND_FILE(BZIP2_LIBRARIES NAMES libbz2.so.1 PATHS /lib)
+      endif()
+    else()
+      find_path(FFMPEG_INCLUDE_DIR "libavformat/avformat.h"
+                PATHS /usr/local /usr /opt
+                PATH_SUFFIXES include
+                DOC "The path to FFMPEG headers")
+      if(FFMPEG_INCLUDE_DIR)
+        set(HAVE_GENTOO_FFMPEG TRUE)
+        set(FFMPEG_LIB_DIR "${FFMPEG_INCLUDE_DIR}/../lib" CACHE PATH "Full path of FFMPEG library directory")
+        find_library(FFMPEG_CODEC_LIB "avcodec" HINTS "${FFMPEG_LIB_DIR}")
+        find_library(FFMPEG_FORMAT_LIB "avformat" HINTS "${FFMPEG_LIB_DIR}")
+        find_library(FFMPEG_UTIL_LIB "avutil" HINTS "${FFMPEG_LIB_DIR}")
+        find_library(FFMPEG_SWSCALE_LIB "swscale" HINTS "${FFMPEG_LIB_DIR}")
+        find_library(FFMPEG_RESAMPLE_LIB "avresample" HINTS "${FFMPEG_LIB_DIR}")
+        if(FFMPEG_CODEC_LIB)
+          set(HAVE_FFMPEG_CODEC 1)
+        endif()
+        if(FFMPEG_FORMAT_LIB)
+          set(HAVE_FFMPEG_FORMAT 1)
+        endif()
+        if(FFMPEG_UTIL_LIB)
+          set(HAVE_FFMPEG_UTIL 1)
+        endif()
+        if(FFMPEG_SWSCALE_LIB)
+          set(HAVE_FFMPEG_SWSCALE 1)
+        endif()
+        if(FFMPEG_CODEC_LIB AND FFMPEG_FORMAT_LIB AND
+           FFMPEG_UTIL_LIB AND FFMPEG_SWSCALE_LIB)
+          set(ALIASOF_libavcodec_VERSION "Unknown")
+          set(ALIASOF_libavformat_VERSION "Unknown")
+          set(ALIASOF_libavutil_VERSION "Unknown")
+          set(ALIASOF_libswscale_VERSION "Unknown")
+          set(HAVE_FFMPEG 1)
+          if(FFMPEG_RESAMPLE_LIB)
+            set(HAVE_FFMPEG_RESAMPLE 1)
+            set(ALIASOF_libavresample_VERSION "Unknown")
+          endif()
+        endif()
+      endif(FFMPEG_INCLUDE_DIR)
+      if(HAVE_FFMPEG)
+        set(VIDEOIO_LIBRARIES ${VIDEOIO_LIBRARIES} "${FFMPEG_LIB_DIR}/libavcodec.a"
+            "${FFMPEG_LIB_DIR}/libavformat.a" "${FFMPEG_LIB_DIR}/libavutil.a"
+            "${FFMPEG_LIB_DIR}/libswscale.a")
+        if(HAVE_FFMPEG_RESAMPLE)
+          set(VIDEOIO_LIBRARIES ${VIDEOIO_LIBRARIES} "${FFMPEG_LIB_DIR}/libavresample.a")
+        endif()
+        ocv_include_directories(${FFMPEG_INCLUDE_DIR})
+      endif(HAVE_FFMPEG)
+    endif()
+  endif()
+endif(WITH_FFMPEG)
+
+# --- VideoInput/DirectShow ---
+if(WITH_DSHOW)
+  # always have VideoInput on Windows
+  set(HAVE_DSHOW 1)
+endif(WITH_DSHOW)
+
+# --- VideoInput/Microsoft Media Foundation ---
+ocv_clear_vars(HAVE_MSMF)
+if(WITH_MSMF)
+  check_include_file(Mfapi.h HAVE_MSMF)
+endif(WITH_MSMF)
+
+# --- Extra HighGUI and VideoIO libs on Windows ---
+if(WIN32)
+  list(APPEND HIGHGUI_LIBRARIES comctl32 gdi32 ole32 setupapi ws2_32)
+  if(HAVE_VFW)
+    list(APPEND VIDEOIO_LIBRARIES vfw32)
+  endif()
+  if(MINGW64)
+    list(APPEND VIDEOIO_LIBRARIES avifil32 avicap32 winmm msvfw32)
+    list(REMOVE_ITEM VIDEOIO_LIBRARIES vfw32)
+  elseif(MINGW)
+    list(APPEND VIDEOIO_LIBRARIES winmm)
+  endif()
+endif(WIN32)
+
+# --- Apple AV Foundation ---
+if(WITH_AVFOUNDATION)
+  set(HAVE_AVFOUNDATION YES)
+endif()
+
+# --- QuickTime ---
+if (NOT IOS)
+  if(WITH_QUICKTIME)
+    set(HAVE_QUICKTIME YES)
+  elseif(APPLE AND CMAKE_COMPILER_IS_CLANGCXX)
+    set(HAVE_QTKIT YES)
+  endif()
+endif()
+
+# --- Intel Perceptual Computing SDK ---
+if(WITH_INTELPERC)
+  include("${OpenCV_SOURCE_DIR}/cmake/OpenCVFindIntelPerCSDK.cmake")
+endif(WITH_INTELPERC)
+
+# --- gPhoto2 ---
+ocv_clear_vars(HAVE_GPHOTO2)
+if(WITH_GPHOTO2)
+  CHECK_MODULE(libgphoto2 HAVE_GPHOTO2)
+endif(WITH_GPHOTO2)
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindMatlab.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindMatlab.cmake
new file mode 100644
index 000000000..c4a174c39
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindMatlab.cmake
@@ -0,0 +1,199 @@
+# ----- Find Matlab/Octave -----
+#
+# OpenCVFindMatlab.cmake attempts to locate the install path of Matlab in order
+# to extract the mex headers, libraries and shell scripts. If found
+# successfully, the following variables will be defined
+#
+#   MATLAB_FOUND:       true/false
+#   MATLAB_ROOT_DIR:    Root of Matlab installation
+#   MATLAB_BIN:         The main Matlab "executable" (shell script)
+#   MATLAB_MEX_SCRIPT:  The mex script used to compile mex files
+#   MATLAB_INCLUDE_DIRS:Path to "mex.h"
+#   MATLAB_LIBRARY_DIRS:Path to mex and matrix libraries
+#   MATLAB_LIBRARIES:   The Matlab libs, usually mx, mex, mat
+#   MATLAB_MEXEXT:      The mex library extension. It will be one of:
+#                         mexwin32, mexwin64,  mexglx, mexa64, mexmac,
+#                         mexmaci,  mexmaci64, mexsol, mexs64
+#   MATLAB_ARCH:        The installation architecture. It is **usually**
+#                       the MEXEXT with the preceding "mex" removed,
+#                       though it's different for linux distros.
+#
+# There doesn't appear to be an elegant way to detect all versions of Matlab
+# across different platforms. If you know the matlab path and want to avoid
+# the search, you can define the path to the Matlab root when invoking cmake:
+#
+#   cmake -DMATLAB_ROOT_DIR='/PATH/TO/ROOT_DIR' ..
+
+
+
+# ----- set_library_presuffix -----
+#
+# Matlab tends to use some non-standard prefixes and suffixes on its libraries.
+# For example, libmx.dll on Windows (Windows does not add prefixes) and
+# mkl.dylib on OS X (OS X uses "lib" prefixes).
+# On some versions of Windows the .dll suffix also appears to not be checked.
+#
+# This function modifies the library prefixes and suffixes used by
+# find_library when finding Matlab libraries. It does not affect scopes
+# outside of this file.
+function(set_libarch_prefix_suffix)
+  if (UNIX AND NOT APPLE)
+    set(CMAKE_FIND_LIBRARY_PREFIXES "lib" PARENT_SCOPE)
+    set(CMAKE_FIND_LIBRARY_SUFFIXES ".so" ".a" PARENT_SCOPE)
+  elseif (APPLE)
+    set(CMAKE_FIND_LIBRARY_PREFIXES "lib" PARENT_SCOPE)
+    set(CMAKE_FIND_LIBRARY_SUFFIXES ".dylib" ".a" PARENT_SCOPE)
+  elseif (WIN32)
+    set(CMAKE_FIND_LIBRARY_PREFIXES "lib" PARENT_SCOPE)
+    set(CMAKE_FIND_LIBRARY_SUFFIXES ".lib" ".dll" PARENT_SCOPE)
+  endif()
+endfunction()
+
+
+
+# ----- locate_matlab_root -----
+#
+# Attempt to find the path to the Matlab installation. If successful, sets
+# the absolute path in the variable MATLAB_ROOT_DIR
+function(locate_matlab_root)
+
+  # --- UNIX/APPLE ---
+  if (UNIX)
+    # possible root locations, in order of likelihood
+    set(SEARCH_DIRS_ /Applications /usr/local /opt/local /usr /opt)
+    foreach (DIR_ ${SEARCH_DIRS_})
+      file(GLOB MATLAB_ROOT_DIR_ ${DIR_}/*matlab*)
+      if (MATLAB_ROOT_DIR_)
+        # sort in order from highest to lowest
+        # normally it's in the format MATLAB_R[20XX][A/B]
+        # TODO: numerical rather than lexicographic sort. However,
+        # CMake does not support floating-point MATH(EXPR ...) at this time.
+        list(SORT MATLAB_ROOT_DIR_)
+        list(REVERSE MATLAB_ROOT_DIR_)
+        list(GET MATLAB_ROOT_DIR_ 0 MATLAB_ROOT_DIR_)
+        set(MATLAB_ROOT_DIR ${MATLAB_ROOT_DIR_} PARENT_SCOPE)
+        return()
+      endif()
+    endforeach()
+
+  # --- WINDOWS ---
+  elseif (WIN32)
+    # 1. search the path environment variable
+    find_program(MATLAB_ROOT_DIR_ matlab PATHS ENV PATH)
+    if (MATLAB_ROOT_DIR_)
+      # get the root directory from the full path
+      # /path/to/matlab/rootdir/bin/matlab.exe
+      get_filename_component(MATLAB_ROOT_DIR_ ${MATLAB_ROOT_DIR_} PATH)
+      get_filename_component(MATLAB_ROOT_DIR_ ${MATLAB_ROOT_DIR_} PATH)
+      set(MATLAB_ROOT_DIR ${MATLAB_ROOT_DIR_} PARENT_SCOPE)
+      return()
+    endif()
+
+    # 2. search the registry
+    # determine the available Matlab versions
+    set(REG_EXTENSION_ "SOFTWARE\\Mathworks\\MATLAB")
+    set(REG_ROOTS_ "HKEY_LOCAL_MACHINE" "HKEY_CURRENT_USER")
+    foreach(REG_ROOT_ ${REG_ROOTS_})
+      execute_process(COMMAND reg query "${REG_ROOT_}\\${REG_EXTENSION_}" OUTPUT_VARIABLE QUERY_RESPONSE_)
+      if (QUERY_RESPONSE_)
+        string(REGEX MATCHALL "[0-9]\\.[0-9]" VERSION_STRINGS_ ${QUERY_RESPONSE_})
+        list(APPEND VERSIONS_ ${VERSION_STRINGS_})
+      endif()
+    endforeach()
+
+    # select the highest version
+    list(APPEND VERSIONS_ "0.0")
+    list(SORT VERSIONS_)
+    list(REVERSE VERSIONS_)
+    list(GET VERSIONS_ 0 VERSION_)
+
+    # request the MATLABROOT from the registry
+    foreach(REG_ROOT_ ${REG_ROOTS_})
+      get_filename_component(QUERY_RESPONSE_ [${REG_ROOT_}\\${REG_EXTENSION_}\\${VERSION_};MATLABROOT] ABSOLUTE)
+      if (NOT ${QUERY_RESPONSE_} MATCHES "registry$")
+        set(MATLAB_ROOT_DIR ${QUERY_RESPONSE_} PARENT_SCOPE)
+        return()
+      endif()
+    endforeach()
+  endif()
+endfunction()
+
+
+
+# ----- locate_matlab_components -----
+#
+# Given a directory MATLAB_ROOT_DIR, attempt to find the Matlab components
+# (include directory and libraries) under the root. If everything is found,
+# sets the variable MATLAB_FOUND to TRUE
+function(locate_matlab_components MATLAB_ROOT_DIR)
+  # get the mex extension
+  find_file(MATLAB_MEXEXT_SCRIPT_ NAMES mexext mexext.bat PATHS ${MATLAB_ROOT_DIR}/bin NO_DEFAULT_PATH)
+  execute_process(COMMAND ${MATLAB_MEXEXT_SCRIPT_}
+                  OUTPUT_VARIABLE MATLAB_MEXEXT_
+                  OUTPUT_STRIP_TRAILING_WHITESPACE)
+  if (NOT MATLAB_MEXEXT_)
+    return()
+  endif()
+
+  # map the mexext to an architecture extension
+  set(ARCHITECTURES_ "maci64" "maci" "glnxa64" "glnx64" "sol64" "sola64" "win32" "win64" )
+  foreach(ARCHITECTURE_ ${ARCHITECTURES_})
+    if(EXISTS ${MATLAB_ROOT_DIR}/bin/${ARCHITECTURE_})
+      set(MATLAB_ARCH_ ${ARCHITECTURE_})
+      break()
+    endif()
+  endforeach()
+
+  # get the path to the libraries
+  set(MATLAB_LIBRARY_DIRS_ ${MATLAB_ROOT_DIR}/bin/${MATLAB_ARCH_})
+
+  # get the libraries
+  set_libarch_prefix_suffix()
+  find_library(MATLAB_LIB_MX_  mx  PATHS ${MATLAB_LIBRARY_DIRS_} NO_DEFAULT_PATH)
+  find_library(MATLAB_LIB_MEX_ mex PATHS ${MATLAB_LIBRARY_DIRS_} NO_DEFAULT_PATH)
+  find_library(MATLAB_LIB_MAT_ mat PATHS ${MATLAB_LIBRARY_DIRS_} NO_DEFAULT_PATH)
+  set(MATLAB_LIBRARIES_ ${MATLAB_LIB_MX_} ${MATLAB_LIB_MEX_} ${MATLAB_LIB_MAT_})
+
+  # get the include path
+  find_path(MATLAB_INCLUDE_DIRS_ mex.h ${MATLAB_ROOT_DIR}/extern/include)
+
+  # get the mex shell script
+  find_program(MATLAB_MEX_SCRIPT_ NAMES mex mex.bat PATHS ${MATLAB_ROOT_DIR}/bin NO_DEFAULT_PATH)
+
+  # get the Matlab executable
+  find_program(MATLAB_BIN_ NAMES matlab PATHS ${MATLAB_ROOT_DIR}/bin NO_DEFAULT_PATH)
+
+  # export into parent scope
+  if (MATLAB_MEX_SCRIPT_ AND MATLAB_LIBRARIES_ AND MATLAB_INCLUDE_DIRS_)
+    set(MATLAB_BIN          ${MATLAB_BIN_}          PARENT_SCOPE)
+    set(MATLAB_MEX_SCRIPT   ${MATLAB_MEX_SCRIPT_}   PARENT_SCOPE)
+    set(MATLAB_INCLUDE_DIRS ${MATLAB_INCLUDE_DIRS_} PARENT_SCOPE)
+    set(MATLAB_LIBRARIES    ${MATLAB_LIBRARIES_}    PARENT_SCOPE)
+    set(MATLAB_LIBRARY_DIRS ${MATLAB_LIBRARY_DIRS_} PARENT_SCOPE)
+    set(MATLAB_MEXEXT       ${MATLAB_MEXEXT_}       PARENT_SCOPE)
+    set(MATLAB_ARCH         ${MATLAB_ARCH_}         PARENT_SCOPE)
+  endif()
+endfunction()
+
+
+
+# ----------------------------------------------------------------------------
+# FIND MATLAB COMPONENTS
+# ----------------------------------------------------------------------------
+if (NOT MATLAB_FOUND)
+
+  # attempt to find the Matlab root folder
+  if (NOT MATLAB_ROOT_DIR)
+    locate_matlab_root()
+  endif()
+
+  # given the matlab root folder, find the library locations
+  if (MATLAB_ROOT_DIR)
+    locate_matlab_components(${MATLAB_ROOT_DIR})
+  endif()
+  find_package_handle_standard_args(Matlab DEFAULT_MSG
+                                           MATLAB_MEX_SCRIPT   MATLAB_INCLUDE_DIRS
+                                           MATLAB_ROOT_DIR     MATLAB_LIBRARIES
+                                           MATLAB_LIBRARY_DIRS MATLAB_MEXEXT
+                                           MATLAB_ARCH         MATLAB_BIN)
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindOpenEXR.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindOpenEXR.cmake
new file mode 100644
index 000000000..c0a46806e
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindOpenEXR.cmake
@@ -0,0 +1,108 @@
+# The script is taken from http://code.google.com/p/nvidia-texture-tools/
+
+#
+# Try to find OpenEXR's libraries, and include path.
+# Once done this will define:
+#
+# OPENEXR_FOUND = OpenEXR found.
+# OPENEXR_INCLUDE_PATHS = OpenEXR include directories.
+# OPENEXR_LIBRARIES = libraries that are needed to use OpenEXR.
+#
+
+SET(OPENEXR_LIBRARIES "")
+SET(OPENEXR_LIBSEARCH_SUFFIXES "")
+file(TO_CMAKE_PATH "$ENV{ProgramFiles}" ProgramFiles_ENV_PATH)
+
+if(WIN32)
+    SET(OPENEXR_ROOT "C:/Deploy" CACHE STRING "Path to the OpenEXR \"Deploy\" folder")
+    if(CMAKE_CL_64)
+        SET(OPENEXR_LIBSEARCH_SUFFIXES x64/Release x64 x64/Debug)
+    elseif(MSVC)
+        SET(OPENEXR_LIBSEARCH_SUFFIXES Win32/Release Win32 Win32/Debug)
+    endif()
+else()
+    set(OPENEXR_ROOT "")
+endif()
+
+SET(LIBRARY_PATHS
+    /usr/lib
+    /usr/local/lib
+    /sw/lib
+    /opt/local/lib
+    "${ProgramFiles_ENV_PATH}/OpenEXR/lib/static"
+    "${OPENEXR_ROOT}/lib")
+
+FIND_PATH(OPENEXR_INCLUDE_PATH ImfRgbaFile.h
+    PATH_SUFFIXES OpenEXR
+    PATHS
+    /usr/include
+    /usr/local/include
+    /sw/include
+    /opt/local/include
+    "${ProgramFiles_ENV_PATH}/OpenEXR/include"
+    "${OPENEXR_ROOT}/include")
+
+FIND_LIBRARY(OPENEXR_HALF_LIBRARY
+    NAMES Half
+    PATH_SUFFIXES ${OPENEXR_LIBSEARCH_SUFFIXES}
+    PATHS ${LIBRARY_PATHS})
+
+FIND_LIBRARY(OPENEXR_IEX_LIBRARY
+    NAMES Iex
+    PATH_SUFFIXES ${OPENEXR_LIBSEARCH_SUFFIXES}
+    PATHS ${LIBRARY_PATHS})
+
+FIND_LIBRARY(OPENEXR_IMATH_LIBRARY
+    NAMES Imath
+    PATH_SUFFIXES ${OPENEXR_LIBSEARCH_SUFFIXES}
+    PATHS ${LIBRARY_PATHS})
+
+FIND_LIBRARY(OPENEXR_ILMIMF_LIBRARY
+    NAMES IlmImf
+    PATH_SUFFIXES ${OPENEXR_LIBSEARCH_SUFFIXES}
+    PATHS ${LIBRARY_PATHS})
+
+FIND_LIBRARY(OPENEXR_ILMTHREAD_LIBRARY
+    NAMES IlmThread
+    PATH_SUFFIXES ${OPENEXR_LIBSEARCH_SUFFIXES}
+    PATHS ${LIBRARY_PATHS})
+
+IF (OPENEXR_INCLUDE_PATH AND OPENEXR_IMATH_LIBRARY AND OPENEXR_ILMIMF_LIBRARY AND OPENEXR_IEX_LIBRARY AND OPENEXR_HALF_LIBRARY)
+    SET(OPENEXR_FOUND TRUE)
+    SET(OPENEXR_INCLUDE_PATHS ${OPENEXR_INCLUDE_PATH} CACHE PATH "The include paths needed to use OpenEXR")
+    SET(OPENEXR_LIBRARIES ${OPENEXR_IMATH_LIBRARY} ${OPENEXR_ILMIMF_LIBRARY} ${OPENEXR_IEX_LIBRARY} ${OPENEXR_HALF_LIBRARY} ${OPENEXR_ILMTHREAD_LIBRARY} CACHE STRING "The libraries needed to use OpenEXR" FORCE)
+ENDIF ()
+
+IF(OPENEXR_FOUND)
+  IF(NOT OPENEXR_FIND_QUIETLY)
+    MESSAGE(STATUS "Found OpenEXR: ${OPENEXR_ILMIMF_LIBRARY}")
+  ENDIF()
+  if(PKG_CONFIG_FOUND AND NOT OPENEXR_VERSION)
+    get_filename_component(OPENEXR_LIB_PATH "${OPENEXR_ILMIMF_LIBRARY}" PATH)
+    if(EXISTS "${OPENEXR_LIB_PATH}/pkgconfig/OpenEXR.pc")
+      execute_process(COMMAND ${PKG_CONFIG_EXECUTABLE} --modversion "${OPENEXR_LIB_PATH}/pkgconfig/OpenEXR.pc"
+                      RESULT_VARIABLE PKG_CONFIG_PROCESS
+                      OUTPUT_VARIABLE OPENEXR_VERSION
+                      OUTPUT_STRIP_TRAILING_WHITESPACE ERROR_QUIET)
+      if(NOT PKG_CONFIG_PROCESS EQUAL 0)
+        SET(OPENEXR_VERSION "Unknown")
+      endif()
+    endif()
+  endif()
+  if(NOT OPENEXR_VERSION)
+    SET(OPENEXR_VERSION "Unknown")
+  endif()
+ELSE()
+  IF(OPENEXR_FIND_REQUIRED)
+    MESSAGE(FATAL_ERROR "Could not find OpenEXR library")
+  ENDIF()
+ENDIF()
+
+MARK_AS_ADVANCED(
+    OPENEXR_INCLUDE_PATHS
+    OPENEXR_LIBRARIES
+    OPENEXR_ILMIMF_LIBRARY
+    OPENEXR_IMATH_LIBRARY
+    OPENEXR_IEX_LIBRARY
+    OPENEXR_HALF_LIBRARY
+    OPENEXR_ILMTHREAD_LIBRARY)
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindOpenNI.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindOpenNI.cmake
new file mode 100644
index 000000000..754186894
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindOpenNI.cmake
@@ -0,0 +1,89 @@
+# Main variables:
+# OPENNI_LIBRARY and OPENNI_INCLUDES to link OpenCV modules with OpenNI
+# HAVE_OPENNI for conditional compilation OpenCV with/without OpenNI
+
+if(NOT "${OPENNI_LIB_DIR}" STREQUAL "${OPENNI_LIB_DIR_INTERNAL}")
+    unset(OPENNI_LIBRARY CACHE)
+    unset(OPENNI_LIB_DIR CACHE)
+endif()
+
+if(NOT "${OPENNI_INCLUDE_DIR}" STREQUAL "${OPENNI_INCLUDE_DIR_INTERNAL}")
+    unset(OPENNI_INCLUDES CACHE)
+    unset(OPENNI_INCLUDE_DIR CACHE)
+endif()
+
+if(NOT "${OPENNI_PRIME_SENSOR_MODULE_BIN_DIR}" STREQUAL "${OPENNI_PRIME_SENSOR_MODULE_BIN_DIR_INTERNAL}")
+    unset(OPENNI_PRIME_SENSOR_MODULE CACHE)
+    unset(OPENNI_PRIME_SENSOR_MODULE_BIN_DIR CACHE)
+endif()
+
+if(WIN32)
+    if(NOT (MSVC64 OR MINGW64))
+        find_file(OPENNI_INCLUDES "XnCppWrapper.h" PATHS "$ENV{OPEN_NI_INSTALL_PATH}Include" DOC "OpenNI c++ interface header")
+        find_library(OPENNI_LIBRARY "OpenNI" PATHS $ENV{OPEN_NI_LIB} DOC "OpenNI library")
+    else()
+        find_file(OPENNI_INCLUDES "XnCppWrapper.h" PATHS "$ENV{OPEN_NI_INSTALL_PATH64}Include" DOC "OpenNI c++ interface header")
+        find_library(OPENNI_LIBRARY "OpenNI64" PATHS $ENV{OPEN_NI_LIB64} DOC "OpenNI library")
+    endif()
+elseif(UNIX OR APPLE)
+    find_file(OPENNI_INCLUDES "XnCppWrapper.h" PATHS "/usr/include/ni" "/usr/include/openni" DOC "OpenNI c++ interface header")
+    find_library(OPENNI_LIBRARY "OpenNI" PATHS "/usr/lib" DOC "OpenNI library")
+endif()
+
+if(OPENNI_LIBRARY AND OPENNI_INCLUDES)
+    set(HAVE_OPENNI TRUE)
+    # the check: are PrimeSensor Modules for OpenNI installed
+    if(WIN32)
+    if(NOT (MSVC64 OR MINGW64))
+            find_file(OPENNI_PRIME_SENSOR_MODULE "XnCore.dll" PATHS "$ENV{OPEN_NI_INSTALL_PATH}../PrimeSense/Sensor/Bin" "$ENV{OPEN_NI_INSTALL_PATH}../PrimeSense/SensorKinect/Bin" DOC "Core library of PrimeSensor Modules for OpenNI")
+        else()
+            find_file(OPENNI_PRIME_SENSOR_MODULE "XnCore64.dll" PATHS "$ENV{OPEN_NI_INSTALL_PATH64}../PrimeSense/Sensor/Bin64" "$ENV{OPEN_NI_INSTALL_PATH64}../PrimeSense/SensorKinect/Bin64" DOC "Core library of PrimeSensor Modules for OpenNI")
+        endif()
+    elseif(UNIX OR APPLE)
+        find_library(OPENNI_PRIME_SENSOR_MODULE "XnCore" PATHS "/usr/lib" DOC "Core library of PrimeSensor Modules for OpenNI")
+    endif()
+
+    if(OPENNI_PRIME_SENSOR_MODULE)
+        set(HAVE_OPENNI_PRIME_SENSOR_MODULE TRUE)
+    endif()
+endif() #if(OPENNI_LIBRARY AND OPENNI_INCLUDES)
+
+get_filename_component(OPENNI_LIB_DIR "${OPENNI_LIBRARY}" PATH)
+get_filename_component(OPENNI_INCLUDE_DIR ${OPENNI_INCLUDES} PATH)
+get_filename_component(OPENNI_PRIME_SENSOR_MODULE_BIN_DIR "${OPENNI_PRIME_SENSOR_MODULE}" PATH)
+
+if(HAVE_OPENNI)
+  set(OPENNI_LIB_DIR "${OPENNI_LIB_DIR}" CACHE PATH "Path to OpenNI libraries" FORCE)
+  set(OPENNI_INCLUDE_DIR "${OPENNI_INCLUDE_DIR}" CACHE PATH "Path to OpenNI headers" FORCE)
+  set(OPENNI_PRIME_SENSOR_MODULE_BIN_DIR "${OPENNI_PRIME_SENSOR_MODULE_BIN_DIR}" CACHE PATH "Path to OpenNI PrimeSensor Module binaries" FORCE)
+endif()
+
+if(OPENNI_LIBRARY)
+    set(OPENNI_LIB_DIR_INTERNAL "${OPENNI_LIB_DIR}" CACHE INTERNAL "This is the value of the last time OPENNI_LIB_DIR was set successfully." FORCE)
+else()
+    message( WARNING, " OpenNI library directory (set by OPENNI_LIB_DIR variable) is not found or does not have OpenNI libraries." )
+endif()
+
+if(OPENNI_INCLUDES)
+    set(OPENNI_INCLUDE_DIR_INTERNAL "${OPENNI_INCLUDE_DIR}" CACHE INTERNAL "This is the value of the last time OPENNI_INCLUDE_DIR was set successfully." FORCE)
+else()
+    message( WARNING, " OpenNI include directory (set by OPENNI_INCLUDE_DIR variable) is not found or does not have OpenNI include files." )
+endif()
+
+if(OPENNI_PRIME_SENSOR_MODULE)
+    set(OPENNI_PRIME_SENSOR_MODULE_BIN_DIR_INTERNAL "${OPENNI_PRIME_SENSOR_MODULE_BIN_DIR}" CACHE INTERNAL "This is the value of the last time OPENNI_PRIME_SENSOR_MODULE_BIN_DIR was set successfully." FORCE)
+else()
+    message( WARNING, " PrimeSensor Module binaries directory (set by OPENNI_PRIME_SENSOR_MODULE_BIN_DIR variable) is not found or does not have PrimeSensor Module binaries." )
+endif()
+
+mark_as_advanced(FORCE OPENNI_PRIME_SENSOR_MODULE)
+mark_as_advanced(FORCE OPENNI_LIBRARY)
+mark_as_advanced(FORCE OPENNI_INCLUDES)
+
+if(HAVE_OPENNI)
+  ocv_parse_header("${OPENNI_INCLUDE_DIR}/XnVersion.h" OPENNI_VERSION_LINES XN_MAJOR_VERSION XN_MINOR_VERSION XN_MAINTENANCE_VERSION XN_BUILD_VERSION)
+  if(XN_MAJOR_VERSION)
+    set(OPENNI_VERSION_STRING ${XN_MAJOR_VERSION}.${XN_MINOR_VERSION}.${XN_MAINTENANCE_VERSION} CACHE INTERNAL "OpenNI version")
+    set(OPENNI_VERSION_BUILD ${XN_BUILD_VERSION} CACHE INTERNAL "OpenNI build version")
+  endif()
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindOpenNI2.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindOpenNI2.cmake
new file mode 100644
index 000000000..08e55e6a2
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindOpenNI2.cmake
@@ -0,0 +1,61 @@
+# Main variables:
+# OPENNI2_LIBRARY and OPENNI2_INCLUDES to link OpenCV modules with OpenNI2
+# HAVE_OPENNI2 for conditional compilation OpenCV with/without OpenNI2
+
+if(NOT "${OPENNI2_LIB_DIR}" STREQUAL "${OPENNI2_LIB_DIR_INTERNAL}")
+    unset(OPENNI2_LIBRARY CACHE)
+    unset(OPENNI2_LIB_DIR CACHE)
+endif()
+
+if(NOT "${OPENNI2_INCLUDE_DIR}" STREQUAL "${OPENNI2_INCLUDE_DIR_INTERNAL}")
+    unset(OPENNI2_INCLUDES CACHE)
+    unset(OPENNI2_INCLUDE_DIR CACHE)
+endif()
+
+if(WIN32)
+    if(NOT (MSVC64 OR MINGW64))
+        find_file(OPENNI2_INCLUDES "OpenNI.h" PATHS "$ENV{OPEN_NI_INSTALL_PATH}Include" DOC "OpenNI2 c++ interface header")
+        find_library(OPENNI2_LIBRARY "OpenNI2" PATHS $ENV{OPENNI2_LIB} DOC "OpenNI2 library")
+    else()
+        find_file(OPENNI2_INCLUDES "OpenNI.h" PATHS $ENV{OPENNI2_INCLUDE64} "$ENV{OPEN_NI_INSTALL_PATH64}Include" DOC "OpenNI2 c++ interface header")
+        find_library(OPENNI2_LIBRARY "OpenNI2" PATHS $ENV{OPENNI2_LIB64} DOC "OpenNI2 library")
+    endif()
+elseif(UNIX OR APPLE)
+    find_file(OPENNI2_INCLUDES "OpenNI.h" PATHS "/usr/include/ni2" "/usr/include/openni2" $ENV{OPENNI2_INCLUDE} DOC "OpenNI2 c++ interface header")
+    find_library(OPENNI2_LIBRARY "OpenNI2" PATHS "/usr/lib" $ENV{OPENNI2_REDIST} DOC "OpenNI2 library")
+endif()
+
+if(OPENNI2_LIBRARY AND OPENNI2_INCLUDES)
+    set(HAVE_OPENNI2 TRUE)
+endif() #if(OPENNI2_LIBRARY AND OPENNI2_INCLUDES)
+
+get_filename_component(OPENNI2_LIB_DIR "${OPENNI2_LIBRARY}" PATH)
+get_filename_component(OPENNI2_INCLUDE_DIR ${OPENNI2_INCLUDES} PATH)
+
+if(HAVE_OPENNI2)
+  set(OPENNI2_LIB_DIR "${OPENNI2_LIB_DIR}" CACHE PATH "Path to OpenNI2 libraries" FORCE)
+  set(OPENNI2_INCLUDE_DIR "${OPENNI2_INCLUDE_DIR}" CACHE PATH "Path to OpenNI2 headers" FORCE)
+endif()
+
+if(OPENNI2_LIBRARY)
+    set(OPENNI2_LIB_DIR_INTERNAL "${OPENNI2_LIB_DIR}" CACHE INTERNAL "This is the value of the last time OPENNI_LIB_DIR was set successfully." FORCE)
+else()
+    message( WARNING, " OpenNI2 library directory (set by OPENNI2_LIB_DIR variable) is not found or does not have OpenNI2 libraries." )
+endif()
+
+if(OPENNI2_INCLUDES)
+    set(OPENNI2_INCLUDE_DIR_INTERNAL "${OPENNI2_INCLUDE_DIR}" CACHE INTERNAL "This is the value of the last time OPENNI2_INCLUDE_DIR was set successfully." FORCE)
+else()
+    message( WARNING, " OpenNI2 include directory (set by OPENNI2_INCLUDE_DIR variable) is not found or does not have OpenNI2 include files." )
+endif()
+
+mark_as_advanced(FORCE OPENNI2_LIBRARY)
+mark_as_advanced(FORCE OPENNI2_INCLUDES)
+
+if(HAVE_OPENNI2)
+  ocv_parse_header("${OPENNI2_INCLUDE_DIR}/OniVersion.h" ONI_VERSION_LINE ONI_VERSION_MAJOR ONI_VERSION_MINOR ONI_VERSION_MAINTENANCE ONI_VERSION_BUILD)
+  if(ONI_VERSION_MAJOR)
+    set(OPENNI2_VERSION_STRING ${ONI_VERSION_MAJOR}.${ONI_VERSION_MINOR}.${ONI_VERSION_MAINTENANCE} CACHE INTERNAL "OpenNI2 version")
+    set(OPENNI2_VERSION_BUILD ${ONI_VERSION_BUILD} CACHE INTERNAL "OpenNI2 build version")
+  endif()
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindWebP.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindWebP.cmake
new file mode 100644
index 000000000..740e98512
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindWebP.cmake
@@ -0,0 +1,33 @@
+#=============================================================================
+# Find WebP library
+#=============================================================================
+# Find the native WebP headers and libraries.
+#
+#  WEBP_INCLUDE_DIRS - where to find webp/decode.h, etc.
+#  WEBP_LIBRARIES    - List of libraries when using webp.
+#  WEBP_FOUND        - True if webp is found.
+#=============================================================================
+
+# Look for the header file.
+
+unset(WEBP_FOUND)
+
+FIND_PATH(WEBP_INCLUDE_DIR NAMES webp/decode.h)
+
+if(NOT WEBP_INCLUDE_DIR)
+    unset(WEBP_FOUND)
+else()
+    MARK_AS_ADVANCED(WEBP_INCLUDE_DIR)
+
+    # Look for the library.
+    FIND_LIBRARY(WEBP_LIBRARY NAMES webp)
+    MARK_AS_ADVANCED(WEBP_LIBRARY)
+
+    # handle the QUIETLY and REQUIRED arguments and set WEBFOUND_FOUND to TRUE if
+    # all listed variables are TRUE
+    INCLUDE(${CMAKE_ROOT}/Modules/FindPackageHandleStandardArgs.cmake)
+    FIND_PACKAGE_HANDLE_STANDARD_ARGS(WebP DEFAULT_MSG WEBP_LIBRARY WEBP_INCLUDE_DIR)
+
+    SET(WEBP_LIBRARIES ${WEBP_LIBRARY})
+    SET(WEBP_INCLUDE_DIRS ${WEBP_INCLUDE_DIR})
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindXimea.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindXimea.cmake
new file mode 100644
index 000000000..2d93292c1
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVFindXimea.cmake
@@ -0,0 +1,52 @@
+# - Find XIMEA
+# This module finds if XIMEA Software package is installed
+# and determines where the binaries and header files are.
+# This code sets the following variables:
+#
+#  XIMEA_FOUND          - True if XIMEA API found
+#  XIMEA_PATH:          - Path to the XIMEA API folder
+#  XIMEA_LIBRARY_DIR    - XIMEA libraries folder
+#
+# Created: 5 Aug 2011 by Marian Zajko (marian.zajko@ximea.com)
+# Updated: 25 June 2012 by Igor Kuzmin (parafin@ximea.com)
+# Updated: 22 October 2012 by Marian Zajko (marian.zajko@ximea.com)
+#
+
+set(XIMEA_FOUND)
+set(XIMEA_PATH)
+set(XIMEA_LIBRARY_DIR)
+
+if(WIN32)
+  # Try to find the XIMEA API path in registry.
+  GET_FILENAME_COMPONENT(XIMEA_PATH "[HKEY_CURRENT_USER\\Software\\XIMEA\\CamSupport\\API;Path]" ABSOLUTE)
+
+  if(EXISTS ${XIMEA_PATH})
+    set(XIMEA_FOUND 1)
+    # set LIB folders
+    if(X86_64)
+      set(XIMEA_LIBRARY_DIR "${XIMEA_PATH}/x64")
+    else()
+      set(XIMEA_LIBRARY_DIR "${XIMEA_PATH}/x86")
+    endif()
+  else()
+    set(XIMEA_FOUND 0)
+  endif()
+elseif(APPLE)
+  if(EXISTS /Library/Frameworks/m3api.framework)
+    set(XIMEA_FOUND 1)
+  else()
+    set(XIMEA_FOUND 0)
+  endif()
+else()
+  if(EXISTS /opt/XIMEA)
+    set(XIMEA_FOUND 1)
+    # set folders
+    set(XIMEA_PATH /opt/XIMEA/include)
+  else()
+    set(XIMEA_FOUND 0)
+  endif()
+endif()
+
+mark_as_advanced(FORCE XIMEA_FOUND)
+mark_as_advanced(FORCE XIMEA_PATH)
+mark_as_advanced(FORCE XIMEA_LIBRARY_DIR)
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenABI.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenABI.cmake
new file mode 100644
index 000000000..35cc10d8e
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenABI.cmake
@@ -0,0 +1,49 @@
+if (NOT GENERATE_ABI_DESCRIPTOR)
+  return()
+endif()
+
+set(filename "opencv_abi.xml")
+set(path1 "${CMAKE_BINARY_DIR}/${filename}")
+
+set(modules "${OPENCV_MODULES_PUBLIC}")
+ocv_list_filterout(modules "opencv_ts")
+
+message(STATUS "Generating ABI compliance checker configuration: ${filename}")
+
+if (OPENCV_VCSVERSION AND NOT OPENCV_VCSVERSION STREQUAL "unknown")
+  set(OPENCV_ABI_VERSION "${OPENCV_VCSVERSION}")
+else()
+  set(OPENCV_ABI_VERSION "${OPENCV_VERSION}")
+endif()
+
+# Headers
+set(OPENCV_ABI_HEADERS "{RELPATH}/${OPENCV_INCLUDE_INSTALL_PATH}")
+
+# Libraries
+set(OPENCV_ABI_LIBRARIES "{RELPATH}/${OPENCV_LIB_INSTALL_PATH}")
+
+set(OPENCV_ABI_SKIP_HEADERS "")
+set(OPENCV_ABI_SKIP_LIBRARIES "")
+foreach(mod ${OPENCV_MODULES_BUILD})
+  string(REGEX REPLACE "^opencv_" "" mod "${mod}")
+  if(NOT "${OPENCV_MODULE_opencv_${mod}_LOCATION}" STREQUAL "${OpenCV_SOURCE_DIR}/modules/${mod}")
+    # headers
+    foreach(h ${OPENCV_MODULE_opencv_${mod}_HEADERS})
+      file(RELATIVE_PATH h "${OPENCV_MODULE_opencv_${mod}_LOCATION}/include" "${h}")
+      list(APPEND OPENCV_ABI_SKIP_HEADERS "${h}")
+    endforeach()
+    # libraries
+    set(lib_name "")
+    get_target_property(lib_name opencv_${mod} LOCATION)
+    get_filename_component(lib_name "${lib_name}" NAME)
+    list(APPEND OPENCV_ABI_SKIP_LIBRARIES "${lib_name}")
+  endif()
+endforeach()
+string(REPLACE ";" "\n    " OPENCV_ABI_SKIP_HEADERS "${OPENCV_ABI_SKIP_HEADERS}")
+string(REPLACE ";" "\n    " OPENCV_ABI_SKIP_LIBRARIES "${OPENCV_ABI_SKIP_LIBRARIES}")
+
+# Options
+set(OPENCV_ABI_GCC_OPTIONS "${CMAKE_CXX_FLAGS} ${CMAKE_CXX_FLAGS_RELEASE}")
+string(REGEX REPLACE "([^ ]) +([^ ])" "\\1\\n    \\2" OPENCV_ABI_GCC_OPTIONS "${OPENCV_ABI_GCC_OPTIONS}")
+
+configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake/templates/opencv_abi.xml.in" "${path1}")
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenAndroidMK.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenAndroidMK.cmake
new file mode 100644
index 000000000..627d86016
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenAndroidMK.cmake
@@ -0,0 +1,66 @@
+if(ANDROID)
+  # --------------------------------------------------------------------------------------------
+  #  Installation for Android ndk-build makefile:  OpenCV.mk
+  #  Part 1/2: ${BIN_DIR}/OpenCV.mk              -> For use *without* "make install"
+  #  Part 2/2: ${BIN_DIR}/unix-install/OpenCV.mk -> For use with "make install"
+  # -------------------------------------------------------------------------------------------
+
+  # build type
+  if(BUILD_SHARED_LIBS)
+    set(OPENCV_LIBTYPE_CONFIGMAKE "SHARED")
+  else()
+    set(OPENCV_LIBTYPE_CONFIGMAKE "STATIC")
+  endif()
+
+  if(BUILD_FAT_JAVA_LIB)
+    set(OPENCV_LIBTYPE_CONFIGMAKE "SHARED")
+    set(OPENCV_STATIC_LIBTYPE_CONFIGMAKE "STATIC")
+  else()
+    set(OPENCV_STATIC_LIBTYPE_CONFIGMAKE ${OPENCV_LIBTYPE_CONFIGMAKE})
+  endif()
+
+  # build the list of opencv libs and dependencies for all modules
+  ocv_get_all_libs(OPENCV_MODULES_CONFIGMAKE OPENCV_EXTRA_COMPONENTS_CONFIGMAKE OPENCV_3RDPARTY_COMPONENTS_CONFIGMAKE)
+
+  # list -> string
+  string(REPLACE ";" " " OPENCV_MODULES_CONFIGMAKE "${OPENCV_MODULES_CONFIGMAKE}")
+  string(REPLACE ";" " " OPENCV_EXTRA_COMPONENTS_CONFIGMAKE "${OPENCV_EXTRA_COMPONENTS_CONFIGMAKE}")
+  string(REPLACE ";" " " OPENCV_3RDPARTY_COMPONENTS_CONFIGMAKE "${OPENCV_3RDPARTY_COMPONENTS_CONFIGMAKE}")
+
+  # replace 'opencv_<module>' -> '<module>''
+  string(REPLACE "opencv_" "" OPENCV_MODULES_CONFIGMAKE "${OPENCV_MODULES_CONFIGMAKE}")
+
+
+  # prepare 3rd-party component list without TBB for armeabi and mips platforms. TBB is useless there.
+  set(OPENCV_3RDPARTY_COMPONENTS_CONFIGMAKE_NO_TBB ${OPENCV_3RDPARTY_COMPONENTS_CONFIGMAKE})
+  foreach(mod ${OPENCV_3RDPARTY_COMPONENTS_CONFIGMAKE_NO_TBB})
+     string(REPLACE "tbb" "" OPENCV_3RDPARTY_COMPONENTS_CONFIGMAKE_NO_TBB "${OPENCV_3RDPARTY_COMPONENTS_CONFIGMAKE_NO_TBB}")
+  endforeach()
+
+  if(BUILD_FAT_JAVA_LIB)
+    set(OPENCV_LIBS_CONFIGMAKE java3)
+  else()
+    set(OPENCV_LIBS_CONFIGMAKE "${OPENCV_MODULES_CONFIGMAKE}")
+  endif()
+
+  # -------------------------------------------------------------------------------------------
+  #  Part 1/2: ${BIN_DIR}/OpenCV.mk              -> For use *without* "make install"
+  # -------------------------------------------------------------------------------------------
+  set(OPENCV_INCLUDE_DIRS_CONFIGCMAKE "\"${OPENCV_CONFIG_FILE_INCLUDE_DIR}\" \"${OpenCV_SOURCE_DIR}/include\" \"${OpenCV_SOURCE_DIR}/include/opencv\"")
+  set(OPENCV_BASE_INCLUDE_DIR_CONFIGCMAKE "\"${OpenCV_SOURCE_DIR}\"")
+  set(OPENCV_LIBS_DIR_CONFIGCMAKE "\$(OPENCV_THIS_DIR)/lib/\$(OPENCV_TARGET_ARCH_ABI)")
+  set(OPENCV_3RDPARTY_LIBS_DIR_CONFIGCMAKE "\$(OPENCV_THIS_DIR)/3rdparty/lib/\$(OPENCV_TARGET_ARCH_ABI)")
+
+  configure_file("${OpenCV_SOURCE_DIR}/cmake/templates/OpenCV.mk.in" "${CMAKE_BINARY_DIR}/OpenCV.mk" @ONLY)
+
+  # -------------------------------------------------------------------------------------------
+  #  Part 2/2: ${BIN_DIR}/unix-install/OpenCV.mk -> For use with "make install"
+  # -------------------------------------------------------------------------------------------
+  set(OPENCV_INCLUDE_DIRS_CONFIGCMAKE "\"\$(LOCAL_PATH)/\$(OPENCV_THIS_DIR)/include/opencv\" \"\$(LOCAL_PATH)/\$(OPENCV_THIS_DIR)/include\"")
+  set(OPENCV_BASE_INCLUDE_DIR_CONFIGCMAKE "")
+  set(OPENCV_LIBS_DIR_CONFIGCMAKE "\$(OPENCV_THIS_DIR)/../libs/\$(OPENCV_TARGET_ARCH_ABI)")
+  set(OPENCV_3RDPARTY_LIBS_DIR_CONFIGCMAKE "\$(OPENCV_THIS_DIR)/../3rdparty/libs/\$(OPENCV_TARGET_ARCH_ABI)")
+
+  configure_file("${OpenCV_SOURCE_DIR}/cmake/templates/OpenCV.mk.in" "${CMAKE_BINARY_DIR}/unix-install/OpenCV.mk" @ONLY)
+  install(FILES ${CMAKE_BINARY_DIR}/unix-install/OpenCV.mk DESTINATION ${OPENCV_CONFIG_INSTALL_PATH} COMPONENT dev)
+endif(ANDROID)
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenConfig.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenConfig.cmake
new file mode 100644
index 000000000..ae8fc8939
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenConfig.cmake
@@ -0,0 +1,159 @@
+# --------------------------------------------------------------------------------------------
+#  Installation for CMake Module:  OpenCVConfig.cmake
+#  Part 1/3: ${BIN_DIR}/OpenCVConfig.cmake              -> For use *without* "make install"
+#  Part 2/3: ${BIN_DIR}/unix-install/OpenCVConfig.cmake -> For use with "make install"
+#  Part 3/3: ${BIN_DIR}/win-install/OpenCVConfig.cmake  -> For use within binary installers/packages
+# -------------------------------------------------------------------------------------------
+
+if(INSTALL_TO_MANGLED_PATHS)
+  set(OpenCV_USE_MANGLED_PATHS_CONFIGCMAKE TRUE)
+else()
+  set(OpenCV_USE_MANGLED_PATHS_CONFIGCMAKE FALSE)
+endif()
+
+if(NOT OpenCV_CUDA_CC)
+  set(OpenCV_CUDA_CC_CONFIGCMAKE "\"\"")
+  set(OpenCV_CUDA_VERSION "")
+else()
+  set(OpenCV_CUDA_CC_CONFIGCMAKE "${OpenCV_CUDA_CC}")
+  set(OpenCV_CUDA_VERSION ${CUDA_VERSION_STRING})
+endif()
+
+if(NOT ANDROID_NATIVE_API_LEVEL)
+  set(OpenCV_ANDROID_NATIVE_API_LEVEL_CONFIGCMAKE 0)
+else()
+  set(OpenCV_ANDROID_NATIVE_API_LEVEL_CONFIGCMAKE "${ANDROID_NATIVE_API_LEVEL}")
+endif()
+
+if(CMAKE_GENERATOR MATCHES "Visual" OR CMAKE_GENERATOR MATCHES "Xcode")
+  set(OpenCV_ADD_DEBUG_RELEASE_CONFIGCMAKE TRUE)
+else()
+  set(OpenCV_ADD_DEBUG_RELEASE_CONFIGCMAKE FALSE)
+endif()
+
+
+
+if(WIN32)
+  if(MINGW)
+    set(OPENCV_LINK_LIBRARY_SUFFIX ".dll.a")
+  else()
+    set(OPENCV_LINK_LIBRARY_SUFFIX ".lib")
+  endif()
+endif()
+
+#build list of modules available for the OpenCV user
+set(OpenCV_LIB_COMPONENTS "")
+foreach(m ${OPENCV_MODULES_PUBLIC})
+  list(INSERT OpenCV_LIB_COMPONENTS 0 ${${m}_MODULE_DEPS_OPT} ${m})
+endforeach()
+ocv_list_unique(OpenCV_LIB_COMPONENTS)
+set(OPENCV_MODULES_CONFIGCMAKE ${OpenCV_LIB_COMPONENTS})
+ocv_list_filterout(OpenCV_LIB_COMPONENTS "^opencv_")
+if(OpenCV_LIB_COMPONENTS)
+  list(REMOVE_ITEM OPENCV_MODULES_CONFIGCMAKE ${OpenCV_LIB_COMPONENTS})
+endif()
+
+if(BUILD_FAT_JAVA_LIB AND HAVE_opencv_java)
+  list(APPEND OPENCV_MODULES_CONFIGCMAKE opencv_java)
+endif()
+
+# -------------------------------------------------------------------------------------------
+#  Part 1/3: ${BIN_DIR}/OpenCVConfig.cmake              -> For use *without* "make install"
+# -------------------------------------------------------------------------------------------
+set(OpenCV_INCLUDE_DIRS_CONFIGCMAKE "\"${OPENCV_CONFIG_FILE_INCLUDE_DIR}\" \"${OpenCV_SOURCE_DIR}/include\" \"${OpenCV_SOURCE_DIR}/include/opencv\"")
+
+set(OpenCV2_INCLUDE_DIRS_CONFIGCMAKE "")
+foreach(m ${OPENCV_MODULES_BUILD})
+  if(EXISTS "${OPENCV_MODULE_${m}_LOCATION}/include")
+    list(APPEND OpenCV2_INCLUDE_DIRS_CONFIGCMAKE "${OPENCV_MODULE_${m}_LOCATION}/include")
+  endif()
+endforeach()
+
+if(ANDROID AND NOT BUILD_SHARED_LIBS AND HAVE_TBB)
+  #export TBB headers location because static linkage of TBB might be troublesome if application wants to use TBB itself
+  list(APPEND OpenCV2_INCLUDE_DIRS_CONFIGCMAKE ${TBB_INCLUDE_DIRS})
+endif()
+
+set(modules_file_suffix "")
+if(ANDROID)
+  # the REPLACE here is needed, because OpenCVModules_armeabi.cmake includes
+  # OpenCVModules_armeabi-*.cmake, which would match OpenCVModules_armeabi-v7a*.cmake.
+  string(REPLACE - _ modules_file_suffix "_${ANDROID_NDK_ABI_NAME}")
+endif()
+
+export(TARGETS ${OpenCVModules_TARGETS} FILE "${CMAKE_BINARY_DIR}/OpenCVModules${modules_file_suffix}.cmake")
+
+if(TARGET ippicv)
+  set(USE_IPPICV TRUE)
+  file(RELATIVE_PATH INSTALL_PATH_RELATIVE_IPPICV ${CMAKE_BINARY_DIR} ${IPPICV_LOCATION_PATH})
+else()
+  set(USE_IPPICV FALSE)
+  set(INSTALL_PATH_RELATIVE_IPPICV "non-existed-path")
+endif()
+
+configure_file("${OpenCV_SOURCE_DIR}/cmake/templates/OpenCVConfig.cmake.in" "${CMAKE_BINARY_DIR}/OpenCVConfig.cmake" @ONLY)
+#support for version checking when finding opencv. find_package(OpenCV 2.3.1 EXACT) should now work.
+configure_file("${OpenCV_SOURCE_DIR}/cmake/templates/OpenCVConfig-version.cmake.in" "${CMAKE_BINARY_DIR}/OpenCVConfig-version.cmake" @ONLY)
+
+# --------------------------------------------------------------------------------------------
+#  Part 2/3: ${BIN_DIR}/unix-install/OpenCVConfig.cmake -> For use *with* "make install"
+# -------------------------------------------------------------------------------------------
+set(OpenCV_INCLUDE_DIRS_CONFIGCMAKE "\"\${OpenCV_INSTALL_PATH}/${OPENCV_INCLUDE_INSTALL_PATH}/opencv" "\${OpenCV_INSTALL_PATH}/${OPENCV_INCLUDE_INSTALL_PATH}\"")
+
+set(OpenCV2_INCLUDE_DIRS_CONFIGCMAKE "\"\"")
+set(OpenCV_3RDPARTY_LIB_DIRS_CONFIGCMAKE "\"\${OpenCV_INSTALL_PATH}/${OPENCV_3P_LIB_INSTALL_PATH}\"")
+
+if(UNIX) # ANDROID configuration is created here also
+  #http://www.vtk.org/Wiki/CMake/Tutorials/Packaging reference
+  # For a command "find_package(<name> [major[.minor]] [EXACT] [REQUIRED|QUIET])"
+  # cmake will look in the following dir on unix:
+  #                <prefix>/(share|lib)/cmake/<name>*/                     (U)
+  #                <prefix>/(share|lib)/<name>*/                           (U)
+  #                <prefix>/(share|lib)/<name>*/(cmake|CMake)/             (U)
+  if(USE_IPPICV)
+    file(RELATIVE_PATH INSTALL_PATH_RELATIVE_IPPICV "${CMAKE_INSTALL_PREFIX}/${OPENCV_CONFIG_INSTALL_PATH}/" ${IPPICV_INSTALL_PATH})
+  endif()
+  configure_file("${OpenCV_SOURCE_DIR}/cmake/templates/OpenCVConfig.cmake.in" "${CMAKE_BINARY_DIR}/unix-install/OpenCVConfig.cmake" @ONLY)
+  configure_file("${OpenCV_SOURCE_DIR}/cmake/templates/OpenCVConfig-version.cmake.in" "${CMAKE_BINARY_DIR}/unix-install/OpenCVConfig-version.cmake" @ONLY)
+  install(FILES "${CMAKE_BINARY_DIR}/unix-install/OpenCVConfig.cmake" DESTINATION ${OPENCV_CONFIG_INSTALL_PATH}/ COMPONENT dev)
+  install(FILES ${CMAKE_BINARY_DIR}/unix-install/OpenCVConfig-version.cmake DESTINATION ${OPENCV_CONFIG_INSTALL_PATH}/ COMPONENT dev)
+  install(EXPORT OpenCVModules DESTINATION ${OPENCV_CONFIG_INSTALL_PATH}/ FILE OpenCVModules${modules_file_suffix}.cmake COMPONENT dev)
+endif()
+
+if(ANDROID)
+  install(FILES "${OpenCV_SOURCE_DIR}/platforms/android/android.toolchain.cmake" DESTINATION ${OPENCV_CONFIG_INSTALL_PATH}/ COMPONENT dev)
+endif()
+
+# --------------------------------------------------------------------------------------------
+#  Part 3/3: ${BIN_DIR}/win-install/OpenCVConfig.cmake  -> For use within binary installers/packages
+# --------------------------------------------------------------------------------------------
+if(WIN32)
+  set(OpenCV_INCLUDE_DIRS_CONFIGCMAKE "\"\${OpenCV_CONFIG_PATH}/include\" \"\${OpenCV_CONFIG_PATH}/include/opencv\"")
+  set(OpenCV2_INCLUDE_DIRS_CONFIGCMAKE "\"\"")
+
+  exec_program(mkdir ARGS "-p \"${CMAKE_BINARY_DIR}/win-install/\"" OUTPUT_VARIABLE RET_VAL)
+  if(USE_IPPICV)
+    if(BUILD_SHARED_LIBS)
+      file(RELATIVE_PATH INSTALL_PATH_RELATIVE_IPPICV "${CMAKE_INSTALL_PREFIX}/${OpenCV_INSTALL_BINARIES_PREFIX}lib" ${IPPICV_INSTALL_PATH})
+    else()
+      file(RELATIVE_PATH INSTALL_PATH_RELATIVE_IPPICV "${CMAKE_INSTALL_PREFIX}/${OpenCV_INSTALL_BINARIES_PREFIX}staticlib" ${IPPICV_INSTALL_PATH})
+    endif()
+  endif()
+  configure_file("${OpenCV_SOURCE_DIR}/cmake/templates/OpenCVConfig.cmake.in" "${CMAKE_BINARY_DIR}/win-install/OpenCVConfig.cmake" @ONLY)
+  configure_file("${OpenCV_SOURCE_DIR}/cmake/templates/OpenCVConfig-version.cmake.in" "${CMAKE_BINARY_DIR}/win-install/OpenCVConfig-version.cmake" @ONLY)
+  if (CMAKE_HOST_SYSTEM_NAME MATCHES Windows)
+    if(BUILD_SHARED_LIBS)
+      install(FILES "${CMAKE_BINARY_DIR}/win-install/OpenCVConfig.cmake" DESTINATION "${OpenCV_INSTALL_BINARIES_PREFIX}lib" COMPONENT dev)
+      install(EXPORT OpenCVModules DESTINATION "${OpenCV_INSTALL_BINARIES_PREFIX}lib" FILE OpenCVModules${modules_file_suffix}.cmake COMPONENT dev)
+    else()
+      install(FILES "${CMAKE_BINARY_DIR}/win-install/OpenCVConfig.cmake" DESTINATION "${OpenCV_INSTALL_BINARIES_PREFIX}staticlib" COMPONENT dev)
+      install(EXPORT OpenCVModules DESTINATION "${OpenCV_INSTALL_BINARIES_PREFIX}staticlib" FILE OpenCVModules${modules_file_suffix}.cmake COMPONENT dev)
+    endif()
+    install(FILES "${CMAKE_BINARY_DIR}/win-install/OpenCVConfig-version.cmake" DESTINATION "${CMAKE_INSTALL_PREFIX}" COMPONENT dev)
+    install(FILES "${OpenCV_SOURCE_DIR}/cmake/OpenCVConfig.cmake" DESTINATION "${CMAKE_INSTALL_PREFIX}/" COMPONENT dev)
+  else ()
+    install(FILES "${CMAKE_BINARY_DIR}/win-install/OpenCVConfig.cmake" DESTINATION "${OpenCV_INSTALL_BINARIES_PREFIX}lib/cmake/opencv-${OPENCV_VERSION}" COMPONENT dev)
+    install(EXPORT OpenCVModules DESTINATION "${OpenCV_INSTALL_BINARIES_PREFIX}lib/cmake/opencv-${OPENCV_VERSION}" FILE OpenCVModules${modules_file_suffix}.cmake COMPONENT dev)
+    install(FILES "${CMAKE_BINARY_DIR}/win-install/OpenCVConfig-version.cmake" DESTINATION "${CMAKE_INSTALL_PREFIX}/lib/cmake/opencv-${OPENCV_VERSION}" COMPONENT dev)
+  endif ()
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenHeaders.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenHeaders.cmake
new file mode 100644
index 000000000..298897904
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenHeaders.cmake
@@ -0,0 +1,28 @@
+# platform-specific config file
+configure_file("${OpenCV_SOURCE_DIR}/cmake/templates/cvconfig.h.in" "${OPENCV_CONFIG_FILE_INCLUDE_DIR}/cvconfig.h")
+configure_file("${OpenCV_SOURCE_DIR}/cmake/templates/cvconfig.h.in" "${OPENCV_CONFIG_FILE_INCLUDE_DIR}/opencv2/cvconfig.h")
+install(FILES "${OPENCV_CONFIG_FILE_INCLUDE_DIR}/cvconfig.h" DESTINATION ${OPENCV_INCLUDE_INSTALL_PATH}/opencv2 COMPONENT dev)
+
+# ----------------------------------------------------------------------------
+#  opencv_modules.hpp based on actual modules list
+# ----------------------------------------------------------------------------
+set(OPENCV_MODULE_DEFINITIONS_CONFIGMAKE "")
+
+set(OPENCV_MOD_LIST ${OPENCV_MODULES_PUBLIC})
+ocv_list_sort(OPENCV_MOD_LIST)
+foreach(m ${OPENCV_MOD_LIST})
+  string(TOUPPER "${m}" m)
+  set(OPENCV_MODULE_DEFINITIONS_CONFIGMAKE "${OPENCV_MODULE_DEFINITIONS_CONFIGMAKE}#define HAVE_${m}\n")
+endforeach()
+
+set(OPENCV_MODULE_DEFINITIONS_CONFIGMAKE "${OPENCV_MODULE_DEFINITIONS_CONFIGMAKE}\n")
+
+#set(OPENCV_MOD_LIST ${OPENCV_MODULES_DISABLED_USER} ${OPENCV_MODULES_DISABLED_AUTO} ${OPENCV_MODULES_DISABLED_FORCE})
+#ocv_list_sort(OPENCV_MOD_LIST)
+#foreach(m ${OPENCV_MOD_LIST})
+#  string(TOUPPER "${m}" m)
+#  set(OPENCV_MODULE_DEFINITIONS_CONFIGMAKE "${OPENCV_MODULE_DEFINITIONS_CONFIGMAKE}#undef HAVE_${m}\n")
+#endforeach()
+
+configure_file("${OpenCV_SOURCE_DIR}/cmake/templates/opencv_modules.hpp.in" "${OPENCV_CONFIG_FILE_INCLUDE_DIR}/opencv2/opencv_modules.hpp")
+install(FILES "${OPENCV_CONFIG_FILE_INCLUDE_DIR}/opencv2/opencv_modules.hpp" DESTINATION ${OPENCV_INCLUDE_INSTALL_PATH}/opencv2 COMPONENT dev)
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenInfoPlist.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenInfoPlist.cmake
new file mode 100644
index 000000000..680afb2df
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenInfoPlist.cmake
@@ -0,0 +1,15 @@
+if(OPENCV_EXTRA_WORLD)
+  set(OPENCV_APPLE_BUNDLE_NAME "OpenCV_contrib")
+  set(OPENCV_APPLE_BUNDLE_ID "org.opencv_contrib")
+else()
+  set(OPENCV_APPLE_BUNDLE_NAME "OpenCV")
+  set(OPENCV_APPLE_BUNDLE_ID "org.opencv")
+endif()
+
+if(IOS)
+  configure_file("${OpenCV_SOURCE_DIR}/platforms/ios/Info.plist.in"
+                 "${CMAKE_BINARY_DIR}/ios/Info.plist")
+elseif(APPLE)
+  configure_file("${OpenCV_SOURCE_DIR}/platforms/osx/Info.plist.in"
+                 "${CMAKE_BINARY_DIR}/osx/Info.plist")
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenPkgconfig.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenPkgconfig.cmake
new file mode 100644
index 000000000..28a6da686
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVGenPkgconfig.cmake
@@ -0,0 +1,98 @@
+# --------------------------------------------------------------------------------------------
+# according to man pkg-config
+#  The package name specified on the pkg-config command line is defined to
+#      be the name of the metadata file, minus the .pc extension. If a library
+#      can install multiple versions simultaneously, it must give each version
+#      its own name (for example, GTK 1.2 might have the package  name  "gtk+"
+#      while GTK 2.0 has "gtk+-2.0").
+#
+# ${BIN_DIR}/unix-install/opencv.pc -> For use *with* "make install"
+# -------------------------------------------------------------------------------------------
+
+macro(fix_prefix lst isown)
+  set(_lst)
+  foreach(item ${${lst}})
+    if(TARGET ${item})
+      get_target_property(item "${item}" LOCATION_${CMAKE_BUILD_TYPE})
+      if("${isown}")
+        get_filename_component(item "${item}" NAME_WE)
+        string(REGEX REPLACE "^lib(.*)" "\\1" item "${item}")
+      endif()
+    endif()
+    if(item MATCHES "^-l")
+      list(APPEND _lst "${item}")
+    elseif(item MATCHES "[\\/]")
+      get_filename_component(libdir "${item}" PATH)
+      get_filename_component(libname "${item}" NAME_WE)
+      string(REGEX REPLACE "^lib(.*)" "\\1" libname "${libname}")
+      list(APPEND _lst "-L${libdir}" "-l${libname}")
+    else()
+      list(APPEND _lst "-l${item}")
+    endif()
+  endforeach()
+  set(${lst} ${_lst})
+  unset(_lst)
+endmacro()
+
+# build the list of opencv libs and dependencies for all modules
+ocv_get_all_libs(_modules _extra _3rdparty)
+
+#build the list of components
+
+# Note:
+#   when linking against static libraries, if libfoo depends on libbar, then
+#   libfoo must come first in the linker flags.
+
+# world and contrib_world are special targets whose library should come first,
+# especially for static link.
+if(_modules MATCHES "opencv_world")
+  set(_modules "opencv_world")
+endif()
+
+if(_modules MATCHES "opencv_contrib_world")
+  list(REMOVE_ITEM _modules "opencv_contrib_world")
+  list(INSERT _modules 0 "opencv_contrib_world")
+endif()
+
+fix_prefix(_modules TRUE)
+fix_prefix(_extra FALSE)
+fix_prefix(_3rdparty TRUE)
+
+ocv_list_unique(_modules)
+ocv_list_unique(_extra)
+ocv_list_unique(_3rdparty)
+
+set(OPENCV_PC_LIBS
+  "-L\${exec_prefix}/${OPENCV_LIB_INSTALL_PATH}"
+  "${_modules}"
+)
+if (BUILD_SHARED_LIBS)
+  set(OPENCV_PC_LIBS_PRIVATE "${_extra}")
+else()
+  set(OPENCV_PC_LIBS_PRIVATE
+    "-L\${exec_prefix}/${OPENCV_3P_LIB_INSTALL_PATH}"
+    "${_3rdparty}"
+    "${_extra}"
+  )
+endif()
+string(REPLACE ";" " " OPENCV_PC_LIBS "${OPENCV_PC_LIBS}")
+string(REPLACE ";" " " OPENCV_PC_LIBS_PRIVATE "${OPENCV_PC_LIBS_PRIVATE}")
+
+#generate the .pc file
+set(prefix      "${CMAKE_INSTALL_PREFIX}")
+set(exec_prefix "\${prefix}")
+set(libdir      "\${exec_prefix}/${OPENCV_LIB_INSTALL_PATH}")
+set(includedir  "\${prefix}/${OPENCV_INCLUDE_INSTALL_PATH}")
+
+if(INSTALL_TO_MANGLED_PATHS)
+  set(OPENCV_PC_FILE_NAME "opencv-${OPENCV_VERSION}.pc")
+else()
+  set(OPENCV_PC_FILE_NAME opencv.pc)
+endif()
+configure_file("${OpenCV_SOURCE_DIR}/cmake/templates/opencv-XXX.pc.in"
+               "${CMAKE_BINARY_DIR}/unix-install/${OPENCV_PC_FILE_NAME}"
+               @ONLY)
+
+if(UNIX AND NOT ANDROID)
+  install(FILES ${CMAKE_BINARY_DIR}/unix-install/${OPENCV_PC_FILE_NAME} DESTINATION ${OPENCV_LIB_INSTALL_PATH}/pkgconfig COMPONENT dev)
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVMinDepVersions.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVMinDepVersions.cmake
new file mode 100644
index 000000000..e8591e26e
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVMinDepVersions.cmake
@@ -0,0 +1,6 @@
+set(MIN_VER_CMAKE 2.8.7)
+set(MIN_VER_CUDA 4.2)
+set(MIN_VER_PYTHON2 2.6)
+set(MIN_VER_PYTHON3 3.2)
+set(MIN_VER_ZLIB 1.2.3)
+set(MIN_VER_GTK 2.18.0)
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVModule.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVModule.cmake
new file mode 100644
index 000000000..a1a1b9020
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVModule.cmake
@@ -0,0 +1,1071 @@
+# Local variables (set for each module):
+#
+# name       - short name in lower case i.e. core
+# the_module - full name in lower case i.e. opencv_core
+
+# Global variables:
+#
+# OPENCV_MODULE_${the_module}_LOCATION
+# OPENCV_MODULE_${the_module}_BINARY_DIR
+# OPENCV_MODULE_${the_module}_DESCRIPTION
+# OPENCV_MODULE_${the_module}_CLASS - PUBLIC|INTERNAL|BINDINGS
+# OPENCV_MODULE_${the_module}_HEADERS
+# OPENCV_MODULE_${the_module}_SOURCES
+# OPENCV_MODULE_${the_module}_DEPS - final flattened set of module dependencies
+# OPENCV_MODULE_${the_module}_DEPS_TO_LINK - differs from above for world build only
+# OPENCV_MODULE_${the_module}_DEPS_EXT - non-module dependencies
+# OPENCV_MODULE_${the_module}_REQ_DEPS
+# OPENCV_MODULE_${the_module}_OPT_DEPS
+# OPENCV_MODULE_${the_module}_PRIVATE_REQ_DEPS
+# OPENCV_MODULE_${the_module}_PRIVATE_OPT_DEPS
+# OPENCV_MODULE_${the_module}_IS_PART_OF_WORLD
+# OPENCV_MODULE_${the_module}_CUDA_OBJECTS - compiled CUDA objects list
+# OPENCV_MODULE_${the_module}_CHILDREN - list of submodules for compound modules (cmake >= 2.8.8)
+# OPENCV_MODULE_${the_module}_WRAPPERS - list of wrappers supporting this module
+# HAVE_${the_module} - for fast check of module availability
+
+# To control the setup of the module you could also set:
+# the_description - text to be used as current module description
+# OPENCV_MODULE_TYPE - STATIC|SHARED - set to force override global settings for current module
+# OPENCV_MODULE_IS_PART_OF_WORLD - ON|OFF (default ON) - should the module be added to the opencv_world?
+# BUILD_${the_module}_INIT - ON|OFF (default ON) - initial value for BUILD_${the_module}
+# OPENCV_MODULE_CHILDREN - list of submodules
+
+# The verbose template for OpenCV module:
+#
+#   ocv_add_module(modname <dependencies>)
+#   ocv_glob_module_sources(([EXCLUDE_CUDA] <extra sources&headers>)
+#                          or glob them manually and ocv_set_module_sources(...)
+#   ocv_module_include_directories(<extra include directories>)
+#   ocv_create_module()
+#   <add extra link dependencies, compiler options, etc>
+#   ocv_add_precompiled_headers(${the_module})
+#   <add extra installation rules>
+#   ocv_add_accuracy_tests(<extra dependencies>)
+#   ocv_add_perf_tests(<extra dependencies>)
+#   ocv_add_samples(<extra dependencies>)
+#
+#
+# If module have no "extra" then you can define it in one line:
+#
+#   ocv_define_module(modname <dependencies>)
+
+# clean flags for modules enabled on previous cmake run
+# this is necessary to correctly handle modules removal
+foreach(mod ${OPENCV_MODULES_BUILD} ${OPENCV_MODULES_DISABLED_USER} ${OPENCV_MODULES_DISABLED_AUTO} ${OPENCV_MODULES_DISABLED_FORCE})
+  if(HAVE_${mod})
+    unset(HAVE_${mod} CACHE)
+  endif()
+  unset(OPENCV_MODULE_${mod}_REQ_DEPS CACHE)
+  unset(OPENCV_MODULE_${mod}_OPT_DEPS CACHE)
+  unset(OPENCV_MODULE_${mod}_PRIVATE_REQ_DEPS CACHE)
+  unset(OPENCV_MODULE_${mod}_PRIVATE_OPT_DEPS CACHE)
+  unset(OPENCV_MODULE_${mod}_LINK_DEPS CACHE)
+  unset(OPENCV_MODULE_${mod}_WRAPPERS CACHE)
+endforeach()
+
+# clean modules info which needs to be recalculated
+set(OPENCV_MODULES_PUBLIC         "" CACHE INTERNAL "List of OpenCV modules marked for export")
+set(OPENCV_MODULES_BUILD          "" CACHE INTERNAL "List of OpenCV modules included into the build")
+set(OPENCV_MODULES_DISABLED_USER  "" CACHE INTERNAL "List of OpenCV modules explicitly disabled by user")
+set(OPENCV_MODULES_DISABLED_AUTO  "" CACHE INTERNAL "List of OpenCV modules implicitly disabled due to dependencies")
+set(OPENCV_MODULES_DISABLED_FORCE "" CACHE INTERNAL "List of OpenCV modules which can not be build in current configuration")
+unset(OPENCV_WORLD_MODULES CACHE)
+
+# adds dependencies to OpenCV module
+# Usage:
+#   add_dependencies(opencv_<name> [REQUIRED] [<list of dependencies>] [OPTIONAL <list of modules>] [WRAP <list of wrappers>])
+# Notes:
+# * <list of dependencies> - can include full names of modules or full pathes to shared/static libraries or cmake targets
+macro(ocv_add_dependencies full_modname)
+  ocv_debug_message("ocv_add_dependencies(" ${full_modname} ${ARGN} ")")
+  #we don't clean the dependencies here to allow this macro several times for every module
+  foreach(d "REQUIRED" ${ARGN})
+    if(d STREQUAL "REQUIRED")
+      set(__depsvar OPENCV_MODULE_${full_modname}_REQ_DEPS)
+    elseif(d STREQUAL "OPTIONAL")
+      set(__depsvar OPENCV_MODULE_${full_modname}_OPT_DEPS)
+    elseif(d STREQUAL "PRIVATE_REQUIRED")
+      set(__depsvar OPENCV_MODULE_${full_modname}_PRIVATE_REQ_DEPS)
+    elseif(d STREQUAL "PRIVATE_OPTIONAL")
+      set(__depsvar OPENCV_MODULE_${full_modname}_PRIVATE_OPT_DEPS)
+    elseif(d STREQUAL "WRAP")
+      set(__depsvar OPENCV_MODULE_${full_modname}_WRAPPERS)
+    else()
+      list(APPEND ${__depsvar} "${d}")
+    endif()
+  endforeach()
+  unset(__depsvar)
+
+  # hack for python
+  set(__python_idx)
+  list(FIND OPENCV_MODULE_${full_modname}_WRAPPERS "python" __python_idx)
+  if (NOT __python_idx EQUAL -1)
+    list(REMOVE_ITEM OPENCV_MODULE_${full_modname}_WRAPPERS "python")
+    list(APPEND OPENCV_MODULE_${full_modname}_WRAPPERS "python2" "python3")
+  endif()
+  unset(__python_idx)
+
+  ocv_list_unique(OPENCV_MODULE_${full_modname}_REQ_DEPS)
+  ocv_list_unique(OPENCV_MODULE_${full_modname}_OPT_DEPS)
+  ocv_list_unique(OPENCV_MODULE_${full_modname}_PRIVATE_REQ_DEPS)
+  ocv_list_unique(OPENCV_MODULE_${full_modname}_PRIVATE_OPT_DEPS)
+  ocv_list_unique(OPENCV_MODULE_${full_modname}_WRAPPERS)
+
+  set(OPENCV_MODULE_${full_modname}_REQ_DEPS ${OPENCV_MODULE_${full_modname}_REQ_DEPS}
+    CACHE INTERNAL "Required dependencies of ${full_modname} module")
+  set(OPENCV_MODULE_${full_modname}_OPT_DEPS ${OPENCV_MODULE_${full_modname}_OPT_DEPS}
+    CACHE INTERNAL "Optional dependencies of ${full_modname} module")
+  set(OPENCV_MODULE_${full_modname}_PRIVATE_REQ_DEPS ${OPENCV_MODULE_${full_modname}_PRIVATE_REQ_DEPS}
+    CACHE INTERNAL "Required private dependencies of ${full_modname} module")
+  set(OPENCV_MODULE_${full_modname}_PRIVATE_OPT_DEPS ${OPENCV_MODULE_${full_modname}_PRIVATE_OPT_DEPS}
+    CACHE INTERNAL "Optional private dependencies of ${full_modname} module")
+  set(OPENCV_MODULE_${full_modname}_WRAPPERS ${OPENCV_MODULE_${full_modname}_WRAPPERS}
+    CACHE INTERNAL "List of wrappers supporting module ${full_modname}")
+endmacro()
+
+# declare new OpenCV module in current folder
+# Usage:
+#   ocv_add_module(<name> [INTERNAL|BINDINGS] [REQUIRED] [<list of dependencies>] [OPTIONAL <list of optional dependencies>] [WRAP <list of wrappers>])
+# Example:
+#   ocv_add_module(yaom INTERNAL opencv_core opencv_highgui opencv_flann OPTIONAL opencv_cudev)
+macro(ocv_add_module _name)
+  ocv_debug_message("ocv_add_module(" ${_name} ${ARGN} ")")
+  string(TOLOWER "${_name}" name)
+  set(the_module opencv_${name})
+
+  # the first pass - collect modules info, the second pass - create targets
+  if(OPENCV_INITIAL_PASS)
+    #guard agains redefinition
+    if(";${OPENCV_MODULES_BUILD};${OPENCV_MODULES_DISABLED_USER};" MATCHES ";${the_module};")
+      message(FATAL_ERROR "Redefinition of the ${the_module} module.
+  at:                    ${CMAKE_CURRENT_SOURCE_DIR}
+  previously defined at: ${OPENCV_MODULE_${the_module}_LOCATION}
+")
+    endif()
+
+    if(NOT DEFINED the_description)
+      set(the_description "The ${name} OpenCV module")
+    endif()
+
+    if(NOT DEFINED BUILD_${the_module}_INIT)
+      set(BUILD_${the_module}_INIT ON)
+    endif()
+
+    # create option to enable/disable this module
+    option(BUILD_${the_module} "Include ${the_module} module into the OpenCV build" ${BUILD_${the_module}_INIT})
+
+    # remember the module details
+    set(OPENCV_MODULE_${the_module}_DESCRIPTION "${the_description}" CACHE INTERNAL "Brief description of ${the_module} module")
+    set(OPENCV_MODULE_${the_module}_LOCATION    "${CMAKE_CURRENT_SOURCE_DIR}" CACHE INTERNAL "Location of ${the_module} module sources")
+
+    set(OPENCV_MODULE_${the_module}_LINK_DEPS "" CACHE INTERNAL "")
+
+    # parse list of dependencies
+    if("${ARGV1}" STREQUAL "INTERNAL" OR "${ARGV1}" STREQUAL "BINDINGS")
+      set(OPENCV_MODULE_${the_module}_CLASS "${ARGV1}" CACHE INTERNAL "The category of the module")
+      set(__ocv_argn__ ${ARGN})
+      list(REMOVE_AT __ocv_argn__ 0)
+      ocv_add_dependencies(${the_module} ${__ocv_argn__})
+      unset(__ocv_argn__)
+    else()
+      set(OPENCV_MODULE_${the_module}_CLASS "PUBLIC" CACHE INTERNAL "The category of the module")
+      ocv_add_dependencies(${the_module} ${ARGN})
+      if(BUILD_${the_module})
+        set(OPENCV_MODULES_PUBLIC ${OPENCV_MODULES_PUBLIC} "${the_module}" CACHE INTERNAL "List of OpenCV modules marked for export")
+      endif()
+    endif()
+
+    # add HAL as dependency
+    if(NOT "${the_module}" STREQUAL "opencv_hal")
+      ocv_add_dependencies(${the_module} opencv_hal)
+    endif()
+
+    # add self to the world dependencies
+    if((NOT DEFINED OPENCV_MODULE_IS_PART_OF_WORLD
+        AND NOT OPENCV_MODULE_${the_module}_CLASS STREQUAL "BINDINGS"
+        AND NOT OPENCV_PROCESSING_EXTRA_MODULES)
+        OR OPENCV_MODULE_IS_PART_OF_WORLD
+        )
+      set(OPENCV_MODULE_${the_module}_IS_PART_OF_WORLD ON CACHE INTERNAL "")
+      ocv_add_dependencies(opencv_world OPTIONAL ${the_module})
+    else()
+      set(OPENCV_MODULE_${the_module}_IS_PART_OF_WORLD OFF CACHE INTERNAL "")
+    endif()
+
+    if(BUILD_${the_module})
+      set(OPENCV_MODULES_BUILD ${OPENCV_MODULES_BUILD} "${the_module}" CACHE INTERNAL "List of OpenCV modules included into the build")
+    else()
+      set(OPENCV_MODULES_DISABLED_USER ${OPENCV_MODULES_DISABLED_USER} "${the_module}" CACHE INTERNAL "List of OpenCV modules explicitly disabled by user")
+    endif()
+
+    # add submodules if any
+    set(OPENCV_MODULE_${the_module}_CHILDREN "${OPENCV_MODULE_CHILDREN}" CACHE INTERNAL "List of ${the_module} submodules")
+
+    # add reverse wrapper dependencies
+    foreach (wrapper ${OPENCV_MODULE_${the_module}_WRAPPERS})
+      ocv_add_dependencies(opencv_${wrapper} OPTIONAL ${the_module})
+    endforeach()
+
+    # stop processing of current file
+    return()
+  else()
+    set(OPENCV_MODULE_${the_module}_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}" CACHE INTERNAL "")
+    if(NOT BUILD_${the_module})
+      return() # extra protection from redefinition
+    endif()
+    if((NOT OPENCV_MODULE_${the_module}_IS_PART_OF_WORLD AND NOT ${the_module} STREQUAL opencv_world) OR NOT ${BUILD_opencv_world})
+      project(${the_module})
+    endif()
+  endif()
+endmacro()
+
+# excludes module from current configuration
+macro(ocv_module_disable module)
+  set(__modname ${module})
+  if(NOT __modname MATCHES "^opencv_")
+    set(__modname opencv_${module})
+  endif()
+  list(APPEND OPENCV_MODULES_DISABLED_FORCE "${__modname}")
+  set(HAVE_${__modname} OFF CACHE INTERNAL "Module ${__modname} can not be built in current configuration")
+  set(OPENCV_MODULE_${__modname}_LOCATION "${CMAKE_CURRENT_SOURCE_DIR}" CACHE INTERNAL "Location of ${__modname} module sources")
+  set(OPENCV_MODULES_DISABLED_FORCE "${OPENCV_MODULES_DISABLED_FORCE}" CACHE INTERNAL "List of OpenCV modules which can not be build in current configuration")
+  if(BUILD_${__modname})
+    # touch variable controlling build of the module to suppress "unused variable" CMake warning
+  endif()
+  unset(__modname)
+  return() # leave the current folder
+endmacro()
+
+
+# collect modules from specified directories
+# NB: must be called only once!
+macro(ocv_glob_modules)
+  if(DEFINED OPENCV_INITIAL_PASS)
+    message(FATAL_ERROR "OpenCV has already loaded its modules. Calling ocv_glob_modules second time is not allowed.")
+  endif()
+  set(__directories_observed "")
+
+  # collect modules
+  set(OPENCV_INITIAL_PASS ON)
+  set(OPENCV_PROCESSING_EXTRA_MODULES 0)
+  foreach(__path ${ARGN})
+    if("${__path}" STREQUAL "EXTRA")
+      set(OPENCV_PROCESSING_EXTRA_MODULES 1)
+    endif()
+    get_filename_component(__path "${__path}" ABSOLUTE)
+
+    list(FIND __directories_observed "${__path}" __pathIdx)
+    if(__pathIdx GREATER -1)
+      message(FATAL_ERROR "The directory ${__path} is observed for OpenCV modules second time.")
+    endif()
+    list(APPEND __directories_observed "${__path}")
+
+    file(GLOB __ocvmodules RELATIVE "${__path}" "${__path}/*")
+    if(__ocvmodules)
+      list(SORT __ocvmodules)
+      foreach(mod ${__ocvmodules})
+        get_filename_component(__modpath "${__path}/${mod}" ABSOLUTE)
+        if(EXISTS "${__modpath}/CMakeLists.txt")
+
+          list(FIND __directories_observed "${__modpath}" __pathIdx)
+          if(__pathIdx GREATER -1)
+            message(FATAL_ERROR "The module from ${__modpath} is already loaded.")
+          endif()
+          list(APPEND __directories_observed "${__modpath}")
+
+          add_subdirectory("${__modpath}" "${CMAKE_CURRENT_BINARY_DIR}/${mod}/.${mod}")
+        endif()
+      endforeach()
+    endif()
+  endforeach()
+  ocv_clear_vars(__ocvmodules __directories_observed __path __modpath __pathIdx)
+
+  # resolve dependencies
+  __ocv_resolve_dependencies()
+
+  # create modules
+  set(OPENCV_INITIAL_PASS OFF PARENT_SCOPE)
+  set(OPENCV_INITIAL_PASS OFF)
+  if(${BUILD_opencv_world})
+    add_subdirectory("${OPENCV_MODULE_opencv_world_LOCATION}" "${CMAKE_CURRENT_BINARY_DIR}/world")
+    foreach(m ${OPENCV_MODULES_BUILD})
+      if(NOT OPENCV_MODULE_${m}_IS_PART_OF_WORLD AND NOT ${m} STREQUAL opencv_world)
+        message(STATUS "Processing module ${m}...")
+        if(m MATCHES "^opencv_")
+          string(REGEX REPLACE "^opencv_" "" __shortname "${m}")
+          add_subdirectory("${OPENCV_MODULE_${m}_LOCATION}" "${CMAKE_CURRENT_BINARY_DIR}/${__shortname}")
+        else()
+          message(WARNING "Check module name: ${m}")
+          add_subdirectory("${OPENCV_MODULE_${m}_LOCATION}" "${CMAKE_CURRENT_BINARY_DIR}/${m}")
+        endif()
+      endif()
+    endforeach()
+  else()
+    foreach(m ${OPENCV_MODULES_BUILD})
+      if(m MATCHES "^opencv_")
+        string(REGEX REPLACE "^opencv_" "" __shortname "${m}")
+        add_subdirectory("${OPENCV_MODULE_${m}_LOCATION}" "${CMAKE_CURRENT_BINARY_DIR}/${__shortname}")
+      else()
+        message(WARNING "Check module name: ${m}")
+        add_subdirectory("${OPENCV_MODULE_${m}_LOCATION}" "${CMAKE_CURRENT_BINARY_DIR}/${m}")
+      endif()
+    endforeach()
+  endif()
+  unset(__shortname)
+endmacro()
+
+
+# disables OpenCV module with missing dependencies
+function(__ocv_module_turn_off the_module)
+  list(REMOVE_ITEM OPENCV_MODULES_DISABLED_AUTO "${the_module}")
+  list(APPEND OPENCV_MODULES_DISABLED_AUTO "${the_module}")
+  list(REMOVE_ITEM OPENCV_MODULES_BUILD "${the_module}")
+  list(REMOVE_ITEM OPENCV_MODULES_PUBLIC "${the_module}")
+  set(HAVE_${the_module} OFF CACHE INTERNAL "Module ${the_module} can not be built in current configuration")
+
+  set(OPENCV_MODULES_DISABLED_AUTO "${OPENCV_MODULES_DISABLED_AUTO}" CACHE INTERNAL "")
+  set(OPENCV_MODULES_BUILD "${OPENCV_MODULES_BUILD}" CACHE INTERNAL "")
+  set(OPENCV_MODULES_PUBLIC "${OPENCV_MODULES_PUBLIC}" CACHE INTERNAL "")
+endfunction()
+
+# sort modules by dependencies
+function(__ocv_sort_modules_by_deps __lst)
+  ocv_list_sort(${__lst})
+  set(input ${${__lst}})
+  set(result "")
+  while(input)
+    list(LENGTH input length_before)
+    foreach (m ${input})
+      # check if module is in the result already
+      if (NOT ";${result};" MATCHES ";${m};")
+        # scan through module dependencies...
+        set(unresolved_deps_found FALSE)
+        foreach (d ${OPENCV_MODULE_${m}_CHILDREN} ${OPENCV_MODULE_${m}_DEPS})
+          # ... which are not already in the result and are enabled
+          if ((NOT ";${result};" MATCHES ";${d};") AND HAVE_${d})
+            set(unresolved_deps_found TRUE)
+            break()
+          endif()
+        endforeach()
+        # chek if all dependencies for this module has been resolved
+        if (NOT unresolved_deps_found)
+          list(APPEND result ${m})
+          list(REMOVE_ITEM input ${m})
+        endif()
+      endif()
+    endforeach()
+    list(LENGTH input length_after)
+    # check for infinite loop or unresolved dependencies
+    if (NOT length_after LESS length_before)
+      message(WARNING "Unresolved dependencies or loop in dependency graph (${length_after})\n"
+        "Processed ${__lst}: ${${__lst}}\n"
+        "Good modules: ${result}\n"
+        "Bad modules: ${input}"
+      )
+      list(APPEND result ${input})
+      break()
+    endif()
+  endwhile()
+  set(${__lst} "${result}" PARENT_SCOPE)
+endfunction()
+
+# resolve dependensies
+function(__ocv_resolve_dependencies)
+  foreach(m ${OPENCV_MODULES_DISABLED_USER})
+    set(HAVE_${m} OFF CACHE INTERNAL "Module ${m} will not be built in current configuration")
+  endforeach()
+  foreach(m ${OPENCV_MODULES_BUILD})
+    set(HAVE_${m} ON CACHE INTERNAL "Module ${m} will be built in current configuration")
+  endforeach()
+
+  # disable MODULES with unresolved dependencies
+  set(has_changes ON)
+  while(has_changes)
+    set(has_changes OFF)
+    foreach(m ${OPENCV_MODULES_BUILD})
+      set(__deps ${OPENCV_MODULE_${m}_REQ_DEPS} ${OPENCV_MODULE_${m}_PRIVATE_REQ_DEPS})
+      while(__deps)
+        ocv_list_pop_front(__deps d)
+        string(TOLOWER "${d}" upper_d)
+        if(NOT (HAVE_${d} OR HAVE_${upper_d} OR TARGET ${d} OR EXISTS ${d}))
+          if(d MATCHES "^opencv_") # TODO Remove this condition in the future and use HAVE_ variables only
+            message(STATUS "Module ${m} disabled because ${d} dependency can't be resolved!")
+            __ocv_module_turn_off(${m})
+            set(has_changes ON)
+            break()
+          else()
+            message(STATUS "Assume that non-module dependency is available: ${d} (for module ${m})")
+          endif()
+        endif()
+      endwhile()
+    endforeach()
+  endwhile()
+
+#  message(STATUS "List of active modules: ${OPENCV_MODULES_BUILD}")
+
+  foreach(m ${OPENCV_MODULES_BUILD})
+    set(deps_${m} ${OPENCV_MODULE_${m}_REQ_DEPS})
+    foreach(d ${OPENCV_MODULE_${m}_OPT_DEPS})
+      if(NOT (";${deps_${m}};" MATCHES ";${d};"))
+        if(HAVE_${d} OR TARGET ${d})
+          list(APPEND deps_${m} ${d})
+        endif()
+      endif()
+    endforeach()
+#    message(STATUS "Initial deps of ${m} (w/o private deps): ${deps_${m}}")
+  endforeach()
+
+  # propagate dependencies
+  set(has_changes ON)
+  while(has_changes)
+    set(has_changes OFF)
+    foreach(m2 ${OPENCV_MODULES_BUILD}) # transfer deps of m2 to m
+      foreach(m ${OPENCV_MODULES_BUILD})
+        if((NOT m STREQUAL m2) AND ";${deps_${m}};" MATCHES ";${m2};")
+          foreach(d ${deps_${m2}})
+            if(NOT (";${deps_${m}};" MATCHES ";${d};"))
+#              message(STATUS "  Transfer dependency ${d} from ${m2} to ${m}")
+              list(APPEND deps_${m} ${d})
+              set(has_changes ON)
+            endif()
+          endforeach()
+        endif()
+      endforeach()
+    endforeach()
+  endwhile()
+
+  # process private deps
+  foreach(m ${OPENCV_MODULES_BUILD})
+    foreach(d ${OPENCV_MODULE_${m}_PRIVATE_REQ_DEPS})
+      if(NOT (";${deps_${m}};" MATCHES ";${d};"))
+        list(APPEND deps_${m} ${d})
+      endif()
+    endforeach()
+    foreach(d ${OPENCV_MODULE_${m}_PRIVATE_OPT_DEPS})
+      if(NOT (";${deps_${m}};" MATCHES ";${d};"))
+        if(HAVE_${d} OR TARGET ${d})
+          list(APPEND deps_${m} ${d})
+        endif()
+      endif()
+    endforeach()
+  endforeach()
+
+  ocv_list_sort(OPENCV_MODULES_BUILD)
+
+  foreach(m ${OPENCV_MODULES_BUILD})
+#    message(STATUS "FULL deps of ${m}: ${deps_${m}}")
+    set(OPENCV_MODULE_${m}_DEPS ${deps_${m}})
+    set(OPENCV_MODULE_${m}_DEPS_EXT ${deps_${m}})
+    ocv_list_filterout(OPENCV_MODULE_${m}_DEPS_EXT "^opencv_[^ ]+$")
+    if(OPENCV_MODULE_${m}_DEPS_EXT AND OPENCV_MODULE_${m}_DEPS)
+      list(REMOVE_ITEM OPENCV_MODULE_${m}_DEPS ${OPENCV_MODULE_${m}_DEPS_EXT})
+    endif()
+  endforeach()
+
+  # reorder dependencies
+  foreach(m ${OPENCV_MODULES_BUILD})
+    __ocv_sort_modules_by_deps(OPENCV_MODULE_${m}_DEPS)
+    ocv_list_sort(OPENCV_MODULE_${m}_DEPS_EXT)
+
+    set(LINK_DEPS ${OPENCV_MODULE_${m}_DEPS})
+
+    # process world
+    if(BUILD_opencv_world)
+      if(OPENCV_MODULE_${m}_IS_PART_OF_WORLD)
+        list(APPEND OPENCV_WORLD_MODULES ${m})
+      endif()
+      foreach(m2 ${OPENCV_MODULES_BUILD})
+        if(OPENCV_MODULE_${m2}_IS_PART_OF_WORLD)
+          if(";${LINK_DEPS};" MATCHES ";${m2};")
+            list(REMOVE_ITEM LINK_DEPS ${m2})
+            if(NOT (";${LINK_DEPS};" MATCHES ";opencv_world;") AND NOT (${m} STREQUAL opencv_world))
+              list(APPEND LINK_DEPS opencv_world)
+            endif()
+          endif()
+          if(${m} STREQUAL opencv_world)
+            list(APPEND OPENCV_MODULE_opencv_world_DEPS_EXT ${OPENCV_MODULE_${m2}_DEPS_EXT})
+          endif()
+        endif()
+      endforeach()
+    endif()
+
+    set(OPENCV_MODULE_${m}_DEPS ${OPENCV_MODULE_${m}_DEPS} CACHE INTERNAL "Flattened dependencies of ${m} module")
+    set(OPENCV_MODULE_${m}_DEPS_EXT ${OPENCV_MODULE_${m}_DEPS_EXT} CACHE INTERNAL "Extra dependencies of ${m} module")
+    set(OPENCV_MODULE_${m}_DEPS_TO_LINK ${LINK_DEPS} CACHE INTERNAL "Flattened dependencies of ${m} module (for linker)")
+
+#    message(STATUS "  module deps of ${m}: ${OPENCV_MODULE_${m}_DEPS}")
+#    message(STATUS "  module link deps of ${m}: ${OPENCV_MODULE_${m}_DEPS_TO_LINK}")
+#    message(STATUS "  extra deps of ${m}: ${OPENCV_MODULE_${m}_DEPS_EXT}")
+#    message(STATUS "")
+  endforeach()
+
+  __ocv_sort_modules_by_deps(OPENCV_MODULES_BUILD)
+
+  set(OPENCV_MODULES_PUBLIC        ${OPENCV_MODULES_PUBLIC}        CACHE INTERNAL "List of OpenCV modules marked for export")
+  set(OPENCV_MODULES_BUILD         ${OPENCV_MODULES_BUILD}         CACHE INTERNAL "List of OpenCV modules included into the build")
+  set(OPENCV_MODULES_DISABLED_AUTO ${OPENCV_MODULES_DISABLED_AUTO} CACHE INTERNAL "List of OpenCV modules implicitly disabled due to dependencies")
+  set(OPENCV_WORLD_MODULES         ${OPENCV_WORLD_MODULES}         CACHE INTERNAL "List of OpenCV modules included into the world")
+endfunction()
+
+
+# setup include paths for the list of passed modules
+macro(ocv_include_modules)
+  foreach(d ${ARGN})
+    if(d MATCHES "^opencv_" AND HAVE_${d})
+      if (EXISTS "${OPENCV_MODULE_${d}_LOCATION}/include")
+        ocv_include_directories("${OPENCV_MODULE_${d}_LOCATION}/include")
+      endif()
+    elseif(EXISTS "${d}")
+      ocv_include_directories("${d}")
+    endif()
+  endforeach()
+endmacro()
+
+# same as previous but with dependencies
+macro(ocv_include_modules_recurse)
+  ocv_include_modules(${ARGN})
+  foreach(d ${ARGN})
+    if(d MATCHES "^opencv_" AND HAVE_${d} AND DEFINED OPENCV_MODULE_${d}_DEPS)
+      foreach (sub ${OPENCV_MODULE_${d}_DEPS})
+        ocv_include_modules(${sub})
+      endforeach()
+    endif()
+  endforeach()
+endmacro()
+
+# setup include paths for the list of passed modules
+macro(ocv_target_include_modules target)
+  foreach(d ${ARGN})
+    if(d MATCHES "^opencv_" AND HAVE_${d})
+      if (EXISTS "${OPENCV_MODULE_${d}_LOCATION}/include")
+        ocv_target_include_directories(${target} "${OPENCV_MODULE_${d}_LOCATION}/include")
+      endif()
+    elseif(EXISTS "${d}")
+      ocv_target_include_directories(${target} "${d}")
+    endif()
+  endforeach()
+endmacro()
+
+# setup include paths for the list of passed modules and recursively add dependent modules
+macro(ocv_target_include_modules_recurse target)
+  foreach(d ${ARGN})
+    if(d MATCHES "^opencv_" AND HAVE_${d})
+      if (EXISTS "${OPENCV_MODULE_${d}_LOCATION}/include")
+        ocv_target_include_directories(${target} "${OPENCV_MODULE_${d}_LOCATION}/include")
+      endif()
+      if(OPENCV_MODULE_${d}_DEPS)
+        ocv_target_include_modules(${target} ${OPENCV_MODULE_${d}_DEPS})
+      endif()
+    elseif(EXISTS "${d}")
+      ocv_target_include_directories(${target} "${d}")
+    endif()
+  endforeach()
+endmacro()
+
+# setup include path for OpenCV headers for specified module
+# ocv_module_include_directories(<extra include directories/extra include modules>)
+macro(ocv_module_include_directories)
+  ocv_target_include_directories(${the_module}
+      "${OPENCV_MODULE_${the_module}_LOCATION}/include"
+      "${OPENCV_MODULE_${the_module}_LOCATION}/src"
+      "${CMAKE_CURRENT_BINARY_DIR}" # for precompiled headers
+      )
+  ocv_target_include_modules(${the_module} ${OPENCV_MODULE_${the_module}_DEPS} ${ARGN})
+endmacro()
+
+
+# sets header and source files for the current module
+# NB: all files specified as headers will be installed
+# Usage:
+# ocv_set_module_sources([HEADERS] <list of files> [SOURCES] <list of files>)
+macro(ocv_set_module_sources)
+  ocv_debug_message("ocv_set_module_sources(" ${ARGN} ")")
+
+  set(OPENCV_MODULE_${the_module}_HEADERS "")
+  set(OPENCV_MODULE_${the_module}_SOURCES "")
+
+  foreach(f "HEADERS" ${ARGN})
+    if(f STREQUAL "HEADERS" OR f STREQUAL "SOURCES")
+      set(__filesvar "OPENCV_MODULE_${the_module}_${f}")
+    else()
+      list(APPEND ${__filesvar} "${f}")
+    endif()
+  endforeach()
+
+  # the hacky way to embeed any files into the OpenCV without modification of its build system
+  if(COMMAND ocv_get_module_external_sources)
+    ocv_get_module_external_sources()
+  endif()
+
+  # use full paths for module to be independent from the module location
+  ocv_convert_to_full_paths(OPENCV_MODULE_${the_module}_HEADERS)
+
+  set(OPENCV_MODULE_${the_module}_HEADERS ${OPENCV_MODULE_${the_module}_HEADERS} CACHE INTERNAL "List of header files for ${the_module}")
+  set(OPENCV_MODULE_${the_module}_SOURCES ${OPENCV_MODULE_${the_module}_SOURCES} CACHE INTERNAL "List of source files for ${the_module}")
+endmacro()
+
+# finds and sets headers and sources for the standard OpenCV module
+# Usage:
+# ocv_glob_module_sources([EXCLUDE_CUDA] <extra sources&headers in the same format as used in ocv_set_module_sources>)
+macro(ocv_glob_module_sources)
+  ocv_debug_message("ocv_glob_module_sources(" ${ARGN} ")")
+  set(_argn ${ARGN})
+  list(FIND _argn "EXCLUDE_CUDA" exclude_cuda)
+  if(NOT exclude_cuda EQUAL -1)
+    list(REMOVE_AT _argn ${exclude_cuda})
+  endif()
+
+  file(GLOB_RECURSE lib_srcs
+       "${CMAKE_CURRENT_LIST_DIR}/src/*.cpp"
+  )
+  file(GLOB_RECURSE lib_int_hdrs
+       "${CMAKE_CURRENT_LIST_DIR}/src/*.hpp"
+       "${CMAKE_CURRENT_LIST_DIR}/src/*.h"
+  )
+  file(GLOB lib_hdrs
+       "${CMAKE_CURRENT_LIST_DIR}/include/opencv2/*.hpp"
+       "${CMAKE_CURRENT_LIST_DIR}/include/opencv2/${name}/*.hpp"
+       "${CMAKE_CURRENT_LIST_DIR}/include/opencv2/${name}/*.h"
+  )
+  file(GLOB lib_hdrs_detail
+       "${CMAKE_CURRENT_LIST_DIR}/include/opencv2/${name}/detail/*.hpp"
+       "${CMAKE_CURRENT_LIST_DIR}/include/opencv2/${name}/detail/*.h"
+  )
+  if (APPLE)
+    file(GLOB_RECURSE lib_srcs_apple
+         "${CMAKE_CURRENT_LIST_DIR}/src/*.mm"
+    )
+    list(APPEND lib_srcs ${lib_srcs_apple})
+  endif()
+
+  ocv_source_group("Src" DIRBASE "${CMAKE_CURRENT_LIST_DIR}/src" FILES ${lib_srcs} ${lib_int_hdrs})
+  ocv_source_group("Include" DIRBASE "${CMAKE_CURRENT_LIST_DIR}/include" FILES ${lib_hdrs} ${lib_hdrs_detail})
+
+  set(lib_cuda_srcs "")
+  set(lib_cuda_hdrs "")
+  if(HAVE_CUDA AND exclude_cuda EQUAL -1)
+    file(GLOB lib_cuda_srcs
+         "${CMAKE_CURRENT_LIST_DIR}/src/cuda/*.cu"
+    )
+    file(GLOB lib_cuda_hdrs
+         "${CMAKE_CURRENT_LIST_DIR}/src/cuda/*.hpp"
+    )
+    source_group("Src\\Cuda"      FILES ${lib_cuda_srcs} ${lib_cuda_hdrs})
+  endif()
+
+  file(GLOB cl_kernels
+       "${CMAKE_CURRENT_LIST_DIR}/src/opencl/*.cl"
+  )
+  if(cl_kernels)
+    set(OCL_NAME opencl_kernels_${name})
+    ocv_include_directories(${OPENCL_INCLUDE_DIRS})
+    add_custom_command(
+      OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/${OCL_NAME}.cpp" "${CMAKE_CURRENT_BINARY_DIR}/${OCL_NAME}.hpp"
+      COMMAND ${CMAKE_COMMAND} -DMODULE_NAME="${name}" -DCL_DIR="${CMAKE_CURRENT_LIST_DIR}/src/opencl" -DOUTPUT="${CMAKE_CURRENT_BINARY_DIR}/${OCL_NAME}.cpp" -P "${OpenCV_SOURCE_DIR}/cmake/cl2cpp.cmake"
+      DEPENDS ${cl_kernels} "${OpenCV_SOURCE_DIR}/cmake/cl2cpp.cmake")
+    ocv_source_group("Src\\opencl\\kernels" FILES ${cl_kernels})
+    ocv_source_group("Src\\opencl\\kernels\\autogenerated" FILES "${CMAKE_CURRENT_BINARY_DIR}/${OCL_NAME}.cpp" "${CMAKE_CURRENT_BINARY_DIR}/${OCL_NAME}.hpp")
+    list(APPEND lib_srcs ${cl_kernels} "${CMAKE_CURRENT_BINARY_DIR}/${OCL_NAME}.cpp" "${CMAKE_CURRENT_BINARY_DIR}/${OCL_NAME}.hpp")
+  endif()
+
+  ocv_set_module_sources(${_argn} HEADERS ${lib_hdrs} ${lib_hdrs_detail}
+                         SOURCES ${lib_srcs} ${lib_int_hdrs} ${lib_cuda_srcs} ${lib_cuda_hdrs})
+endmacro()
+
+# creates OpenCV module in current folder
+# creates new target, configures standard dependencies, compilers flags, install rules
+# Usage:
+#   ocv_create_module(<extra link dependencies>)
+#   ocv_create_module()
+macro(ocv_create_module)
+  ocv_debug_message("ocv_create_module(" ${ARGN} ")")
+  set(OPENCV_MODULE_${the_module}_LINK_DEPS "${OPENCV_MODULE_${the_module}_LINK_DEPS};${ARGN}" CACHE INTERNAL "")
+  if(${BUILD_opencv_world} AND OPENCV_MODULE_${the_module}_IS_PART_OF_WORLD)
+    # nothing
+    set(the_module_target opencv_world)
+  else()
+    _ocv_create_module(${ARGN})
+    set(the_module_target ${the_module})
+  endif()
+endmacro()
+
+macro(_ocv_create_module)
+  # The condition we ought to be testing here is whether ocv_add_precompiled_headers will
+  # be called at some point in the future. We can't look into the future, though,
+  # so this will have to do.
+  if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/src/precomp.hpp" AND NOT ${the_module} STREQUAL opencv_world)
+    get_native_precompiled_header(${the_module} precomp.hpp)
+  endif()
+
+  set(sub_objs "")
+  set(sub_links "")
+  set(cuda_objs "")
+  if (OPENCV_MODULE_${the_module}_CHILDREN)
+    status("Complex module ${the_module}")
+    foreach (m ${OPENCV_MODULE_${the_module}_CHILDREN})
+      if (BUILD_${m} AND TARGET ${m}_object)
+        get_target_property(_sub_links ${m} LINK_LIBRARIES)
+        list(APPEND sub_objs $<TARGET_OBJECTS:${m}_object>)
+        list(APPEND sub_links ${_sub_links})
+        status("    + ${m}")
+      else()
+        status("    - ${m}")
+      endif()
+      list(APPEND cuda_objs ${OPENCV_MODULE_${m}_CUDA_OBJECTS})
+    endforeach()
+  endif()
+
+  ocv_add_library(${the_module} ${OPENCV_MODULE_TYPE} ${OPENCV_MODULE_${the_module}_HEADERS} ${OPENCV_MODULE_${the_module}_SOURCES}
+    "${OPENCV_CONFIG_FILE_INCLUDE_DIR}/cvconfig.h" "${OPENCV_CONFIG_FILE_INCLUDE_DIR}/opencv2/opencv_modules.hpp"
+    ${${the_module}_pch} ${sub_objs})
+
+  if (cuda_objs)
+    target_link_libraries(${the_module} ${cuda_objs})
+  endif()
+
+  # TODO: is it needed?
+  if (sub_links)
+    ocv_list_filterout(sub_links "^opencv_")
+    ocv_list_unique(sub_links)
+    target_link_libraries(${the_module} ${sub_links})
+  endif()
+
+  unset(sub_objs)
+  unset(sub_links)
+  unset(cuda_objs)
+
+  ocv_target_link_libraries(${the_module} ${OPENCV_MODULE_${the_module}_DEPS_TO_LINK})
+  ocv_target_link_libraries(${the_module} LINK_INTERFACE_LIBRARIES ${OPENCV_MODULE_${the_module}_DEPS_TO_LINK})
+  ocv_target_link_libraries(${the_module} ${OPENCV_MODULE_${the_module}_DEPS_EXT} ${OPENCV_LINKER_LIBS} ${IPP_LIBS} ${ARGN})
+  if (HAVE_CUDA)
+    ocv_target_link_libraries(${the_module} ${CUDA_LIBRARIES} ${CUDA_npp_LIBRARY})
+  endif()
+
+  add_dependencies(opencv_modules ${the_module})
+
+  if(ENABLE_SOLUTION_FOLDERS)
+    set_target_properties(${the_module} PROPERTIES FOLDER "modules")
+  endif()
+
+  set_target_properties(${the_module} PROPERTIES
+    OUTPUT_NAME "${the_module}${OPENCV_DLLVERSION}"
+    DEBUG_POSTFIX "${OPENCV_DEBUG_POSTFIX}"
+    ARCHIVE_OUTPUT_DIRECTORY ${LIBRARY_OUTPUT_PATH}
+    LIBRARY_OUTPUT_DIRECTORY ${LIBRARY_OUTPUT_PATH}
+    RUNTIME_OUTPUT_DIRECTORY ${EXECUTABLE_OUTPUT_PATH}
+    INSTALL_NAME_DIR lib
+  )
+
+  # For dynamic link numbering convenions
+  if(NOT ANDROID)
+    # Android SDK build scripts can include only .so files into final .apk
+    # As result we should not set version properties for Android
+    set_target_properties(${the_module} PROPERTIES
+      VERSION ${OPENCV_LIBVERSION}
+      SOVERSION ${OPENCV_SOVERSION}
+    )
+  endif()
+
+  if((NOT DEFINED OPENCV_MODULE_TYPE AND BUILD_SHARED_LIBS)
+      OR (DEFINED OPENCV_MODULE_TYPE AND OPENCV_MODULE_TYPE STREQUAL SHARED))
+    set_target_properties(${the_module} PROPERTIES COMPILE_DEFINITIONS CVAPI_EXPORTS)
+    set_target_properties(${the_module} PROPERTIES DEFINE_SYMBOL CVAPI_EXPORTS)
+  endif()
+
+  if(MSVC)
+    if(CMAKE_CROSSCOMPILING)
+      set_target_properties(${the_module} PROPERTIES LINK_FLAGS "/NODEFAULTLIB:secchk")
+    endif()
+    set_target_properties(${the_module} PROPERTIES LINK_FLAGS "/NODEFAULTLIB:libc /DEBUG")
+  endif()
+
+  ocv_install_target(${the_module} EXPORT OpenCVModules OPTIONAL
+    RUNTIME DESTINATION ${OPENCV_BIN_INSTALL_PATH} COMPONENT libs
+    LIBRARY DESTINATION ${OPENCV_LIB_INSTALL_PATH} COMPONENT libs NAMELINK_SKIP
+    ARCHIVE DESTINATION ${OPENCV_LIB_INSTALL_PATH} COMPONENT dev
+    )
+  get_target_property(_target_type ${the_module} TYPE)
+  if("${_target_type}" STREQUAL "SHARED_LIBRARY")
+    install(TARGETS ${the_module}
+      LIBRARY DESTINATION ${OPENCV_LIB_INSTALL_PATH} COMPONENT dev NAMELINK_ONLY)
+  endif()
+
+  foreach(m ${OPENCV_MODULE_${the_module}_CHILDREN} ${the_module})
+    # only "public" headers need to be installed
+    if(OPENCV_MODULE_${m}_HEADERS AND ";${OPENCV_MODULES_PUBLIC};" MATCHES ";${m};")
+      foreach(hdr ${OPENCV_MODULE_${m}_HEADERS})
+        string(REGEX REPLACE "^.*opencv2/" "opencv2/" hdr2 "${hdr}")
+        if(NOT hdr2 MATCHES "opencv2/${m}/private.*" AND hdr2 MATCHES "^(opencv2/?.*)/[^/]+.h(..)?$" )
+          install(FILES ${hdr} OPTIONAL DESTINATION "${OPENCV_INCLUDE_INSTALL_PATH}/${CMAKE_MATCH_1}" COMPONENT dev)
+        endif()
+      endforeach()
+    endif()
+  endforeach()
+
+  _ocv_add_precompiled_headers(${the_module})
+
+  if (TARGET ${the_module}_object)
+    # copy COMPILE_DEFINITIONS
+    get_target_property(main_defs ${the_module} COMPILE_DEFINITIONS)
+    if (main_defs)
+      set_target_properties(${the_module}_object PROPERTIES COMPILE_DEFINITIONS ${main_defs})
+    endif()
+    # use same PCH
+    if (TARGET pch_Generate_${the_module})
+      add_dependencies(${the_module}_object pch_Generate_${the_module} )
+    endif()
+  endif()
+endmacro()
+
+# opencv precompiled headers macro (can add pch to modules and tests)
+# this macro must be called after any "add_definitions" commands, otherwise precompiled headers will not work
+# Usage:
+# ocv_add_precompiled_headers(${the_module})
+macro(_ocv_add_precompiled_headers the_target)
+  ocv_debug_message("ocv_add_precompiled_headers(" ${the_target} ${ARGN} ")")
+
+  if("${the_target}" MATCHES "^opencv_test_.*$")
+    SET(pch_path "test/test_")
+  elseif("${the_target}" MATCHES "^opencv_perf_.*$")
+    SET(pch_path "perf/perf_")
+  else()
+    SET(pch_path "src/")
+  endif()
+  ocv_add_precompiled_header_to_target(${the_target} "${CMAKE_CURRENT_SOURCE_DIR}/${pch_path}precomp.hpp")
+  unset(pch_path)
+endmacro()
+
+# short command for adding simple OpenCV module
+# see ocv_add_module for argument details
+# Usage:
+# ocv_define_module(module_name  [INTERNAL] [EXCLUDE_CUDA] [REQUIRED] [<list of dependencies>] [OPTIONAL <list of optional dependencies>] [WRAP <list of wrappers>])
+macro(ocv_define_module module_name)
+  ocv_debug_message("ocv_define_module(" ${module_name} ${ARGN} ")")
+  set(_argn ${ARGN})
+  set(exclude_cuda "")
+  foreach(arg ${_argn})
+    if("${arg}" STREQUAL "EXCLUDE_CUDA")
+      set(exclude_cuda "${arg}")
+      list(REMOVE_ITEM _argn ${arg})
+    endif()
+  endforeach()
+
+  ocv_add_module(${module_name} ${_argn})
+  ocv_glob_module_sources(${exclude_cuda})
+  ocv_module_include_directories()
+  ocv_create_module()
+
+  ocv_add_accuracy_tests()
+  ocv_add_perf_tests()
+  ocv_add_samples()
+endmacro()
+
+# ensures that all passed modules are available
+# sets OCV_DEPENDENCIES_FOUND variable to TRUE/FALSE
+macro(ocv_check_dependencies)
+  set(OCV_DEPENDENCIES_FOUND TRUE)
+  foreach(d ${ARGN})
+    if(d MATCHES "^opencv_[^ ]+$" AND NOT HAVE_${d})
+      set(OCV_DEPENDENCIES_FOUND FALSE)
+      break()
+    endif()
+  endforeach()
+endmacro()
+
+# auxiliary macro to parse arguments of ocv_add_accuracy_tests and ocv_add_perf_tests commands
+macro(__ocv_parse_test_sources tests_type)
+  set(OPENCV_${tests_type}_${the_module}_SOURCES "")
+  set(OPENCV_${tests_type}_${the_module}_DEPS "")
+  set(__file_group_name "")
+  set(__file_group_sources "")
+  foreach(arg "DEPENDS_ON" ${ARGN} "FILES")
+    if(arg STREQUAL "FILES")
+      set(__currentvar "__file_group_sources")
+      if(__file_group_name AND __file_group_sources)
+        source_group("${__file_group_name}" FILES ${__file_group_sources})
+        list(APPEND OPENCV_${tests_type}_${the_module}_SOURCES ${__file_group_sources})
+      endif()
+      set(__file_group_name "")
+      set(__file_group_sources "")
+    elseif(arg STREQUAL "DEPENDS_ON")
+      set(__currentvar "OPENCV_${tests_type}_${the_module}_DEPS")
+    elseif(" ${__currentvar}" STREQUAL " __file_group_sources" AND NOT __file_group_name) # spaces to avoid CMP0054
+      set(__file_group_name "${arg}")
+    else()
+      list(APPEND ${__currentvar} "${arg}")
+    endif()
+  endforeach()
+  unset(__file_group_name)
+  unset(__file_group_sources)
+  unset(__currentvar)
+endmacro()
+
+# this is a command for adding OpenCV performance tests to the module
+# ocv_add_perf_tests(<extra_dependencies>)
+function(ocv_add_perf_tests)
+  ocv_debug_message("ocv_add_perf_tests(" ${ARGN} ")")
+
+  set(perf_path "${CMAKE_CURRENT_LIST_DIR}/perf")
+  if(BUILD_PERF_TESTS AND EXISTS "${perf_path}")
+    __ocv_parse_test_sources(PERF ${ARGN})
+
+    # opencv_imgcodecs is required for imread/imwrite
+    set(perf_deps opencv_ts ${the_module} opencv_imgcodecs ${OPENCV_MODULE_${the_module}_DEPS} ${OPENCV_MODULE_opencv_ts_DEPS})
+    ocv_check_dependencies(${perf_deps})
+
+    if(OCV_DEPENDENCIES_FOUND)
+      set(the_target "opencv_perf_${name}")
+      # project(${the_target})
+
+      if(NOT OPENCV_PERF_${the_module}_SOURCES)
+        file(GLOB_RECURSE perf_srcs "${perf_path}/*.cpp")
+        file(GLOB_RECURSE perf_hdrs "${perf_path}/*.hpp" "${perf_path}/*.h")
+        ocv_source_group("Src" DIRBASE "${perf_path}" FILES ${perf_srcs})
+        ocv_source_group("Include" DIRBASE "${perf_path}" FILES ${perf_hdrs})
+        set(OPENCV_PERF_${the_module}_SOURCES ${perf_srcs} ${perf_hdrs})
+      endif()
+
+      if(NOT BUILD_opencv_world)
+        get_native_precompiled_header(${the_target} perf_precomp.hpp)
+      endif()
+
+      ocv_add_executable(${the_target} ${OPENCV_PERF_${the_module}_SOURCES} ${${the_target}_pch})
+      ocv_target_include_modules(${the_target} ${perf_deps} "${perf_path}")
+      ocv_target_link_libraries(${the_target} ${perf_deps} ${OPENCV_MODULE_${the_module}_DEPS} ${OPENCV_LINKER_LIBS})
+      add_dependencies(opencv_perf_tests ${the_target})
+
+      # Additional target properties
+      set_target_properties(${the_target} PROPERTIES
+        DEBUG_POSTFIX "${OPENCV_DEBUG_POSTFIX}"
+        RUNTIME_OUTPUT_DIRECTORY "${EXECUTABLE_OUTPUT_PATH}"
+      )
+
+      if(ENABLE_SOLUTION_FOLDERS)
+        set_target_properties(${the_target} PROPERTIES FOLDER "tests performance")
+      endif()
+
+      if(NOT BUILD_opencv_world)
+        _ocv_add_precompiled_headers(${the_target})
+      endif()
+    else(OCV_DEPENDENCIES_FOUND)
+      # TODO: warn about unsatisfied dependencies
+    endif(OCV_DEPENDENCIES_FOUND)
+    if(INSTALL_TESTS)
+      install(TARGETS ${the_target} RUNTIME DESTINATION ${OPENCV_TEST_INSTALL_PATH} COMPONENT tests)
+    endif()
+  endif()
+endfunction()
+
+# this is a command for adding OpenCV accuracy/regression tests to the module
+# ocv_add_accuracy_tests([FILES <source group name> <list of sources>] [DEPENDS_ON] <list of extra dependencies>)
+function(ocv_add_accuracy_tests)
+  ocv_debug_message("ocv_add_accuracy_tests(" ${ARGN} ")")
+
+  set(test_path "${CMAKE_CURRENT_LIST_DIR}/test")
+  if(BUILD_TESTS AND EXISTS "${test_path}")
+    __ocv_parse_test_sources(TEST ${ARGN})
+
+    # opencv_imgcodecs is required for imread/imwrite
+    set(test_deps opencv_ts ${the_module} opencv_imgcodecs opencv_videoio ${OPENCV_MODULE_${the_module}_DEPS} ${OPENCV_MODULE_opencv_ts_DEPS})
+    ocv_check_dependencies(${test_deps})
+    if(OCV_DEPENDENCIES_FOUND)
+      set(the_target "opencv_test_${name}")
+      # project(${the_target})
+
+      if(NOT OPENCV_TEST_${the_module}_SOURCES)
+        file(GLOB_RECURSE test_srcs "${test_path}/*.cpp")
+        file(GLOB_RECURSE test_hdrs "${test_path}/*.hpp" "${test_path}/*.h")
+        ocv_source_group("Src" DIRBASE "${test_path}" FILES ${test_srcs})
+        ocv_source_group("Include" DIRBASE "${test_path}" FILES ${test_hdrs})
+        set(OPENCV_TEST_${the_module}_SOURCES ${test_srcs} ${test_hdrs})
+      endif()
+
+      if(NOT BUILD_opencv_world)
+        get_native_precompiled_header(${the_target} test_precomp.hpp)
+      endif()
+
+      ocv_add_executable(${the_target} ${OPENCV_TEST_${the_module}_SOURCES} ${${the_target}_pch})
+      ocv_target_include_modules(${the_target} ${test_deps} "${test_path}")
+      ocv_target_link_libraries(${the_target} ${test_deps} ${OPENCV_MODULE_${the_module}_DEPS} ${OPENCV_LINKER_LIBS})
+      add_dependencies(opencv_tests ${the_target})
+
+      # Additional target properties
+      set_target_properties(${the_target} PROPERTIES
+        DEBUG_POSTFIX "${OPENCV_DEBUG_POSTFIX}"
+        RUNTIME_OUTPUT_DIRECTORY "${EXECUTABLE_OUTPUT_PATH}"
+      )
+
+      if(ENABLE_SOLUTION_FOLDERS)
+        set_target_properties(${the_target} PROPERTIES FOLDER "tests accuracy")
+      endif()
+
+      enable_testing()
+      get_target_property(LOC ${the_target} LOCATION)
+      add_test(${the_target} "${LOC}")
+
+      if(NOT BUILD_opencv_world)
+        _ocv_add_precompiled_headers(${the_target})
+      endif()
+    else(OCV_DEPENDENCIES_FOUND)
+      # TODO: warn about unsatisfied dependencies
+    endif(OCV_DEPENDENCIES_FOUND)
+
+    if(INSTALL_TESTS)
+      install(TARGETS ${the_target} RUNTIME DESTINATION ${OPENCV_TEST_INSTALL_PATH} COMPONENT tests)
+    endif()
+  endif()
+endfunction()
+
+function(ocv_add_samples)
+  ocv_debug_message("ocv_add_samples(" ${ARGN} ")")
+
+  set(samples_path "${CMAKE_CURRENT_SOURCE_DIR}/samples")
+  string(REGEX REPLACE "^opencv_" "" module_id ${the_module})
+
+  if(BUILD_EXAMPLES AND EXISTS "${samples_path}")
+    set(samples_deps ${the_module} ${OPENCV_MODULE_${the_module}_DEPS} opencv_imgcodecs opencv_videoio opencv_highgui ${ARGN})
+    ocv_check_dependencies(${samples_deps})
+
+    if(OCV_DEPENDENCIES_FOUND)
+      file(GLOB sample_sources "${samples_path}/*.cpp")
+
+      foreach(source ${sample_sources})
+        get_filename_component(name "${source}" NAME_WE)
+        set(the_target "example_${module_id}_${name}")
+
+        ocv_add_executable(${the_target} "${source}")
+        ocv_target_include_modules(${the_target} ${samples_deps})
+        ocv_target_link_libraries(${the_target} ${samples_deps})
+        set_target_properties(${the_target} PROPERTIES PROJECT_LABEL "(sample) ${name}")
+
+        if(ENABLE_SOLUTION_FOLDERS)
+          set_target_properties(${the_target} PROPERTIES
+            OUTPUT_NAME "${module_id}-example-${name}"
+            FOLDER "samples/${module_id}")
+        endif()
+
+        if(WIN32)
+          install(TARGETS ${the_target} RUNTIME DESTINATION "samples/${module_id}" COMPONENT samples)
+        endif()
+      endforeach()
+    endif()
+  endif()
+
+  if(INSTALL_C_EXAMPLES AND NOT WIN32 AND EXISTS "${samples_path}")
+  file(GLOB DEPLOY_FILES_AND_DIRS "${samples_path}/*")
+    foreach(ITEM ${DEPLOY_FILES_AND_DIRS})
+        IF( IS_DIRECTORY "${ITEM}" )
+            LIST( APPEND sample_dirs "${ITEM}" )
+        ELSE()
+            LIST( APPEND sample_files "${ITEM}" )
+        ENDIF()
+    endforeach()
+    install(FILES ${sample_files}
+            DESTINATION ${OPENCV_SAMPLES_SRC_INSTALL_PATH}/${module_id}
+            PERMISSIONS OWNER_READ GROUP_READ WORLD_READ COMPONENT samples)
+    install(DIRECTORY ${sample_dirs}
+            DESTINATION ${OPENCV_SAMPLES_SRC_INSTALL_PATH}/${module_id}
+            USE_SOURCE_PERMISSIONS COMPONENT samples)
+  endif()
+endfunction()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVPCHSupport.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVPCHSupport.cmake
new file mode 100644
index 000000000..e5fb90e6f
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVPCHSupport.cmake
@@ -0,0 +1,372 @@
+# taken from http://public.kitware.com/Bug/view.php?id=1260 and slightly adjusted
+
+# - Try to find precompiled headers support for GCC 3.4 and 4.x
+# Once done this will define:
+#
+# Variable:
+#   PCHSupport_FOUND
+#
+# Macro:
+#   ADD_PRECOMPILED_HEADER  _targetName _input  _dowarn
+#   ADD_PRECOMPILED_HEADER_TO_TARGET _targetName _input _pch_output_to_use _dowarn
+#   ADD_NATIVE_PRECOMPILED_HEADER _targetName _input _dowarn
+#   GET_NATIVE_PRECOMPILED_HEADER _targetName _input
+
+IF(CMAKE_COMPILER_IS_GNUCXX)
+
+    EXEC_PROGRAM(
+        ${CMAKE_CXX_COMPILER}
+        ARGS ${CMAKE_CXX_COMPILER_ARG1} -dumpversion
+        OUTPUT_VARIABLE gcc_compiler_version)
+    #MESSAGE("GCC Version: ${gcc_compiler_version}")
+    IF(gcc_compiler_version VERSION_GREATER "4.2.-1")
+        SET(PCHSupport_FOUND TRUE)
+    ENDIF()
+
+    SET(_PCH_include_prefix "-I")
+    SET(_PCH_isystem_prefix "-isystem")
+    SET(_PCH_define_prefix "-D")
+
+ELSEIF(CMAKE_GENERATOR MATCHES "^Visual.*$")
+    SET(PCHSupport_FOUND TRUE)
+    SET(_PCH_include_prefix "/I")
+    SET(_PCH_isystem_prefix "/I")
+    SET(_PCH_define_prefix "/D")
+ELSE()
+    SET(PCHSupport_FOUND FALSE)
+ENDIF()
+
+MACRO(_PCH_GET_COMPILE_FLAGS _out_compile_flags)
+
+    STRING(TOUPPER "CMAKE_CXX_FLAGS_${CMAKE_BUILD_TYPE}" _flags_var_name)
+    SET(${_out_compile_flags} ${${_flags_var_name}} )
+
+    IF(CMAKE_COMPILER_IS_GNUCXX)
+
+        GET_TARGET_PROPERTY(_targetType ${_PCH_current_target} TYPE)
+        IF(${_targetType} STREQUAL SHARED_LIBRARY AND NOT WIN32)
+            LIST(APPEND ${_out_compile_flags} "-fPIC")
+        ENDIF()
+
+        GET_TARGET_PROPERTY(_target_definitions ${_PCH_current_target} COMPILE_DEFINITIONS)
+        if(_target_definitions)
+          foreach(_def ${_target_definitions})
+            LIST(APPEND ${_out_compile_flags} "-D${_def}")
+          endforeach()
+        endif()
+
+    ELSE()
+        ## TODO ... ? or does it work out of the box
+    ENDIF()
+
+    GET_DIRECTORY_PROPERTY(DIRINC INCLUDE_DIRECTORIES )
+    FOREACH(item ${DIRINC})
+        if(item MATCHES "^${OpenCV_SOURCE_DIR}/modules/")
+          LIST(APPEND ${_out_compile_flags} "${_PCH_include_prefix}\"${item}\"")
+        else()
+          LIST(APPEND ${_out_compile_flags} "${_PCH_isystem_prefix}\"${item}\"")
+        endif()
+    ENDFOREACH(item)
+
+    get_target_property(DIRINC ${_PCH_current_target} INCLUDE_DIRECTORIES )
+    FOREACH(item ${DIRINC})
+        if(item MATCHES "^${OpenCV_SOURCE_DIR}/modules/")
+          LIST(APPEND ${_out_compile_flags} "${_PCH_include_prefix}\"${item}\"")
+        else()
+          LIST(APPEND ${_out_compile_flags} "${_PCH_isystem_prefix}\"${item}\"")
+        endif()
+    ENDFOREACH(item)
+
+    GET_DIRECTORY_PROPERTY(_directory_flags DEFINITIONS)
+    GET_DIRECTORY_PROPERTY(_global_definitions DIRECTORY ${OpenCV_SOURCE_DIR} DEFINITIONS)
+    #MESSAGE("_directory_flags ${_directory_flags} ${_global_definitions}" )
+    LIST(APPEND ${_out_compile_flags} ${_directory_flags})
+    LIST(APPEND ${_out_compile_flags} ${_global_definitions})
+    LIST(APPEND ${_out_compile_flags} ${CMAKE_CXX_FLAGS})
+
+    SEPARATE_ARGUMENTS(${_out_compile_flags})
+
+ENDMACRO(_PCH_GET_COMPILE_FLAGS)
+
+
+MACRO(_PCH_WRITE_PCHDEP_CXX _targetName _include_file _dephelp)
+
+    SET(${_dephelp} ${CMAKE_CURRENT_BINARY_DIR}/${_targetName}_pch_dephelp.cxx)
+    IF(CMAKE_HOST_WIN32)
+        ADD_CUSTOM_COMMAND(
+          OUTPUT "${${_dephelp}}"
+          COMMAND ${CMAKE_COMMAND} -E echo "#include \\\"${_include_file}\\\"" >  "${${_dephelp}}"
+          COMMAND ${CMAKE_COMMAND} -E echo "int testfunction();"               >> "${${_dephelp}}"
+          COMMAND ${CMAKE_COMMAND} -E echo "int testfunction()"                >> "${${_dephelp}}"
+          COMMAND ${CMAKE_COMMAND} -E echo "{"                                 >> "${${_dephelp}}"
+          COMMAND ${CMAKE_COMMAND} -E echo "    return 0;"                     >> "${${_dephelp}}"
+          COMMAND ${CMAKE_COMMAND} -E echo "}"                                 >> "${${_dephelp}}"
+          DEPENDS "${_include_file}"
+          )
+    else()
+        ADD_CUSTOM_COMMAND(
+          OUTPUT "${${_dephelp}}"
+          COMMAND ${CMAKE_COMMAND} -E echo "\\#include \\\"${_include_file}\\\"" >  "${${_dephelp}}"
+          COMMAND ${CMAKE_COMMAND} -E echo "int testfunction\\(\\)\\;"         >> "${${_dephelp}}"
+          COMMAND ${CMAKE_COMMAND} -E echo "int testfunction\\(\\)"            >> "${${_dephelp}}"
+          COMMAND ${CMAKE_COMMAND} -E echo "{"                                 >> "${${_dephelp}}"
+          COMMAND ${CMAKE_COMMAND} -E echo "    \\return 0\\;"                 >> "${${_dephelp}}"
+          COMMAND ${CMAKE_COMMAND} -E echo "}"                                 >> "${${_dephelp}}"
+          DEPENDS "${_include_file}"
+          )
+    endif()
+
+ENDMACRO(_PCH_WRITE_PCHDEP_CXX )
+
+MACRO(_PCH_GET_COMPILE_COMMAND out_command _input _output)
+
+    FILE(TO_NATIVE_PATH ${_input} _native_input)
+    FILE(TO_NATIVE_PATH ${_output} _native_output)
+
+    IF(CMAKE_COMPILER_IS_GNUCXX)
+        IF(CMAKE_CXX_COMPILER_ARG1)
+            # remove leading space in compiler argument
+            STRING(REGEX REPLACE "^ +" "" pchsupport_compiler_cxx_arg1 ${CMAKE_CXX_COMPILER_ARG1})
+
+            SET(${out_command}
+              ${CMAKE_CXX_COMPILER} ${pchsupport_compiler_cxx_arg1} ${_compile_FLAGS} -x c++-header -o ${_output} ${_input}
+              )
+        ELSE(CMAKE_CXX_COMPILER_ARG1)
+            SET(${out_command}
+              ${CMAKE_CXX_COMPILER}  ${_compile_FLAGS} -x c++-header -o ${_output} ${_input}
+              )
+        ENDIF(CMAKE_CXX_COMPILER_ARG1)
+    ELSE(CMAKE_COMPILER_IS_GNUCXX)
+
+        SET(_dummy_str "#include <${_input}>")
+        FILE(WRITE ${CMAKE_CURRENT_BINARY_DIR}/pch_dummy.cpp ${_dummy_str})
+
+        SET(${out_command}
+          ${CMAKE_CXX_COMPILER} ${_compile_FLAGS} /c /Fp${_native_output} /Yc${_native_input} pch_dummy.cpp
+          )
+        #/out:${_output}
+
+    ENDIF(CMAKE_COMPILER_IS_GNUCXX)
+
+ENDMACRO(_PCH_GET_COMPILE_COMMAND )
+
+
+MACRO(_PCH_GET_TARGET_COMPILE_FLAGS _cflags  _header_name _pch_path _dowarn )
+
+    FILE(TO_NATIVE_PATH ${_pch_path} _native_pch_path)
+
+    IF(CMAKE_COMPILER_IS_GNUCXX)
+        # for use with distcc and gcc >4.0.1 if preprocessed files are accessible
+        # on all remote machines set
+        # PCH_ADDITIONAL_COMPILER_FLAGS to -fpch-preprocess
+        # if you want warnings for invalid header files (which is very inconvenient
+        # if you have different versions of the headers for different build types
+        # you may set _pch_dowarn
+        IF (_dowarn)
+            SET(${_cflags} "${PCH_ADDITIONAL_COMPILER_FLAGS} -include \"${CMAKE_CURRENT_BINARY_DIR}/${_header_name}\" -Winvalid-pch " )
+        ELSE (_dowarn)
+            SET(${_cflags} "${PCH_ADDITIONAL_COMPILER_FLAGS} -include \"${CMAKE_CURRENT_BINARY_DIR}/${_header_name}\" " )
+        ENDIF (_dowarn)
+
+    ELSE(CMAKE_COMPILER_IS_GNUCXX)
+
+        set(${_cflags} "/Fp${_native_pch_path} /Yu${_header_name}" )
+
+    ENDIF(CMAKE_COMPILER_IS_GNUCXX)
+
+ENDMACRO(_PCH_GET_TARGET_COMPILE_FLAGS )
+
+
+MACRO(GET_PRECOMPILED_HEADER_OUTPUT _targetName _input _output)
+
+    GET_FILENAME_COMPONENT(_name ${_input} NAME)
+    GET_FILENAME_COMPONENT(_path ${_input} PATH)
+    SET(${_output} "${CMAKE_CURRENT_BINARY_DIR}/${_name}.gch/${_targetName}_${CMAKE_BUILD_TYPE}.gch")
+
+ENDMACRO(GET_PRECOMPILED_HEADER_OUTPUT _targetName _input)
+
+
+MACRO(ADD_PRECOMPILED_HEADER_TO_TARGET _targetName _input _pch_output_to_use )
+
+    # to do: test whether compiler flags match between target  _targetName
+    # and _pch_output_to_use
+    GET_FILENAME_COMPONENT(_name ${_input} NAME)
+
+    IF(ARGN STREQUAL "0")
+        SET(_dowarn 0)
+    ELSE()
+        SET(_dowarn 1)
+    ENDIF()
+
+    _PCH_GET_TARGET_COMPILE_FLAGS(_target_cflags ${_name} ${_pch_output_to_use} ${_dowarn})
+    #MESSAGE("Add flags ${_target_cflags} to ${_targetName} " )
+
+    GET_TARGET_PROPERTY(_sources ${_targetName} SOURCES)
+    FOREACH(src ${_sources})
+      if(NOT "${src}" MATCHES "\\.mm$")
+        get_source_file_property(_flags "${src}" COMPILE_FLAGS)
+        if(_flags)
+          set(_flags "${_flags} ${_target_cflags}")
+        else()
+          set(_flags "${_target_cflags}")
+        endif()
+
+        set_source_files_properties("${src}" PROPERTIES COMPILE_FLAGS "${_flags}")
+      endif()
+    ENDFOREACH()
+
+    ADD_CUSTOM_TARGET(pch_Generate_${_targetName}
+      DEPENDS ${_pch_output_to_use}
+      )
+
+    ADD_DEPENDENCIES(${_targetName} pch_Generate_${_targetName} )
+
+ENDMACRO(ADD_PRECOMPILED_HEADER_TO_TARGET)
+
+MACRO(ADD_PRECOMPILED_HEADER _targetName _input)
+
+    SET(_PCH_current_target ${_targetName})
+
+    IF(NOT CMAKE_BUILD_TYPE)
+        MESSAGE(FATAL_ERROR
+          "This is the ADD_PRECOMPILED_HEADER macro. "
+          "You must set CMAKE_BUILD_TYPE!"
+          )
+    ENDIF()
+
+    IF(ARGN STREQUAL "0")
+        SET(_dowarn 0)
+    ELSE()
+        SET(_dowarn 1)
+    ENDIF()
+
+    GET_FILENAME_COMPONENT(_name ${_input} NAME)
+    GET_FILENAME_COMPONENT(_path ${_input} PATH)
+    GET_PRECOMPILED_HEADER_OUTPUT( ${_targetName} ${_input} _output)
+
+    _PCH_WRITE_PCHDEP_CXX(${_targetName} "${_input}" _pch_dephelp_cxx)
+
+    ADD_LIBRARY(${_targetName}_pch_dephelp STATIC "${_pch_dephelp_cxx}" "${_input}" )
+
+    set_target_properties(${_targetName}_pch_dephelp PROPERTIES
+      DEBUG_POSTFIX "${OPENCV_DEBUG_POSTFIX}"
+      ARCHIVE_OUTPUT_DIRECTORY "${LIBRARY_OUTPUT_PATH}"
+      )
+
+    _PCH_GET_COMPILE_FLAGS(_compile_FLAGS)
+
+    get_target_property(type ${_targetName} TYPE)
+    if(type STREQUAL "SHARED_LIBRARY")
+        get_target_property(__DEFINES ${_targetName} DEFINE_SYMBOL)
+        if(NOT __DEFINES MATCHES __DEFINES-NOTFOUND)
+            list(APPEND _compile_FLAGS "${_PCH_define_prefix}${__DEFINES}")
+        endif()
+    endif()
+
+    get_target_property(DIRINC ${_targetName} INCLUDE_DIRECTORIES)
+    set_target_properties(${_targetName}_pch_dephelp PROPERTIES INCLUDE_DIRECTORIES "${DIRINC}")
+
+    #MESSAGE("_compile_FLAGS: ${_compile_FLAGS}")
+    #message("COMMAND ${CMAKE_CXX_COMPILER}	${_compile_FLAGS} -x c++-header -o ${_output} ${_input}")
+
+    ADD_CUSTOM_COMMAND(
+      OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/${_name}"
+      COMMAND ${CMAKE_COMMAND} -E copy  "${_input}" "${CMAKE_CURRENT_BINARY_DIR}/${_name}" # ensure same directory! Required by gcc
+      DEPENDS "${_input}"
+      )
+
+    #message("_command  ${_input} ${_output}")
+    _PCH_GET_COMPILE_COMMAND(_command  ${CMAKE_CURRENT_BINARY_DIR}/${_name} ${_output} )
+
+    GET_FILENAME_COMPONENT(_outdir ${_output} PATH)
+    ADD_CUSTOM_COMMAND(
+      OUTPUT "${_output}"
+      COMMAND ${CMAKE_COMMAND} -E make_directory "${_outdir}"
+      COMMAND ${_command}
+      DEPENDS "${_input}"
+      DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/${_name}"
+      DEPENDS ${_targetName}_pch_dephelp
+      )
+
+    ADD_PRECOMPILED_HEADER_TO_TARGET(${_targetName} ${_input}  ${_output} ${_dowarn})
+
+ENDMACRO(ADD_PRECOMPILED_HEADER)
+
+
+# Generates the use of precompiled in a target,
+# without using depency targets (2 extra for each target)
+# Using Visual, must also add ${_targetName}_pch to sources
+# Not needed by Xcode
+
+MACRO(GET_NATIVE_PRECOMPILED_HEADER _targetName _input)
+
+    if(CMAKE_GENERATOR MATCHES "^Visual.*$")
+        set(_dummy_str "#include \"${_input}\"\n")
+
+        set(${_targetName}_pch ${CMAKE_CURRENT_BINARY_DIR}/${_targetName}_pch.cpp)
+        if(EXISTS ${${_targetName}_pch})
+            # Check if contents is the same, if not rewrite
+            # todo
+        else()
+            FILE(WRITE ${${_targetName}_pch} ${_dummy_str})
+        endif()
+    endif()
+
+ENDMACRO(GET_NATIVE_PRECOMPILED_HEADER)
+
+
+MACRO(ADD_NATIVE_PRECOMPILED_HEADER _targetName _input)
+
+    IF(ARGN STREQUAL "0")
+        SET(_dowarn 0)
+    ELSE()
+        SET(_dowarn 1)
+    ENDIF()
+
+    if(CMAKE_GENERATOR MATCHES "^Visual.*$")
+
+        # Auto include the precompile (useful for moc processing, since the use of
+        # precompiled is specified at the target level
+        # and I don't want to specifiy /F- for each moc/res/ui generated files (using Qt)
+
+        GET_TARGET_PROPERTY(oldProps ${_targetName} COMPILE_FLAGS)
+        if (oldProps MATCHES NOTFOUND)
+            SET(oldProps "")
+        endif()
+
+        SET(newProperties "${oldProps} /Yu\"${_input}\" /FI\"${_input}\"")
+        SET_TARGET_PROPERTIES(${_targetName} PROPERTIES COMPILE_FLAGS "${newProperties}")
+
+        #also inlude ${oldProps} to have the same compile options
+        SET_SOURCE_FILES_PROPERTIES(${${_targetName}_pch} PROPERTIES COMPILE_FLAGS "${oldProps} /Yc\"${_input}\"")
+
+    elseif (CMAKE_GENERATOR MATCHES Xcode)
+
+        # For Xcode, cmake needs my patch to process
+        # GCC_PREFIX_HEADER and GCC_PRECOMPILE_PREFIX_HEADER as target properties
+
+        # When buiding out of the tree, precompiled may not be located
+        # Use full path instead.
+        GET_FILENAME_COMPONENT(fullPath ${_input} ABSOLUTE)
+
+        SET_TARGET_PROPERTIES(${_targetName} PROPERTIES XCODE_ATTRIBUTE_GCC_PREFIX_HEADER "${fullPath}")
+        SET_TARGET_PROPERTIES(${_targetName} PROPERTIES XCODE_ATTRIBUTE_GCC_PRECOMPILE_PREFIX_HEADER "YES")
+
+    else()
+
+        #Fallback to the "old" precompiled suppport
+        #ADD_PRECOMPILED_HEADER(${_targetName} ${_input} ${_dowarn})
+
+    endif()
+
+ENDMACRO(ADD_NATIVE_PRECOMPILED_HEADER)
+
+macro(ocv_add_precompiled_header_to_target the_target pch_header)
+  if(PCHSupport_FOUND AND ENABLE_PRECOMPILED_HEADERS AND EXISTS "${pch_header}")
+    if(CMAKE_GENERATOR MATCHES "^Visual" OR CMAKE_GENERATOR MATCHES Xcode)
+      add_native_precompiled_header(${the_target} ${pch_header})
+    elseif(CMAKE_COMPILER_IS_GNUCXX AND CMAKE_GENERATOR MATCHES "Makefiles|Ninja")
+      add_precompiled_header(${the_target} ${pch_header})
+    endif()
+  endif()
+endmacro()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVPackaging.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVPackaging.cmake
new file mode 100644
index 000000000..59d602c5d
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVPackaging.cmake
@@ -0,0 +1,124 @@
+if(EXISTS "${CMAKE_ROOT}/Modules/CPack.cmake")
+set(CPACK_set_DESTDIR "on")
+
+if(NOT OPENCV_CUSTOM_PACKAGE_INFO)
+  set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "Open Computer Vision Library")
+  set(CPACK_PACKAGE_DESCRIPTION
+"OpenCV (Open Source Computer Vision Library) is an open source computer vision
+and machine learning software library. OpenCV was built to provide a common
+infrastructure for computer vision applications and to accelerate the use of
+machine perception in the commercial products. Being a BSD-licensed product,
+OpenCV makes it easy for businesses to utilize and modify the code.")
+  set(CPACK_PACKAGE_VENDOR "OpenCV Foundation")
+  set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/LICENSE")
+  set(CPACK_PACKAGE_CONTACT "admin@opencv.org")
+  set(CPACK_PACKAGE_VERSION_MAJOR "${OPENCV_VERSION_MAJOR}")
+  set(CPACK_PACKAGE_VERSION_MINOR "${OPENCV_VERSION_MINOR}")
+  set(CPACK_PACKAGE_VERSION_PATCH "${OPENCV_VERSION_PATCH}")
+  set(CPACK_PACKAGE_VERSION "${OPENCV_VCSVERSION}")
+endif(NOT OPENCV_CUSTOM_PACKAGE_INFO)
+
+#arch
+if(X86)
+  set(CPACK_DEBIAN_ARCHITECTURE "i386")
+  set(CPACK_RPM_PACKAGE_ARCHITECTURE "i686")
+elseif(X86_64)
+  set(CPACK_DEBIAN_ARCHITECTURE "amd64")
+  set(CPACK_RPM_PACKAGE_ARCHITECTURE "x86_64")
+elseif(ARM)
+  set(CPACK_DEBIAN_ARCHITECTURE "armhf")
+  set(CPACK_RPM_PACKAGE_ARCHITECTURE "armhf")
+else()
+  set(CPACK_DEBIAN_ARCHITECTURE ${CMAKE_SYSTEM_PROCESSOR})
+  set(CPACK_RPM_PACKAGE_ARCHITECTURE ${CMAKE_SYSTEM_PROCESSOR})
+endif()
+
+if(CPACK_GENERATOR STREQUAL "DEB")
+  set(OPENCV_PACKAGE_ARCH_SUFFIX ${CPACK_DEBIAN_ARCHITECTURE})
+elseif(CPACK_GENERATOR STREQUAL "RPM")
+  set(OPENCV_PACKAGE_ARCH_SUFFIX ${CPACK_RPM_PACKAGE_ARCHITECTURE})
+else()
+  set(OPENCV_PACKAGE_ARCH_SUFFIX ${CMAKE_SYSTEM_PROCESSOR})
+endif()
+
+set(CPACK_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME}-${OPENCV_VCSVERSION}-${OPENCV_PACKAGE_ARCH_SUFFIX}")
+set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME}-${OPENCV_VCSVERSION}-${OPENCV_PACKAGE_ARCH_SUFFIX}")
+
+#rpm options
+set(CPACK_RPM_COMPONENT_INSTALL TRUE)
+set(CPACK_RPM_PACKAGE_SUMMARY ${CPACK_PACKAGE_DESCRIPTION_SUMMARY})
+set(CPACK_RPM_PACKAGE_DESCRIPTION ${CPACK_PACKAGE_DESCRIPTION})
+set(CPACK_RPM_PACKAGE_URL "http://opencv.org")
+set(CPACK_RPM_PACKAGE_LICENSE "BSD")
+
+#deb options
+set(CPACK_DEB_COMPONENT_INSTALL TRUE)
+set(CPACK_DEBIAN_PACKAGE_PRIORITY "optional")
+set(CPACK_DEBIAN_PACKAGE_SECTION "libs")
+set(CPACK_DEBIAN_PACKAGE_HOMEPAGE "http://opencv.org")
+
+#display names
+set(CPACK_COMPONENT_DEV_DISPLAY_NAME     "Development files")
+set(CPACK_COMPONENT_DOCS_DISPLAY_NAME    "Documentation")
+set(CPACK_COMPONENT_JAVA_DISPLAY_NAME    "Java bindings")
+set(CPACK_COMPONENT_LIBS_DISPLAY_NAME    "Libraries and data")
+set(CPACK_COMPONENT_PYTHON_DISPLAY_NAME  "Python bindings")
+set(CPACK_COMPONENT_SAMPLES_DISPLAY_NAME "Samples")
+set(CPACK_COMPONENT_TESTS_DISPLAY_NAME   "Tests")
+
+#depencencies
+set(CPACK_DEBIAN_PACKAGE_SHLIBDEPS TRUE)
+set(CPACK_COMPONENT_LIBS_REQUIRED TRUE)
+set(CPACK_COMPONENT_SAMPLES_DEPENDS libs)
+set(CPACK_COMPONENT_DEV_DEPENDS libs)
+set(CPACK_COMPONENT_DOCS_DEPENDS libs)
+set(CPACK_COMPONENT_JAVA_DEPENDS libs)
+set(CPACK_COMPONENT_PYTHON_DEPENDS libs)
+set(CPACK_COMPONENT_TESTS_DEPENDS libs)
+
+if(HAVE_CUDA)
+  string(REPLACE "." "-" cuda_version_suffix ${CUDA_VERSION})
+  if(${CUDA_VERSION} VERSION_LESS "6.5")
+    set(CPACK_DEB_libs_PACKAGE_DEPENDS "cuda-core-libs-${cuda_version_suffix}, cuda-extra-libs-${cuda_version_suffix}")
+    set(CPACK_DEB_dev_PACKAGE_DEPENDS "cuda-headers-${cuda_version_suffix}")
+  else()
+    set(CPACK_DEB_libs_PACKAGE_DEPENDS "cuda-cudart-${cuda_version_suffix}, cuda-npp-${cuda_version_suffix}")
+    set(CPACK_DEB_dev_PACKAGE_DEPENDS "cuda-cudart-dev-${cuda_version_suffix}, cuda-npp-dev-${cuda_version_suffix}")
+    if(HAVE_CUFFT)
+      set(CPACK_DEB_libs_PACKAGE_DEPENDS "${CPACK_DEB_libs_PACKAGE_DEPENDS}, cuda-cufft-${cuda_version_suffix}")
+      set(CPACK_DEB_dev_PACKAGE_DEPENDS "${CPACK_DEB_dev_PACKAGE_DEPENDS}, cuda-cufft-dev-${cuda_version_suffix}")
+    endif()
+    if(HAVE_HAVE_CUBLAS)
+      set(CPACK_DEB_libs_PACKAGE_DEPENDS "${CPACK_DEB_libs_PACKAGE_DEPENDS}, cuda-cublas-${cuda_version_suffix}")
+      set(CPACK_DEB_dev_PACKAGE_DEPENDS "${CPACK_DEB_dev_PACKAGE_DEPENDS}, cuda-cublas-dev-${cuda_version_suffix}")
+    endif()
+  endif()
+  set(CPACK_COMPONENT_dev_DEPENDS libs)
+endif()
+
+if(NOT OPENCV_CUSTOM_PACKAGE_INFO)
+  set(CPACK_COMPONENT_LIBS_DESCRIPTION "Open Computer Vision Library")
+  set(CPACK_DEBIAN_COMPONENT_LIBS_NAME "lib${CMAKE_PROJECT_NAME}")
+
+  set(CPACK_COMPONENT_PYTHON_DESCRIPTION "Python bindings for Open Source Computer Vision Library")
+  set(CPACK_DEBIAN_COMPONENT_PYTHON_NAME "lib${CMAKE_PROJECT_NAME}-python")
+
+  set(CPACK_COMPONENT_JAVA_DESCRIPTION "Java bindings for Open Source Computer Vision Library")
+  set(CPACK_DEBIAN_COMPONENT_JAVA_NAME "lib${CMAKE_PROJECT_NAME}-java")
+
+  set(CPACK_COMPONENT_DEV_DESCRIPTION "Development files for Open Source Computer Vision Library")
+  set(CPACK_DEBIAN_COMPONENT_DEV_NAME "lib${CMAKE_PROJECT_NAME}-dev")
+
+  set(CPACK_COMPONENT_DOCS_DESCRIPTION "Documentation for Open Source Computer Vision Library")
+  set(CPACK_DEBIAN_COMPONENT_DOCS_NAME "lib${CMAKE_PROJECT_NAME}-docs")
+
+  set(CPACK_COMPONENT_SAMPLES_DESCRIPTION "Samples for Open Source Computer Vision Library")
+  set(CPACK_DEBIAN_COMPONENT_SAMPLES_NAME "lib${CMAKE_PROJECT_NAME}-samples")
+
+  set(CPACK_COMPONENT_TESTS_DESCRIPTION "Accuracy and performance tests for Open Source Computer Vision Library")
+  set(CPACK_DEBIAN_COMPONENT_TESTS_NAME "lib${CMAKE_PROJECT_NAME}-tests")
+endif(NOT OPENCV_CUSTOM_PACKAGE_INFO)
+
+include(CPack)
+
+ENDif(EXISTS "${CMAKE_ROOT}/Modules/CPack.cmake")
\ No newline at end of file
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVUtils.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVUtils.cmake
new file mode 100644
index 000000000..3e2ea8a7a
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVUtils.cmake
@@ -0,0 +1,834 @@
+# Debugging function
+function(ocv_cmake_dump_vars)
+  cmake_parse_arguments(DUMP "" "TOFILE" "" ${ARGN})
+  set(regex "${DUMP_UNPARSED_ARGUMENTS}")
+  get_cmake_property(_variableNames VARIABLES)
+  set(VARS "")
+  foreach(_variableName ${_variableNames})
+    if(_variableName MATCHES "${regex}")
+      set(VARS "${VARS}${_variableName}=${${_variableName}}\n")
+    endif()
+  endforeach()
+  if(DUMP_TOFILE)
+    file(WRITE ${CMAKE_BINARY_DIR}/${DUMP_TOFILE} "${VARS}")
+  else()
+    message(AUTHOR_WARNING "${VARS}")
+  endif()
+endfunction()
+
+
+# Search packages for host system instead of packages for target system
+# in case of cross compilation thess macro should be defined by toolchain file
+if(NOT COMMAND find_host_package)
+  macro(find_host_package)
+    find_package(${ARGN})
+  endmacro()
+endif()
+if(NOT COMMAND find_host_program)
+  macro(find_host_program)
+    find_program(${ARGN})
+  endmacro()
+endif()
+
+# assert macro
+# Note: it doesn't support lists in arguments
+# Usage samples:
+#   ocv_assert(MyLib_FOUND)
+#   ocv_assert(DEFINED MyLib_INCLUDE_DIRS)
+macro(ocv_assert)
+  if(NOT (${ARGN}))
+    string(REPLACE ";" " " __assert_msg "${ARGN}")
+    message(AUTHOR_WARNING "Assertion failed: ${__assert_msg}")
+  endif()
+endmacro()
+
+macro(ocv_debug_message)
+#  string(REPLACE ";" " " __msg "${ARGN}")
+#  message(STATUS "${__msg}")
+endmacro()
+
+macro(ocv_check_environment_variables)
+  foreach(_var ${ARGN})
+    if(NOT DEFINED ${_var} AND DEFINED ENV{${_var}})
+      set(__value "$ENV{${_var}}")
+      file(TO_CMAKE_PATH "${__value}" __value) # Assume that we receive paths
+      set(${_var} "${__value}")
+      message(STATUS "Update variable ${_var} from environment: ${${_var}}")
+    endif()
+  endforeach()
+endmacro()
+
+# rename modules target to world if needed
+macro(_ocv_fix_target target_var)
+  if(BUILD_opencv_world)
+    if(OPENCV_MODULE_${${target_var}}_IS_PART_OF_WORLD)
+      set(${target_var} opencv_world)
+    endif()
+  endif()
+endmacro()
+
+# adds include directories in such way that directories from the OpenCV source tree go first
+function(ocv_include_directories)
+  ocv_debug_message("ocv_include_directories( ${ARGN} )")
+  set(__add_before "")
+  foreach(dir ${ARGN})
+    get_filename_component(__abs_dir "${dir}" ABSOLUTE)
+    if("${__abs_dir}" MATCHES "^${OpenCV_SOURCE_DIR}" OR "${__abs_dir}" MATCHES "^${OpenCV_BINARY_DIR}")
+      list(APPEND __add_before "${dir}")
+    else()
+      include_directories(AFTER SYSTEM "${dir}")
+    endif()
+  endforeach()
+  include_directories(BEFORE ${__add_before})
+endfunction()
+
+# adds include directories in such way that directories from the OpenCV source tree go first
+function(ocv_target_include_directories target)
+  _ocv_fix_target(target)
+  set(__params "")
+  foreach(dir ${ARGN})
+    get_filename_component(__abs_dir "${dir}" ABSOLUTE)
+    if("${__abs_dir}" MATCHES "^${OpenCV_SOURCE_DIR}" OR "${__abs_dir}" MATCHES "^${OpenCV_BINARY_DIR}")
+      list(APPEND __params "${__abs_dir}")
+    else()
+      list(APPEND __params "${dir}")
+    endif()
+  endforeach()
+  if(HAVE_CUDA OR CMAKE_VERSION VERSION_LESS 2.8.11)
+    include_directories(${__params})
+  else()
+    if(TARGET ${target})
+      target_include_directories(${target} PRIVATE ${__params})
+    else()
+      set(__new_inc "${OCV_TARGET_INCLUDE_DIRS_${target}};${__params}")
+      set(OCV_TARGET_INCLUDE_DIRS_${target} "${__new_inc}" CACHE INTERNAL "")
+    endif()
+  endif()
+endfunction()
+
+# clears all passed variables
+macro(ocv_clear_vars)
+  foreach(_var ${ARGN})
+    unset(${_var} CACHE)
+  endforeach()
+endmacro()
+
+set(OCV_COMPILER_FAIL_REGEX
+    "command line option .* is valid for .* but not for C\\+\\+" # GNU
+    "command line option .* is valid for .* but not for C" # GNU
+    "unrecognized .*option"                     # GNU
+    "unknown .*option"                          # Clang
+    "ignoring unknown option"                   # MSVC
+    "warning D9002"                             # MSVC, any lang
+    "option .*not supported"                    # Intel
+    "[Uu]nknown option"                         # HP
+    "[Ww]arning: [Oo]ption"                     # SunPro
+    "command option .* is not recognized"       # XL
+    "not supported in this configuration; ignored"       # AIX
+    "File with unknown suffix passed to linker" # PGI
+    "WARNING: unknown flag:"                    # Open64
+  )
+
+MACRO(ocv_check_compiler_flag LANG FLAG RESULT)
+  if(NOT DEFINED ${RESULT})
+    if("_${LANG}_" MATCHES "_CXX_")
+      set(_fname "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.cxx")
+      if("${CMAKE_CXX_FLAGS} ${FLAG} " MATCHES "-Werror " OR "${CMAKE_CXX_FLAGS} ${FLAG} " MATCHES "-Werror=unknown-pragmas ")
+        FILE(WRITE "${_fname}" "int main() { return 0; }\n")
+      else()
+        FILE(WRITE "${_fname}" "#pragma\nint main() { return 0; }\n")
+      endif()
+    elseif("_${LANG}_" MATCHES "_C_")
+      set(_fname "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c")
+      if("${CMAKE_C_FLAGS} ${FLAG} " MATCHES "-Werror " OR "${CMAKE_C_FLAGS} ${FLAG} " MATCHES "-Werror=unknown-pragmas ")
+        FILE(WRITE "${_fname}" "int main(void) { return 0; }\n")
+      else()
+        FILE(WRITE "${_fname}" "#pragma\nint main(void) { return 0; }\n")
+      endif()
+    elseif("_${LANG}_" MATCHES "_OBJCXX_")
+      set(_fname "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.mm")
+      if("${CMAKE_CXX_FLAGS} ${FLAG} " MATCHES "-Werror " OR "${CMAKE_CXX_FLAGS} ${FLAG} " MATCHES "-Werror=unknown-pragmas ")
+        FILE(WRITE "${_fname}" "int main() { return 0; }\n")
+      else()
+        FILE(WRITE "${_fname}" "#pragma\nint main() { return 0; }\n")
+      endif()
+    else()
+      unset(_fname)
+    endif()
+    if(_fname)
+      MESSAGE(STATUS "Performing Test ${RESULT}")
+      TRY_COMPILE(${RESULT}
+        "${CMAKE_BINARY_DIR}"
+        "${_fname}"
+        COMPILE_DEFINITIONS "${FLAG}"
+        OUTPUT_VARIABLE OUTPUT)
+
+      FOREACH(_regex ${OCV_COMPILER_FAIL_REGEX})
+        IF("${OUTPUT}" MATCHES "${_regex}")
+          SET(${RESULT} 0)
+          break()
+        ENDIF()
+      ENDFOREACH()
+
+      IF(${RESULT})
+        SET(${RESULT} 1 CACHE INTERNAL "Test ${RESULT}")
+        MESSAGE(STATUS "Performing Test ${RESULT} - Success")
+      ELSE(${RESULT})
+        MESSAGE(STATUS "Performing Test ${RESULT} - Failed")
+        SET(${RESULT} "" CACHE INTERNAL "Test ${RESULT}")
+      ENDIF(${RESULT})
+    else()
+      SET(${RESULT} 0)
+    endif()
+  endif()
+ENDMACRO()
+
+macro(ocv_check_flag_support lang flag varname)
+  if("_${lang}_" MATCHES "_CXX_")
+    set(_lang CXX)
+  elseif("_${lang}_" MATCHES "_C_")
+    set(_lang C)
+  elseif("_${lang}_" MATCHES "_OBJCXX_")
+    set(_lang OBJCXX)
+  else()
+    set(_lang ${lang})
+  endif()
+
+  string(TOUPPER "${flag}" ${varname})
+  string(REGEX REPLACE "^(/|-)" "HAVE_${_lang}_" ${varname} "${${varname}}")
+  string(REGEX REPLACE " -|-|=| |\\." "_" ${varname} "${${varname}}")
+
+  ocv_check_compiler_flag("${_lang}" "${ARGN} ${flag}" ${${varname}})
+endmacro()
+
+# turns off warnings
+macro(ocv_warnings_disable)
+  if(NOT ENABLE_NOISY_WARNINGS)
+    set(_flag_vars "")
+    set(_msvc_warnings "")
+    set(_gxx_warnings "")
+    foreach(arg ${ARGN})
+      if(arg MATCHES "^CMAKE_")
+        list(APPEND _flag_vars ${arg})
+      elseif(arg MATCHES "^/wd")
+        list(APPEND _msvc_warnings ${arg})
+      elseif(arg MATCHES "^-W")
+        list(APPEND _gxx_warnings ${arg})
+      endif()
+    endforeach()
+    if(MSVC AND _msvc_warnings AND _flag_vars)
+      foreach(var ${_flag_vars})
+        foreach(warning ${_msvc_warnings})
+          set(${var} "${${var}} ${warning}")
+        endforeach()
+      endforeach()
+    elseif((CMAKE_COMPILER_IS_GNUCXX OR (UNIX AND CV_ICC)) AND _gxx_warnings AND _flag_vars)
+      foreach(var ${_flag_vars})
+        foreach(warning ${_gxx_warnings})
+          if(NOT warning MATCHES "^-Wno-")
+            string(REPLACE "${warning}" "" ${var} "${${var}}")
+            string(REPLACE "-W" "-Wno-" warning "${warning}")
+          endif()
+          ocv_check_flag_support(${var} "${warning}" _varname)
+          if(${_varname})
+            set(${var} "${${var}} ${warning}")
+          endif()
+        endforeach()
+      endforeach()
+    endif()
+    unset(_flag_vars)
+    unset(_msvc_warnings)
+    unset(_gxx_warnings)
+  endif(NOT ENABLE_NOISY_WARNINGS)
+endmacro()
+
+macro(add_apple_compiler_options the_module)
+  ocv_check_flag_support(OBJCXX "-fobjc-exceptions" HAVE_OBJC_EXCEPTIONS)
+  if(HAVE_OBJC_EXCEPTIONS)
+    foreach(source ${OPENCV_MODULE_${the_module}_SOURCES})
+      if("${source}" MATCHES "\\.mm$")
+        get_source_file_property(flags "${source}" COMPILE_FLAGS)
+        if(flags)
+          set(flags "${_flags} -fobjc-exceptions")
+        else()
+          set(flags "-fobjc-exceptions")
+        endif()
+
+        set_source_files_properties("${source}" PROPERTIES COMPILE_FLAGS "${flags}")
+      endif()
+    endforeach()
+  endif()
+endmacro()
+
+# Provides an option that the user can optionally select.
+# Can accept condition to control when option is available for user.
+# Usage:
+#   option(<option_variable> "help string describing the option" <initial value or boolean expression> [IF <condition>])
+macro(OCV_OPTION variable description value)
+  set(__value ${value})
+  set(__condition "")
+  set(__varname "__value")
+  foreach(arg ${ARGN})
+    if(arg STREQUAL "IF" OR arg STREQUAL "if")
+      set(__varname "__condition")
+    else()
+      list(APPEND ${__varname} ${arg})
+    endif()
+  endforeach()
+  unset(__varname)
+  if(__condition STREQUAL "")
+    set(__condition 2 GREATER 1)
+  endif()
+
+  if(${__condition})
+    if(__value MATCHES ";")
+      if(${__value})
+        option(${variable} "${description}" ON)
+      else()
+        option(${variable} "${description}" OFF)
+      endif()
+    elseif(DEFINED ${__value})
+      if(${__value})
+        option(${variable} "${description}" ON)
+      else()
+        option(${variable} "${description}" OFF)
+      endif()
+    else()
+      option(${variable} "${description}" ${__value})
+    endif()
+  else()
+    unset(${variable} CACHE)
+  endif()
+  unset(__condition)
+  unset(__value)
+endmacro()
+
+
+# Macros that checks if module have been installed.
+# After it adds module to build and define
+# constants passed as second arg
+macro(CHECK_MODULE module_name define)
+  set(${define} 0)
+  if(PKG_CONFIG_FOUND)
+    set(ALIAS               ALIASOF_${module_name})
+    set(ALIAS_FOUND                 ${ALIAS}_FOUND)
+    set(ALIAS_INCLUDE_DIRS   ${ALIAS}_INCLUDE_DIRS)
+    set(ALIAS_LIBRARY_DIRS   ${ALIAS}_LIBRARY_DIRS)
+    set(ALIAS_LIBRARIES         ${ALIAS}_LIBRARIES)
+
+    PKG_CHECK_MODULES(${ALIAS} ${module_name})
+
+    if(${ALIAS_FOUND})
+      set(${define} 1)
+      foreach(P "${ALIAS_INCLUDE_DIRS}")
+        if(${P})
+          list(APPEND VIDEOIO_INCLUDE_DIRS ${${P}})
+          list(APPEND HIGHGUI_INCLUDE_DIRS ${${P}})
+        endif()
+      endforeach()
+
+      foreach(P "${ALIAS_LIBRARY_DIRS}")
+        if(${P})
+          list(APPEND VIDEOIO_LIBRARY_DIRS ${${P}})
+          list(APPEND HIGHGUI_LIBRARY_DIRS ${${P}})
+        endif()
+      endforeach()
+
+      list(APPEND VIDEOIO_LIBRARIES ${${ALIAS_LIBRARIES}})
+      list(APPEND HIGHGUI_LIBRARIES ${${ALIAS_LIBRARIES}})
+    endif()
+  endif()
+endmacro()
+
+
+set(OPENCV_BUILD_INFO_FILE "${OpenCV_BINARY_DIR}/version_string.tmp")
+file(REMOVE "${OPENCV_BUILD_INFO_FILE}")
+function(ocv_output_status msg)
+  message(STATUS "${msg}")
+  string(REPLACE "\\" "\\\\" msg "${msg}")
+  string(REPLACE "\"" "\\\"" msg "${msg}")
+  file(APPEND "${OPENCV_BUILD_INFO_FILE}" "\"${msg}\\n\"\n")
+endfunction()
+
+macro(ocv_finalize_status)
+  if(NOT OPENCV_SKIP_STATUS_FINALIZATION)
+    if(DEFINED OPENCV_MODULE_opencv_core_BINARY_DIR)
+      execute_process(COMMAND ${CMAKE_COMMAND} -E copy_if_different "${OPENCV_BUILD_INFO_FILE}" "${OPENCV_MODULE_opencv_core_BINARY_DIR}/version_string.inc" OUTPUT_QUIET)
+    endif()
+  endif()
+endmacro()
+
+
+# Status report function.
+# Automatically align right column and selects text based on condition.
+# Usage:
+#   status(<text>)
+#   status(<heading> <value1> [<value2> ...])
+#   status(<heading> <condition> THEN <text for TRUE> ELSE <text for FALSE> )
+function(status text)
+  set(status_cond)
+  set(status_then)
+  set(status_else)
+
+  set(status_current_name "cond")
+  foreach(arg ${ARGN})
+    if(arg STREQUAL "THEN")
+      set(status_current_name "then")
+    elseif(arg STREQUAL "ELSE")
+      set(status_current_name "else")
+    else()
+      list(APPEND status_${status_current_name} ${arg})
+    endif()
+  endforeach()
+
+  if(DEFINED status_cond)
+    set(status_placeholder_length 32)
+    string(RANDOM LENGTH ${status_placeholder_length} ALPHABET " " status_placeholder)
+    string(LENGTH "${text}" status_text_length)
+    if(status_text_length LESS status_placeholder_length)
+      string(SUBSTRING "${text}${status_placeholder}" 0 ${status_placeholder_length} status_text)
+    elseif(DEFINED status_then OR DEFINED status_else)
+      ocv_output_status("${text}")
+      set(status_text "${status_placeholder}")
+    else()
+      set(status_text "${text}")
+    endif()
+
+    if(DEFINED status_then OR DEFINED status_else)
+      if(${status_cond})
+        string(REPLACE ";" " " status_then "${status_then}")
+        string(REGEX REPLACE "^[ \t]+" "" status_then "${status_then}")
+        ocv_output_status("${status_text} ${status_then}")
+      else()
+        string(REPLACE ";" " " status_else "${status_else}")
+        string(REGEX REPLACE "^[ \t]+" "" status_else "${status_else}")
+        ocv_output_status("${status_text} ${status_else}")
+      endif()
+    else()
+      string(REPLACE ";" " " status_cond "${status_cond}")
+      string(REGEX REPLACE "^[ \t]+" "" status_cond "${status_cond}")
+      ocv_output_status("${status_text} ${status_cond}")
+    endif()
+  else()
+    ocv_output_status("${text}")
+  endif()
+endfunction()
+
+
+# remove all matching elements from the list
+macro(ocv_list_filterout lst regex)
+  foreach(item ${${lst}})
+    if(item MATCHES "${regex}")
+      list(REMOVE_ITEM ${lst} "${item}")
+    endif()
+  endforeach()
+endmacro()
+
+
+# stable & safe duplicates removal macro
+macro(ocv_list_unique __lst)
+  if(${__lst})
+    list(REMOVE_DUPLICATES ${__lst})
+  endif()
+endmacro()
+
+
+# safe list reversal macro
+macro(ocv_list_reverse __lst)
+  if(${__lst})
+    list(REVERSE ${__lst})
+  endif()
+endmacro()
+
+
+# safe list sorting macro
+macro(ocv_list_sort __lst)
+  if(${__lst})
+    list(SORT ${__lst})
+  endif()
+endmacro()
+
+
+# add prefix to each item in the list
+macro(ocv_list_add_prefix LST PREFIX)
+  set(__tmp "")
+  foreach(item ${${LST}})
+    list(APPEND __tmp "${PREFIX}${item}")
+  endforeach()
+  set(${LST} ${__tmp})
+  unset(__tmp)
+endmacro()
+
+
+# add suffix to each item in the list
+macro(ocv_list_add_suffix LST SUFFIX)
+  set(__tmp "")
+  foreach(item ${${LST}})
+    list(APPEND __tmp "${item}${SUFFIX}")
+  endforeach()
+  set(${LST} ${__tmp})
+  unset(__tmp)
+endmacro()
+
+
+# gets and removes the first element from list
+macro(ocv_list_pop_front LST VAR)
+  if(${LST})
+    list(GET ${LST} 0 ${VAR})
+    list(REMOVE_AT ${LST} 0)
+  else()
+    set(${VAR} "")
+  endif()
+endmacro()
+
+
+# simple regex escaping routine (does not cover all cases!!!)
+macro(ocv_regex_escape var regex)
+  string(REGEX REPLACE "([+.*^$])" "\\\\1" ${var} "${regex}")
+endmacro()
+
+
+# convert list of paths to full paths
+macro(ocv_convert_to_full_paths VAR)
+  if(${VAR})
+    set(__tmp "")
+    foreach(path ${${VAR}})
+      get_filename_component(${VAR} "${path}" ABSOLUTE)
+      list(APPEND __tmp "${${VAR}}")
+    endforeach()
+    set(${VAR} ${__tmp})
+    unset(__tmp)
+  endif()
+endmacro()
+
+
+# convert list of paths to libraries names without lib prefix
+macro(ocv_convert_to_lib_name var)
+  set(__tmp "")
+  foreach(path ${ARGN})
+    get_filename_component(__tmp_name "${path}" NAME_WE)
+    string(REGEX REPLACE "^lib" "" __tmp_name ${__tmp_name})
+    list(APPEND __tmp "${__tmp_name}")
+  endforeach()
+  set(${var} ${__tmp})
+  unset(__tmp)
+  unset(__tmp_name)
+endmacro()
+
+
+# add install command
+function(ocv_install_target)
+  install(TARGETS ${ARGN})
+
+  set(isPackage 0)
+  unset(__package)
+  unset(__target)
+  foreach(e ${ARGN})
+    if(NOT DEFINED __target)
+      set(__target "${e}")
+    endif()
+    if(isPackage EQUAL 1)
+      set(__package "${e}")
+      break()
+    endif()
+    if(e STREQUAL "EXPORT")
+      set(isPackage 1)
+    endif()
+  endforeach()
+
+  if(DEFINED __package)
+    list(APPEND ${__package}_TARGETS ${__target})
+    set(${__package}_TARGETS "${${__package}_TARGETS}" CACHE INTERNAL "List of ${__package} targets")
+  endif()
+
+  if(INSTALL_CREATE_DISTRIB)
+    if(MSVC AND NOT BUILD_SHARED_LIBS)
+      set(__target "${ARGV0}")
+
+      set(isArchive 0)
+      set(isDst 0)
+      unset(__dst)
+      foreach(e ${ARGN})
+        if(isDst EQUAL 1)
+          set(__dst "${e}")
+          break()
+        endif()
+        if(isArchive EQUAL 1 AND e STREQUAL "DESTINATION")
+          set(isDst 1)
+        endif()
+        if(e STREQUAL "ARCHIVE")
+          set(isArchive 1)
+        else()
+          set(isArchive 0)
+        endif()
+      endforeach()
+
+#      message(STATUS "Process ${__target} dst=${__dst}...")
+      if(DEFINED __dst)
+        if(CMAKE_VERSION VERSION_LESS 2.8.12)
+          get_target_property(fname ${__target} LOCATION_DEBUG)
+          if(fname MATCHES "\\.lib$")
+            string(REGEX REPLACE "\\.lib$" ".pdb" fname "${fname}")
+            install(FILES ${fname} DESTINATION ${__dst} CONFIGURATIONS Debug)
+          endif()
+
+          get_target_property(fname ${__target} LOCATION_RELEASE)
+          if(fname MATCHES "\\.lib$")
+            string(REGEX REPLACE "\\.lib$" ".pdb" fname "${fname}")
+            install(FILES ${fname} DESTINATION ${__dst} CONFIGURATIONS Release)
+          endif()
+        else()
+          # CMake 2.8.12 brokes PDB support in STATIC libraries for MSVS
+        endif()
+      endif()
+    endif()
+  endif()
+endfunction()
+
+
+# read set of version defines from the header file
+macro(ocv_parse_header FILENAME FILE_VAR)
+  set(vars_regex "")
+  set(__parnet_scope OFF)
+  set(__add_cache OFF)
+  foreach(name ${ARGN})
+    if("${name}" STREQUAL "PARENT_SCOPE")
+      set(__parnet_scope ON)
+    elseif("${name}" STREQUAL "CACHE")
+      set(__add_cache ON)
+    elseif(vars_regex)
+      set(vars_regex "${vars_regex}|${name}")
+    else()
+      set(vars_regex "${name}")
+    endif()
+  endforeach()
+  if(EXISTS "${FILENAME}")
+    file(STRINGS "${FILENAME}" ${FILE_VAR} REGEX "#define[ \t]+(${vars_regex})[ \t]+[0-9]+" )
+  else()
+    unset(${FILE_VAR})
+  endif()
+  foreach(name ${ARGN})
+    if(NOT "${name}" STREQUAL "PARENT_SCOPE" AND NOT "${name}" STREQUAL "CACHE")
+      if(${FILE_VAR})
+        if(${FILE_VAR} MATCHES ".+[ \t]${name}[ \t]+([0-9]+).*")
+          string(REGEX REPLACE ".+[ \t]${name}[ \t]+([0-9]+).*" "\\1" ${name} "${${FILE_VAR}}")
+        else()
+          set(${name} "")
+        endif()
+        if(__add_cache)
+          set(${name} ${${name}} CACHE INTERNAL "${name} parsed from ${FILENAME}" FORCE)
+        elseif(__parnet_scope)
+          set(${name} "${${name}}" PARENT_SCOPE)
+        endif()
+      else()
+        unset(${name} CACHE)
+      endif()
+    endif()
+  endforeach()
+endmacro()
+
+# read single version define from the header file
+macro(ocv_parse_header2 LIBNAME HDR_PATH VARNAME)
+  ocv_clear_vars(${LIBNAME}_VERSION_MAJOR
+                 ${LIBNAME}_VERSION_MAJOR
+                 ${LIBNAME}_VERSION_MINOR
+                 ${LIBNAME}_VERSION_PATCH
+                 ${LIBNAME}_VERSION_TWEAK
+                 ${LIBNAME}_VERSION_STRING)
+  set(${LIBNAME}_H "")
+  if(EXISTS "${HDR_PATH}")
+    file(STRINGS "${HDR_PATH}" ${LIBNAME}_H REGEX "^#define[ \t]+${VARNAME}[ \t]+\"[^\"]*\".*$" LIMIT_COUNT 1)
+  endif()
+
+  if(${LIBNAME}_H)
+    string(REGEX REPLACE "^.*[ \t]${VARNAME}[ \t]+\"([0-9]+).*$" "\\1" ${LIBNAME}_VERSION_MAJOR "${${LIBNAME}_H}")
+    string(REGEX REPLACE "^.*[ \t]${VARNAME}[ \t]+\"[0-9]+\\.([0-9]+).*$" "\\1" ${LIBNAME}_VERSION_MINOR  "${${LIBNAME}_H}")
+    string(REGEX REPLACE "^.*[ \t]${VARNAME}[ \t]+\"[0-9]+\\.[0-9]+\\.([0-9]+).*$" "\\1" ${LIBNAME}_VERSION_PATCH "${${LIBNAME}_H}")
+    set(${LIBNAME}_VERSION_MAJOR ${${LIBNAME}_VERSION_MAJOR} ${ARGN})
+    set(${LIBNAME}_VERSION_MINOR ${${LIBNAME}_VERSION_MINOR} ${ARGN})
+    set(${LIBNAME}_VERSION_PATCH ${${LIBNAME}_VERSION_PATCH} ${ARGN})
+    set(${LIBNAME}_VERSION_STRING "${${LIBNAME}_VERSION_MAJOR}.${${LIBNAME}_VERSION_MINOR}.${${LIBNAME}_VERSION_PATCH}")
+
+    # append a TWEAK version if it exists:
+    set(${LIBNAME}_VERSION_TWEAK "")
+    if("${${LIBNAME}_H}" MATCHES "^.*[ \t]${VARNAME}[ \t]+\"[0-9]+\\.[0-9]+\\.[0-9]+\\.([0-9]+).*$")
+      set(${LIBNAME}_VERSION_TWEAK "${CMAKE_MATCH_1}" ${ARGN})
+    endif()
+    if(${LIBNAME}_VERSION_TWEAK)
+      set(${LIBNAME}_VERSION_STRING "${${LIBNAME}_VERSION_STRING}.${${LIBNAME}_VERSION_TWEAK}" ${ARGN})
+    else()
+      set(${LIBNAME}_VERSION_STRING "${${LIBNAME}_VERSION_STRING}" ${ARGN})
+    endif()
+  endif()
+endmacro()
+
+# read single version info from the pkg file
+macro(ocv_parse_pkg LIBNAME PKG_PATH SCOPE)
+  if(EXISTS "${PKG_PATH}/${LIBNAME}.pc")
+    file(STRINGS "${PKG_PATH}/${LIBNAME}.pc" line_to_parse REGEX "^Version:[ \t]+[0-9.]*.*$" LIMIT_COUNT 1)
+    STRING(REGEX REPLACE ".*Version: ([^ ]+).*" "\\1" ALIASOF_${LIBNAME}_VERSION "${line_to_parse}" )
+  endif()
+endmacro()
+
+################################################################################################
+# short command to setup source group
+function(ocv_source_group group)
+  if(BUILD_opencv_world AND OPENCV_MODULE_${the_module}_IS_PART_OF_WORLD)
+    set(group "${the_module}\\${group}")
+  endif()
+  cmake_parse_arguments(SG "" "DIRBASE" "GLOB;GLOB_RECURSE;FILES" ${ARGN})
+  set(files "")
+  if(SG_FILES)
+    list(APPEND files ${SG_FILES})
+  endif()
+  if(SG_GLOB)
+    file(GLOB srcs ${SG_GLOB})
+    list(APPEND files ${srcs})
+  endif()
+  if(SG_GLOB_RECURSE)
+    file(GLOB_RECURSE srcs ${SG_GLOB_RECURSE})
+    list(APPEND files ${srcs})
+  endif()
+  if(SG_DIRBASE)
+    foreach(f ${files})
+      file(RELATIVE_PATH fpart "${SG_DIRBASE}" "${f}")
+      if(fpart MATCHES "^\\.\\.")
+        message(AUTHOR_WARNING "Can't detect subpath for source_group command: Group=${group} FILE=${f} DIRBASE=${SG_DIRBASE}")
+        set(fpart "")
+      else()
+        get_filename_component(fpart "${fpart}" PATH)
+        if(fpart)
+          set(fpart "/${fpart}") # add '/'
+          string(REPLACE "/" "\\" fpart "${fpart}")
+        endif()
+      endif()
+      source_group("${group}${fpart}" FILES ${f})
+    endforeach()
+  else()
+    source_group(${group} FILES ${files})
+  endif()
+endfunction()
+
+function(ocv_target_link_libraries target)
+  _ocv_fix_target(target)
+  set(LINK_DEPS ${ARGN})
+  # process world
+  if(BUILD_opencv_world)
+    foreach(m ${OPENCV_MODULES_BUILD})
+      if(OPENCV_MODULE_${m}_IS_PART_OF_WORLD)
+        if(";${LINK_DEPS};" MATCHES ";${m};")
+          list(REMOVE_ITEM LINK_DEPS ${m})
+          if(NOT (";${LINK_DEPS};" MATCHES ";opencv_world;"))
+            list(APPEND LINK_DEPS opencv_world)
+          endif()
+        endif()
+      endif()
+    endforeach()
+  endif()
+  target_link_libraries(${target} ${LINK_DEPS})
+endfunction()
+
+function(_ocv_append_target_includes target)
+  if(DEFINED OCV_TARGET_INCLUDE_DIRS_${target})
+    target_include_directories(${target} PRIVATE ${OCV_TARGET_INCLUDE_DIRS_${target}})
+    if (TARGET ${target}_object)
+      target_include_directories(${target}_object PRIVATE ${OCV_TARGET_INCLUDE_DIRS_${target}})
+    endif()
+    unset(OCV_TARGET_INCLUDE_DIRS_${target} CACHE)
+  endif()
+endfunction()
+
+function(ocv_add_executable target)
+  add_executable(${target} ${ARGN})
+  _ocv_append_target_includes(${target})
+endfunction()
+
+function(ocv_add_library target)
+  set(cuda_objs "")
+  if(HAVE_CUDA)
+    set(cuda_srcs "")
+
+    foreach(var ${ARGN})
+      if(var MATCHES ".cu")
+        list(APPEND cuda_srcs ${var})
+      endif()
+    endforeach()
+
+    if(cuda_srcs)
+      ocv_include_directories(${CUDA_INCLUDE_DIRS})
+      ocv_cuda_compile(cuda_objs ${lib_cuda_srcs} ${lib_cuda_hdrs})
+    endif()
+    set(OPENCV_MODULE_${target}_CUDA_OBJECTS ${cuda_objs} CACHE INTERNAL "Compiled CUDA object files")
+  endif()
+
+  add_library(${target} ${ARGN} ${cuda_objs})
+
+  # Add OBJECT library (added in cmake 2.8.8) to use in compound modules
+  if (NOT CMAKE_VERSION VERSION_LESS "2.8.8"
+      AND NOT OPENCV_MODULE_${target}_CHILDREN
+      AND NOT OPENCV_MODULE_${target}_CLASS STREQUAL "BINDINGS"
+      AND NOT ${target} STREQUAL "opencv_ts"
+    )
+    set(sources ${ARGN})
+    ocv_list_filterout(sources "\\\\.(cl|inc)$")
+    add_library(${target}_object OBJECT ${sources})
+    set_target_properties(${target}_object PROPERTIES
+      EXCLUDE_FROM_ALL True
+      EXCLUDE_FROM_DEFAULT_BUILD True
+      POSITION_INDEPENDENT_CODE True
+      )
+    if (ENABLE_SOLUTION_FOLDERS)
+      set_target_properties(${target}_object PROPERTIES FOLDER "object_libraries")
+    endif()
+    unset(sources)
+  endif()
+
+  _ocv_append_target_includes(${target})
+endfunction()
+
+# build the list of opencv libs and dependencies for all modules
+#  _modules - variable to hold list of all modules
+#  _extra - variable to hold list of extra dependencies
+#  _3rdparty - variable to hold list of prebuilt 3rdparty libraries
+macro(ocv_get_all_libs _modules _extra _3rdparty)
+  set(${_modules} "")
+  set(${_extra} "")
+  set(${_3rdparty} "")
+  foreach(m ${OPENCV_MODULES_PUBLIC})
+    get_target_property(deps ${m} INTERFACE_LINK_LIBRARIES)
+    if(NOT deps)
+      set(deps "")
+    endif()
+    list(INSERT ${_modules} 0 ${deps} ${m})
+    foreach (dep ${deps} ${OPENCV_LINKER_LIBS})
+      if (NOT DEFINED OPENCV_MODULE_${dep}_LOCATION)
+        if (TARGET ${dep})
+          get_target_property(_output ${dep} ARCHIVE_OUTPUT_DIRECTORY)
+          if ("${_output}" STREQUAL "${3P_LIBRARY_OUTPUT_PATH}")
+            list(INSERT ${_3rdparty} 0 ${dep})
+          else()
+            list(INSERT ${_extra} 0 ${dep})
+          endif()
+        else()
+          list(INSERT ${_extra} 0 ${dep})
+        endif()
+      endif()
+    endforeach()
+  endforeach()
+
+  # ippicv specific handling
+  list(FIND ${_extra} "ippicv" ippicv_idx)
+  if (${ippicv_idx} GREATER -1)
+    list(REMOVE_ITEM ${_extra} "ippicv")
+    list(INSERT ${_3rdparty} 0 "ippicv")
+  endif()
+
+  # split 3rdparty libs and modules
+  list(REMOVE_ITEM ${_modules} ${${_3rdparty}} ${${_extra}})
+
+  # convert CMake lists to makefile literals
+  foreach(lst ${_modules} ${_3rdparty} ${_extra})
+    ocv_list_unique(${lst})
+    ocv_list_reverse(${lst})
+  endforeach()
+endmacro()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVVersion.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVVersion.cmake
new file mode 100644
index 000000000..60ac16420
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/OpenCVVersion.cmake
@@ -0,0 +1,18 @@
+SET(OPENCV_VERSION_FILE "${CMAKE_CURRENT_SOURCE_DIR}/modules/core/include/opencv2/core/version.hpp")
+file(STRINGS "${OPENCV_VERSION_FILE}" OPENCV_VERSION_PARTS REGEX "#define CV_VERSION_[A-Z]+[ ]+" )
+
+string(REGEX REPLACE ".+CV_VERSION_MAJOR[ ]+([0-9]+).*" "\\1" OPENCV_VERSION_MAJOR "${OPENCV_VERSION_PARTS}")
+string(REGEX REPLACE ".+CV_VERSION_MINOR[ ]+([0-9]+).*" "\\1" OPENCV_VERSION_MINOR "${OPENCV_VERSION_PARTS}")
+string(REGEX REPLACE ".+CV_VERSION_REVISION[ ]+([0-9]+).*" "\\1" OPENCV_VERSION_PATCH "${OPENCV_VERSION_PARTS}")
+string(REGEX REPLACE ".+CV_VERSION_STATUS[ ]+\"([^\"]*)\".*" "\\1" OPENCV_VERSION_STATUS "${OPENCV_VERSION_PARTS}")
+
+set(OPENCV_VERSION_PLAIN "${OPENCV_VERSION_MAJOR}.${OPENCV_VERSION_MINOR}.${OPENCV_VERSION_PATCH}")
+
+set(OPENCV_VERSION "${OPENCV_VERSION_PLAIN}${OPENCV_VERSION_STATUS}")
+
+set(OPENCV_SOVERSION "${OPENCV_VERSION_MAJOR}.${OPENCV_VERSION_MINOR}")
+set(OPENCV_LIBVERSION "${OPENCV_VERSION_MAJOR}.${OPENCV_VERSION_MINOR}.${OPENCV_VERSION_PATCH}")
+
+# create a dependency on version file
+# we never use output of the following command but cmake will rerun automatically if the version file changes
+configure_file("${OPENCV_VERSION_FILE}" "${CMAKE_BINARY_DIR}/junk/version.junk" COPYONLY)
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/OpenCVDetectCudaArch.cu b/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/OpenCVDetectCudaArch.cu
new file mode 100644
index 000000000..9d7086cf2
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/OpenCVDetectCudaArch.cu
@@ -0,0 +1,14 @@
+#include <stdio.h>
+int main()
+{
+    int count = 0;
+    if (cudaSuccess != cudaGetDeviceCount(&count)){return -1;}
+    if (count == 0) {return -1;}
+    for (int device = 0; device < count; ++device)
+    {
+        cudaDeviceProp prop;
+        if (cudaSuccess != cudaGetDeviceProperties(&prop, device)){ continue;}
+        printf("%d.%d ", prop.major, prop.minor);
+    }
+    return 0;
+}
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/directx.cpp b/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/directx.cpp
new file mode 100644
index 000000000..452a885cd
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/directx.cpp
@@ -0,0 +1,70 @@
+#include <windows.h>
+
+#include <d3d11.h>
+#pragma comment (lib, "d3d11.lib")
+
+HINSTANCE g_hInst = NULL;
+D3D_DRIVER_TYPE g_driverType = D3D_DRIVER_TYPE_NULL;
+D3D_FEATURE_LEVEL g_featureLevel = D3D_FEATURE_LEVEL_11_0;
+ID3D11Device* g_pd3dDevice = NULL;
+ID3D11DeviceContext* g_pImmediateContext = NULL;
+IDXGISwapChain* g_pSwapChain = NULL;
+
+static HRESULT InitDevice()
+{
+    HRESULT hr = S_OK;
+
+    UINT width = 640;
+    UINT height = 480;
+
+    UINT createDeviceFlags = 0;
+
+    D3D_DRIVER_TYPE driverTypes[] =
+    {
+        D3D_DRIVER_TYPE_HARDWARE,
+        D3D_DRIVER_TYPE_WARP,
+        D3D_DRIVER_TYPE_REFERENCE,
+    };
+    UINT numDriverTypes = ARRAYSIZE(driverTypes);
+
+    D3D_FEATURE_LEVEL featureLevels[] =
+    {
+        D3D_FEATURE_LEVEL_11_0,
+        D3D_FEATURE_LEVEL_10_1,
+        D3D_FEATURE_LEVEL_10_0,
+    };
+    UINT numFeatureLevels = ARRAYSIZE(featureLevels);
+
+    DXGI_SWAP_CHAIN_DESC sd;
+    ZeroMemory( &sd, sizeof( sd ) );
+    sd.BufferCount = 1;
+    sd.BufferDesc.Width = width;
+    sd.BufferDesc.Height = height;
+    sd.BufferDesc.Format = DXGI_FORMAT_R8G8B8A8_UNORM;
+    sd.BufferDesc.RefreshRate.Numerator = 60;
+    sd.BufferDesc.RefreshRate.Denominator = 1;
+    sd.BufferUsage = DXGI_USAGE_RENDER_TARGET_OUTPUT;
+    sd.OutputWindow = NULL; //g_hWnd;
+    sd.SampleDesc.Count = 1;
+    sd.SampleDesc.Quality = 0;
+    sd.Windowed = TRUE;
+
+    for (UINT driverTypeIndex = 0; driverTypeIndex < numDriverTypes; driverTypeIndex++)
+    {
+        g_driverType = driverTypes[driverTypeIndex];
+        hr = D3D11CreateDeviceAndSwapChain(NULL, g_driverType, NULL, createDeviceFlags, featureLevels, numFeatureLevels,
+                D3D11_SDK_VERSION, &sd, &g_pSwapChain, &g_pd3dDevice, &g_featureLevel, &g_pImmediateContext);
+        if (SUCCEEDED(hr))
+            break;
+    }
+    if (FAILED(hr))
+        return hr;
+
+    return S_OK;
+}
+
+int main(int /*argc*/, char** /*argv*/)
+{
+    InitDevice();
+    return 0;
+}
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/opencl.cpp b/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/opencl.cpp
new file mode 100644
index 000000000..95a36f3ac
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/opencl.cpp
@@ -0,0 +1,24 @@
+#if defined __APPLE__
+#include <OpenCL/cl.h>
+#else
+#include <CL/cl.h>
+#endif
+
+#ifndef _MSC_VER
+#ifdef CL_VERSION_1_2
+#error OpenCL is valid
+#else
+#error OpenCL check failed
+#endif
+#else
+#ifdef CL_VERSION_1_2
+#pragma message ("OpenCL is valid")
+#else
+#pragma message ("OpenCL check failed")
+#endif
+#endif
+
+int main(int /*argc*/, char** /*argv*/)
+{
+    return 0;
+}
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/vfwtest.cpp b/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/vfwtest.cpp
new file mode 100644
index 000000000..8d8ecb271
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/vfwtest.cpp
@@ -0,0 +1,10 @@
+
+#include <windows.h>
+#include <vfw.h>
+
+int main()
+{
+  AVIFileInit();
+  AVIFileExit();
+  return 0;
+}
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/win32uitest.cpp b/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/win32uitest.cpp
new file mode 100644
index 000000000..f475e1c96
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/checks/win32uitest.cpp
@@ -0,0 +1,11 @@
+#include <windows.h>
+
+int main(int argc, char** argv)
+{
+    CreateWindow(NULL /*lpClassName*/, NULL /*lpWindowName*/, 0 /*dwStyle*/, 0 /*x*/,
+                 0 /*y*/, 0 /*nWidth*/, 0 /*nHeight*/, NULL /*hWndParent*/, NULL /*hMenu*/,
+                NULL /*hInstance*/,  NULL /*lpParam*/);
+    DeleteDC(NULL);
+
+    return 0;
+}
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/cl2cpp.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/cl2cpp.cmake
new file mode 100644
index 000000000..700f12fb5
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/cl2cpp.cmake
@@ -0,0 +1,89 @@
+file(GLOB cl_list "${CL_DIR}/*.cl" )
+list(SORT cl_list)
+
+string(REPLACE ".cpp" ".hpp" OUTPUT_HPP "${OUTPUT}")
+get_filename_component(OUTPUT_HPP_NAME "${OUTPUT_HPP}" NAME)
+
+if("${MODULE_NAME}" STREQUAL "ocl")
+    set(nested_namespace_start "")
+    set(nested_namespace_end "")
+else()
+    set(new_mode ON)
+    set(nested_namespace_start "namespace ${MODULE_NAME}\n{")
+    set(nested_namespace_end "}")
+endif()
+
+set(STR_CPP "// This file is auto-generated. Do not edit!
+
+#include \"precomp.hpp\"
+#include \"${OUTPUT_HPP_NAME}\"
+
+namespace cv
+{
+namespace ocl
+{
+${nested_namespace_start}
+
+")
+
+set(STR_HPP "// This file is auto-generated. Do not edit!
+
+#include \"opencv2/core/ocl.hpp\"
+#include \"opencv2/core/ocl_genbase.hpp\"
+#include \"opencv2/core/opencl/ocl_defs.hpp\"
+
+namespace cv
+{
+namespace ocl
+{
+${nested_namespace_start}
+
+")
+
+foreach(cl ${cl_list})
+  get_filename_component(cl_filename "${cl}" NAME_WE)
+  #message("${cl_filename}")
+
+  file(READ "${cl}" lines)
+
+  string(REPLACE "\r" "" lines "${lines}\n")
+  string(REPLACE "\t" "  " lines "${lines}")
+
+  string(REGEX REPLACE "/\\*([^*]/|\\*[^/]|[^*/])*\\*/" ""   lines "${lines}") # multiline comments
+  string(REGEX REPLACE "/\\*([^\n])*\\*/"               ""   lines "${lines}") # single-line comments
+  string(REGEX REPLACE "[ ]*//[^\n]*\n"                 "\n" lines "${lines}") # single-line comments
+  string(REGEX REPLACE "\n[ ]*(\n[ ]*)*"                "\n" lines "${lines}") # empty lines & leading whitespace
+  string(REGEX REPLACE "^\n"                            ""   lines "${lines}") # leading new line
+
+  string(REPLACE "\\" "\\\\" lines "${lines}")
+  string(REPLACE "\"" "\\\"" lines "${lines}")
+  string(REPLACE "\n" "\\n\"\n\"" lines "${lines}")
+
+  string(REGEX REPLACE "\"$" "" lines "${lines}") # unneeded " at the eof
+
+  string(MD5 hash "${lines}")
+
+  set(STR_CPP_DECL "const struct ProgramEntry ${cl_filename}={\"${cl_filename}\",\n\"${lines}, \"${hash}\"};\n")
+  set(STR_HPP_DECL "extern const struct ProgramEntry ${cl_filename};\n")
+  if(new_mode)
+    set(STR_CPP_DECL "${STR_CPP_DECL}ProgramSource ${cl_filename}_oclsrc(${cl_filename}.programStr);\n")
+    set(STR_HPP_DECL "${STR_HPP_DECL}extern ProgramSource ${cl_filename}_oclsrc;\n")
+  endif()
+
+  set(STR_CPP "${STR_CPP}${STR_CPP_DECL}")
+  set(STR_HPP "${STR_HPP}${STR_HPP_DECL}")
+endforeach()
+
+set(STR_CPP "${STR_CPP}}\n${nested_namespace_end}}\n")
+set(STR_HPP "${STR_HPP}}\n${nested_namespace_end}}\n")
+
+file(WRITE "${OUTPUT}" "${STR_CPP}")
+
+if(EXISTS "${OUTPUT_HPP}")
+  file(READ "${OUTPUT_HPP}" hpp_lines)
+endif()
+if("${hpp_lines}" STREQUAL "${STR_HPP}")
+  message(STATUS "${OUTPUT_HPP} contains same content")
+else()
+  file(WRITE "${OUTPUT_HPP}" "${STR_HPP}")
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/copyAndroidLibs.cmake b/dependency-check-core/src/test/resources/cmake/opencv/cmake/copyAndroidLibs.cmake
new file mode 100644
index 000000000..4e9e17f4c
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/copyAndroidLibs.cmake
@@ -0,0 +1,8 @@
+# helper file for Android samples build
+
+file(GLOB_RECURSE LIBS RELATIVE ${SRC_DIR} "*.so")
+
+foreach(l ${LIBS})
+  message(STATUS "  Copying: ${l} ...")
+  execute_process(COMMAND ${CMAKE_COMMAND} -E copy_if_different ${SRC_DIR}/${l} ${DST_DIR}/${l})
+endforeach()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/OpenCV.mk.in b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/OpenCV.mk.in
new file mode 100644
index 000000000..acbb763c9
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/OpenCV.mk.in
@@ -0,0 +1,121 @@
+# In order to compile your application under cygwin
+# you might need to define NDK_USE_CYGPATH=1 before calling the ndk-build
+
+USER_LOCAL_PATH:=$(LOCAL_PATH)
+
+USER_LOCAL_C_INCLUDES:=$(LOCAL_C_INCLUDES)
+USER_LOCAL_CFLAGS:=$(LOCAL_CFLAGS)
+USER_LOCAL_STATIC_LIBRARIES:=$(LOCAL_STATIC_LIBRARIES)
+USER_LOCAL_SHARED_LIBRARIES:=$(LOCAL_SHARED_LIBRARIES)
+USER_LOCAL_LDLIBS:=$(LOCAL_LDLIBS)
+
+LOCAL_PATH:=$(subst ?,,$(firstword ?$(subst \, ,$(subst /, ,$(call my-dir)))))
+
+OPENCV_TARGET_ARCH_ABI:=$(TARGET_ARCH_ABI)
+OPENCV_THIS_DIR:=$(patsubst $(LOCAL_PATH)\\%,%,$(patsubst $(LOCAL_PATH)/%,%,$(call my-dir)))
+OPENCV_MK_DIR:=$(dir $(lastword $(MAKEFILE_LIST)))
+OPENCV_LIBS_DIR:=@OPENCV_LIBS_DIR_CONFIGCMAKE@
+OPENCV_3RDPARTY_LIBS_DIR:=@OPENCV_3RDPARTY_LIBS_DIR_CONFIGCMAKE@
+OPENCV_BASEDIR:=@OPENCV_BASE_INCLUDE_DIR_CONFIGCMAKE@
+OPENCV_LOCAL_C_INCLUDES:=@OPENCV_INCLUDE_DIRS_CONFIGCMAKE@
+OPENCV_MODULES:=@OPENCV_MODULES_CONFIGMAKE@
+
+ifeq ($(OPENCV_LIB_TYPE),)
+    OPENCV_LIB_TYPE:=@OPENCV_LIBTYPE_CONFIGMAKE@
+endif
+
+ifeq ($(OPENCV_LIB_TYPE),SHARED)
+    OPENCV_LIBS:=@OPENCV_LIBS_CONFIGMAKE@
+    OPENCV_LIB_TYPE:=@OPENCV_LIBTYPE_CONFIGMAKE@
+else
+    OPENCV_LIBS:=$(OPENCV_MODULES)
+    OPENCV_LIB_TYPE:=@OPENCV_STATIC_LIBTYPE_CONFIGMAKE@
+endif
+
+ifeq ($(OPENCV_LIB_TYPE),SHARED)
+    OPENCV_3RDPARTY_COMPONENTS:=
+    OPENCV_EXTRA_COMPONENTS:=
+else
+    ifeq ($(TARGET_ARCH_ABI),armeabi-v7a)
+        OPENCV_3RDPARTY_COMPONENTS:=@OPENCV_3RDPARTY_COMPONENTS_CONFIGMAKE@
+        OPENCV_EXTRA_COMPONENTS:=@OPENCV_EXTRA_COMPONENTS_CONFIGMAKE@
+    endif
+    ifeq ($(TARGET_ARCH_ABI),x86)
+        OPENCV_3RDPARTY_COMPONENTS:=@OPENCV_3RDPARTY_COMPONENTS_CONFIGMAKE@
+        OPENCV_EXTRA_COMPONENTS:=@OPENCV_EXTRA_COMPONENTS_CONFIGMAKE@
+    endif
+    ifeq ($(TARGET_ARCH_ABI),armeabi)
+        OPENCV_3RDPARTY_COMPONENTS:=@OPENCV_3RDPARTY_COMPONENTS_CONFIGMAKE_NO_TBB@
+        OPENCV_EXTRA_COMPONENTS:=@OPENCV_EXTRA_COMPONENTS_CONFIGMAKE@
+    endif
+    ifeq ($(TARGET_ARCH_ABI),mips)
+        OPENCV_3RDPARTY_COMPONENTS:=@OPENCV_3RDPARTY_COMPONENTS_CONFIGMAKE@
+        OPENCV_EXTRA_COMPONENTS:=@OPENCV_EXTRA_COMPONENTS_CONFIGMAKE@
+    endif
+endif
+
+ifeq ($(OPENCV_LIB_TYPE),SHARED)
+    OPENCV_LIB_SUFFIX:=so
+else
+    OPENCV_LIB_SUFFIX:=a
+    OPENCV_INSTALL_MODULES:=on
+endif
+
+define add_opencv_module
+    include $(CLEAR_VARS)
+    LOCAL_MODULE:=opencv_$1
+    LOCAL_SRC_FILES:=$(OPENCV_LIBS_DIR)/libopencv_$1.$(OPENCV_LIB_SUFFIX)
+    include $(PREBUILT_$(OPENCV_LIB_TYPE)_LIBRARY)
+endef
+
+define add_opencv_3rdparty_component
+    include $(CLEAR_VARS)
+    LOCAL_MODULE:=$1
+    LOCAL_SRC_FILES:=$(OPENCV_3RDPARTY_LIBS_DIR)/lib$1.a
+    include $(PREBUILT_STATIC_LIBRARY)
+endef
+
+ifeq ($(OPENCV_MK_$(OPENCV_TARGET_ARCH_ABI)_ALREADY_INCLUDED),)
+    ifeq ($(OPENCV_INSTALL_MODULES),on)
+        $(foreach module,$(OPENCV_LIBS),$(eval $(call add_opencv_module,$(module))))
+    endif
+
+    $(foreach module,$(OPENCV_3RDPARTY_COMPONENTS),$(eval $(call add_opencv_3rdparty_component,$(module))))
+
+    ifneq ($(OPENCV_BASEDIR),)
+        OPENCV_LOCAL_C_INCLUDES += $(foreach mod, $(OPENCV_MODULES), $(OPENCV_BASEDIR)/modules/$(mod)/include)
+    endif
+
+    #turn off module installation to prevent their redefinition
+    OPENCV_MK_$(OPENCV_TARGET_ARCH_ABI)_ALREADY_INCLUDED:=on
+endif
+
+ifeq ($(OPENCV_LOCAL_CFLAGS),)
+    OPENCV_LOCAL_CFLAGS := -fPIC -DANDROID -fsigned-char
+endif
+
+include $(CLEAR_VARS)
+
+LOCAL_C_INCLUDES:=$(USER_LOCAL_C_INCLUDES)
+LOCAL_CFLAGS:=$(USER_LOCAL_CFLAGS)
+LOCAL_STATIC_LIBRARIES:=$(USER_LOCAL_STATIC_LIBRARIES)
+LOCAL_SHARED_LIBRARIES:=$(USER_LOCAL_SHARED_LIBRARIES)
+LOCAL_LDLIBS:=$(USER_LOCAL_LDLIBS)
+
+LOCAL_C_INCLUDES += $(OPENCV_LOCAL_C_INCLUDES)
+LOCAL_CFLAGS     += $(OPENCV_LOCAL_CFLAGS)
+
+ifeq ($(OPENCV_INSTALL_MODULES),on)
+    LOCAL_$(OPENCV_LIB_TYPE)_LIBRARIES += $(foreach mod, $(OPENCV_LIBS), opencv_$(mod))
+else
+    LOCAL_LDLIBS += -L$(call host-path,$(LOCAL_PATH)/$(OPENCV_LIBS_DIR)) $(foreach lib, $(OPENCV_LIBS), -lopencv_$(lib))
+endif
+
+ifeq ($(OPENCV_LIB_TYPE),STATIC)
+    LOCAL_STATIC_LIBRARIES += $(OPENCV_3RDPARTY_COMPONENTS)
+endif
+
+LOCAL_LDLIBS += $(foreach lib,$(OPENCV_EXTRA_COMPONENTS), -l$(lib))
+
+#restore the LOCAL_PATH
+LOCAL_PATH:=$(USER_LOCAL_PATH)
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/OpenCVConfig-version.cmake.in b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/OpenCVConfig-version.cmake.in
new file mode 100644
index 000000000..b5ac5f8e2
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/OpenCVConfig-version.cmake.in
@@ -0,0 +1,14 @@
+set(OpenCV_VERSION @OPENCV_VERSION_PLAIN@)
+set(PACKAGE_VERSION ${OpenCV_VERSION})
+
+set(PACKAGE_VERSION_EXACT False)
+set(PACKAGE_VERSION_COMPATIBLE False)
+
+if(PACKAGE_FIND_VERSION VERSION_EQUAL PACKAGE_VERSION)
+  set(PACKAGE_VERSION_EXACT True)
+  set(PACKAGE_VERSION_COMPATIBLE True)
+endif()
+
+if(PACKAGE_FIND_VERSION VERSION_LESS PACKAGE_VERSION)
+  set(PACKAGE_VERSION_COMPATIBLE True)
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/OpenCVConfig.cmake.in b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/OpenCVConfig.cmake.in
new file mode 100644
index 000000000..e5904aba3
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/OpenCVConfig.cmake.in
@@ -0,0 +1,391 @@
+# ===================================================================================
+#  The OpenCV CMake configuration file
+#
+#             ** File generated automatically, do not modify **
+#
+#  Usage from an external project:
+#    In your CMakeLists.txt, add these lines:
+#
+#    find_package(OpenCV REQUIRED)
+#    include_directories(${OpenCV_INCLUDE_DIRS})
+#    target_link_libraries(MY_TARGET_NAME ${OpenCV_LIBS})
+#
+#    Or you can search for specific OpenCV modules:
+#
+#    find_package(OpenCV REQUIRED core videoio)
+#
+#    If the module is found then OPENCV_<MODULE>_FOUND is set to TRUE.
+#
+#    This file will define the following variables:
+#      - OpenCV_LIBS                     : The list of all imported targets for OpenCV modules.
+#      - OpenCV_INCLUDE_DIRS             : The OpenCV include directories.
+#      - OpenCV_COMPUTE_CAPABILITIES     : The version of compute capability.
+#      - OpenCV_ANDROID_NATIVE_API_LEVEL : Minimum required level of Android API.
+#      - OpenCV_VERSION                  : The version of this OpenCV build: "@OPENCV_VERSION_PLAIN@"
+#      - OpenCV_VERSION_MAJOR            : Major version part of OpenCV_VERSION: "@OPENCV_VERSION_MAJOR@"
+#      - OpenCV_VERSION_MINOR            : Minor version part of OpenCV_VERSION: "@OPENCV_VERSION_MINOR@"
+#      - OpenCV_VERSION_PATCH            : Patch version part of OpenCV_VERSION: "@OPENCV_VERSION_PATCH@"
+#      - OpenCV_VERSION_STATUS           : Development status of this build: "@OPENCV_VERSION_STATUS@"
+#
+#    Advanced variables:
+#      - OpenCV_SHARED                   : Use OpenCV as shared library
+#      - OpenCV_CONFIG_PATH              : Path to this OpenCVConfig.cmake
+#      - OpenCV_INSTALL_PATH             : OpenCV location (not set on Windows)
+#      - OpenCV_LIB_COMPONENTS           : Present OpenCV modules list
+#      - OpenCV_USE_MANGLED_PATHS        : Mangled OpenCV path flag
+#      - OpenCV_MODULES_SUFFIX           : The suffix for OpenCVModules-XXX.cmake file
+#
+#    Deprecated variables:
+#      - OpenCV_VERSION_TWEAK            : Always "0"
+#
+# ===================================================================================
+
+# Search packages for host system instead of packages for target system.
+# in case of cross compilation thess macro should be defined by toolchain file
+
+if(NOT COMMAND find_host_package)
+    macro(find_host_package)
+        find_package(${ARGN})
+    endmacro()
+endif()
+
+if(NOT COMMAND find_host_program)
+    macro(find_host_program)
+        find_program(${ARGN})
+    endmacro()
+endif()
+
+if(NOT DEFINED OpenCV_MODULES_SUFFIX)
+  if(ANDROID)
+    string(REPLACE - _ OpenCV_MODULES_SUFFIX "_${ANDROID_NDK_ABI_NAME}")
+  else()
+    set(OpenCV_MODULES_SUFFIX "")
+  endif()
+endif()
+
+if("@USE_IPPICV@" STREQUAL "TRUE") # value is defined by package builder (use STREQUAL to comply new CMake policy CMP0012)
+  if(NOT TARGET ippicv)
+    if(EXISTS "${CMAKE_CURRENT_LIST_DIR}/@INSTALL_PATH_RELATIVE_IPPICV@")
+      add_library(ippicv STATIC IMPORTED)
+      set_target_properties(ippicv PROPERTIES
+        IMPORTED_LINK_INTERFACE_LIBRARIES ""
+        IMPORTED_LOCATION "${CMAKE_CURRENT_LIST_DIR}/@INSTALL_PATH_RELATIVE_IPPICV@"
+      )
+    endif()
+  endif()
+endif()
+
+if(NOT TARGET opencv_core)
+  # Extract directory name from full path of the file currently being processed.
+  # Note that CMake 2.8.3 introduced CMAKE_CURRENT_LIST_DIR. We reimplement it
+  # for older versions of CMake to support these as well.
+  if(CMAKE_VERSION VERSION_LESS "2.8.3")
+    get_filename_component(CMAKE_CURRENT_LIST_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH)
+  endif()
+
+  include(${CMAKE_CURRENT_LIST_DIR}/OpenCVModules${OpenCV_MODULES_SUFFIX}.cmake)
+endif()
+
+# TODO All things below should be reviewed. What is about of moving this code into related modules (special vars/hooks/files)
+
+# Version Compute Capability from which OpenCV has been compiled is remembered
+set(OpenCV_COMPUTE_CAPABILITIES @OpenCV_CUDA_CC_CONFIGCMAKE@)
+
+set(OpenCV_CUDA_VERSION @OpenCV_CUDA_VERSION@)
+set(OpenCV_USE_CUBLAS   @HAVE_CUBLAS@)
+set(OpenCV_USE_CUFFT    @HAVE_CUFFT@)
+set(OpenCV_USE_NVCUVID  @HAVE_NVCUVID@)
+
+# Android API level from which OpenCV has been compiled is remembered
+if(ANDROID)
+  set(OpenCV_ANDROID_NATIVE_API_LEVEL @OpenCV_ANDROID_NATIVE_API_LEVEL_CONFIGCMAKE@)
+else()
+  set(OpenCV_ANDROID_NATIVE_API_LEVEL 0)
+endif()
+
+# Some additional settings are required if OpenCV is built as static libs
+set(OpenCV_SHARED @BUILD_SHARED_LIBS@)
+
+# Enables mangled install paths, that help with side by side installs
+set(OpenCV_USE_MANGLED_PATHS @OpenCV_USE_MANGLED_PATHS_CONFIGCMAKE@)
+
+# Extract the directory where *this* file has been installed (determined at cmake run-time)
+get_filename_component(OpenCV_CONFIG_PATH "${CMAKE_CURRENT_LIST_FILE}" PATH CACHE)
+
+if(NOT WIN32 OR ANDROID)
+  if(ANDROID)
+    set(OpenCV_INSTALL_PATH "${OpenCV_CONFIG_PATH}/../../..")
+  else()
+    set(OpenCV_INSTALL_PATH "${OpenCV_CONFIG_PATH}/../..")
+  endif()
+  # Get the absolute path with no ../.. relative marks, to eliminate implicit linker warnings
+  if(${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION} VERSION_LESS 2.8)
+    get_filename_component(OpenCV_INSTALL_PATH "${OpenCV_INSTALL_PATH}" ABSOLUTE)
+  else()
+    get_filename_component(OpenCV_INSTALL_PATH "${OpenCV_INSTALL_PATH}" REALPATH)
+  endif()
+endif()
+
+# ======================================================
+# Include directories to add to the user project:
+# ======================================================
+
+# Provide the include directories to the caller
+set(OpenCV_INCLUDE_DIRS @OpenCV_INCLUDE_DIRS_CONFIGCMAKE@)
+
+# ======================================================
+# Link directories to add to the user project:
+# ======================================================
+
+# Provide the libs directories to the caller
+set(OpenCV_LIB_DIR_OPT @OpenCV_LIB_DIRS_CONFIGCMAKE@ CACHE PATH "Path where release OpenCV libraries are located")
+set(OpenCV_LIB_DIR_DBG @OpenCV_LIB_DIRS_CONFIGCMAKE@ CACHE PATH "Path where debug OpenCV libraries are located")
+set(OpenCV_3RDPARTY_LIB_DIR_OPT @OpenCV_3RDPARTY_LIB_DIRS_CONFIGCMAKE@ CACHE PATH "Path where release 3rdparty OpenCV dependencies are located")
+set(OpenCV_3RDPARTY_LIB_DIR_DBG @OpenCV_3RDPARTY_LIB_DIRS_CONFIGCMAKE@ CACHE PATH "Path where debug 3rdparty OpenCV dependencies are located")
+mark_as_advanced(FORCE OpenCV_LIB_DIR_OPT OpenCV_LIB_DIR_DBG OpenCV_3RDPARTY_LIB_DIR_OPT OpenCV_3RDPARTY_LIB_DIR_DBG OpenCV_CONFIG_PATH)
+
+# ======================================================
+#  Version variables:
+# ======================================================
+SET(OpenCV_VERSION @OPENCV_VERSION_PLAIN@)
+SET(OpenCV_VERSION_MAJOR  @OPENCV_VERSION_MAJOR@)
+SET(OpenCV_VERSION_MINOR  @OPENCV_VERSION_MINOR@)
+SET(OpenCV_VERSION_PATCH  @OPENCV_VERSION_PATCH@)
+SET(OpenCV_VERSION_TWEAK  0)
+SET(OpenCV_VERSION_STATUS "@OPENCV_VERSION_STATUS@")
+
+# ====================================================================
+# Link libraries: e.g. opencv_core;opencv_imgproc; etc...
+# ====================================================================
+
+SET(OpenCV_LIB_COMPONENTS @OPENCV_MODULES_CONFIGCMAKE@)
+SET(OpenCV_WORLD_COMPONENTS @OPENCV_WORLD_MODULES@)
+
+# ==============================================================
+#  Extra include directories, needed by OpenCV 2 new structure
+# ==============================================================
+SET(OpenCV2_INCLUDE_DIRS @OpenCV2_INCLUDE_DIRS_CONFIGCMAKE@)
+if(OpenCV2_INCLUDE_DIRS)
+  list(APPEND OpenCV_INCLUDE_DIRS ${OpenCV2_INCLUDE_DIRS})
+
+  set(OpenCV_ADD_DEBUG_RELEASE @OpenCV_ADD_DEBUG_RELEASE_CONFIGCMAKE@)
+  if(OpenCV_ADD_DEBUG_RELEASE)
+    set(OpenCV_LIB_DIR_OPT "${OpenCV_LIB_DIR_OPT}/Release")
+    set(OpenCV_LIB_DIR_DBG "${OpenCV_LIB_DIR_DBG}/Debug")
+    set(OpenCV_3RDPARTY_LIB_DIR_OPT "${OpenCV_3RDPARTY_LIB_DIR_OPT}/Release")
+    set(OpenCV_3RDPARTY_LIB_DIR_DBG "${OpenCV_3RDPARTY_LIB_DIR_DBG}/Debug")
+  endif()
+endif()
+
+# ==============================================================
+#  Check OpenCV availability
+# ==============================================================
+if(ANDROID AND OpenCV_ANDROID_NATIVE_API_LEVEL GREATER ANDROID_NATIVE_API_LEVEL)
+  message(FATAL_ERROR "Minimum required by OpenCV API level is android-${OpenCV_ANDROID_NATIVE_API_LEVEL}")
+  #always FATAL_ERROR because we can't say to the caller that OpenCV is not found
+  #http://www.mail-archive.com/cmake@cmake.org/msg37831.html
+  if(OpenCV_FIND_REQUIRED)
+    message(FATAL_ERROR "Minimum required by OpenCV API level is android-${OpenCV_ANDROID_NATIVE_API_LEVEL}")
+  elseif(NOT OpenCV_FIND_QUIETLY)
+    message(WARNING "Minimum required by OpenCV API level is android-${OpenCV_ANDROID_NATIVE_API_LEVEL}")
+  endif()
+  set(OpenCV_FOUND "OpenCV_FOUND-NOTFOUND")
+  return()#Android toolchain requires CMake > 2.6
+endif()
+
+# ==============================================================
+#  Form list of modules (components) to find
+# ==============================================================
+if(NOT OpenCV_FIND_COMPONENTS)
+  set(OpenCV_FIND_COMPONENTS ${OpenCV_LIB_COMPONENTS})
+  list(REMOVE_ITEM OpenCV_FIND_COMPONENTS opencv_java)
+  if(GTest_FOUND OR GTEST_FOUND)
+    list(REMOVE_ITEM OpenCV_FIND_COMPONENTS opencv_ts)
+  endif()
+endif()
+
+# expand short module names and see if requested components exist
+set(OpenCV_FIND_COMPONENTS_ "")
+foreach(__cvcomponent ${OpenCV_FIND_COMPONENTS})
+  if(NOT __cvcomponent MATCHES "^opencv_")
+    set(__cvcomponent opencv_${__cvcomponent})
+  endif()
+  list(FIND OpenCV_LIB_COMPONENTS ${__cvcomponent} __cvcomponentIdx)
+  if(__cvcomponentIdx LESS 0)
+    #requested component is not found...
+    if(OpenCV_FIND_REQUIRED)
+      message(FATAL_ERROR "${__cvcomponent} is required but was not found")
+    elseif(NOT OpenCV_FIND_QUIETLY)
+      message(WARNING "${__cvcomponent} is required but was not found")
+    endif()
+    #indicate that module is NOT found
+    string(TOUPPER "${__cvcomponent}" __cvcomponentUP)
+    set(${__cvcomponentUP}_FOUND "${__cvcomponentUP}_FOUND-NOTFOUND")
+  else()
+    list(APPEND OpenCV_FIND_COMPONENTS_ ${__cvcomponent})
+    # Not using list(APPEND) here, because OpenCV_LIBS may not exist yet.
+    # Also not clearing OpenCV_LIBS anywhere, so that multiple calls
+    # to find_package(OpenCV) with different component lists add up.
+    set(OpenCV_LIBS ${OpenCV_LIBS} "${__cvcomponent}")
+    #indicate that module is found
+    string(TOUPPER "${__cvcomponent}" __cvcomponentUP)
+    set(${__cvcomponentUP}_FOUND 1)
+  endif()
+  if(OpenCV_SHARED AND ";${OpenCV_WORLD_COMPONENTS};" MATCHES ";${__cvcomponent};" AND NOT TARGET ${__cvcomponent})
+    get_target_property(__implib_dbg opencv_world IMPORTED_IMPLIB_DEBUG)
+    get_target_property(__implib_release opencv_world  IMPORTED_IMPLIB_RELEASE)
+    get_target_property(__location_dbg opencv_world IMPORTED_LOCATION_DEBUG)
+    get_target_property(__location_release opencv_world  IMPORTED_LOCATION_RELEASE)
+    add_library(${__cvcomponent} SHARED IMPORTED)
+    if(__location_dbg)
+      set_property(TARGET ${__cvcomponent} APPEND PROPERTY IMPORTED_CONFIGURATIONS DEBUG)
+      set_target_properties(${__cvcomponent} PROPERTIES
+        IMPORTED_IMPLIB_DEBUG "${__implib_dbg}"
+        IMPORTED_LINK_INTERFACE_LIBRARIES_DEBUG ""
+        IMPORTED_LOCATION_DEBUG "${__location_dbg}"
+      )
+    endif()
+    if(__location_release)
+      set_property(TARGET ${__cvcomponent} APPEND PROPERTY IMPORTED_CONFIGURATIONS RELEASE)
+      set_target_properties(${__cvcomponent} PROPERTIES
+        IMPORTED_IMPLIB_RELEASE "${__implib_release}"
+        IMPORTED_LINK_INTERFACE_LIBRARIES_RELEASE ""
+        IMPORTED_LOCATION_RELEASE "${__location_release}"
+      )
+    endif()
+  endif()
+endforeach()
+set(OpenCV_FIND_COMPONENTS ${OpenCV_FIND_COMPONENTS_})
+
+# ==============================================================
+#  Resolve dependencies
+# ==============================================================
+if(OpenCV_USE_MANGLED_PATHS)
+  set(OpenCV_LIB_SUFFIX ".${OpenCV_VERSION_MAJOR}.${OpenCV_VERSION_MINOR}.${OpenCV_VERSION_PATCH}")
+else()
+  set(OpenCV_LIB_SUFFIX "")
+endif()
+
+foreach(__opttype OPT DBG)
+  SET(OpenCV_LIBS_${__opttype} "${OpenCV_LIBS}")
+  SET(OpenCV_EXTRA_LIBS_${__opttype} "")
+
+  # CUDA
+  if(OpenCV_CUDA_VERSION)
+    if(NOT CUDA_FOUND)
+      find_host_package(CUDA ${OpenCV_CUDA_VERSION} EXACT REQUIRED)
+    else()
+      if(NOT CUDA_VERSION_STRING VERSION_EQUAL OpenCV_CUDA_VERSION)
+        message(FATAL_ERROR "OpenCV static library was compiled with CUDA ${OpenCV_CUDA_VERSION} support. Please, use the same version or rebuild OpenCV with CUDA ${CUDA_VERSION_STRING}")
+      endif()
+    endif()
+
+    set(OpenCV_CUDA_LIBS_ABSPATH ${CUDA_LIBRARIES})
+
+    if(${CUDA_VERSION} VERSION_LESS "5.5")
+      list(APPEND OpenCV_CUDA_LIBS_ABSPATH ${CUDA_npp_LIBRARY})
+    else()
+      find_cuda_helper_libs(nppc)
+      find_cuda_helper_libs(nppi)
+      find_cuda_helper_libs(npps)
+      list(APPEND OpenCV_CUDA_LIBS_ABSPATH ${CUDA_nppc_LIBRARY} ${CUDA_nppi_LIBRARY} ${CUDA_npps_LIBRARY})
+    endif()
+
+    if(OpenCV_USE_CUBLAS)
+      list(APPEND OpenCV_CUDA_LIBS_ABSPATH ${CUDA_CUBLAS_LIBRARIES})
+    endif()
+
+    if(OpenCV_USE_CUFFT)
+      list(APPEND OpenCV_CUDA_LIBS_ABSPATH ${CUDA_CUFFT_LIBRARIES})
+    endif()
+
+    if(OpenCV_USE_NVCUVID)
+      list(APPEND OpenCV_CUDA_LIBS_ABSPATH ${CUDA_nvcuvid_LIBRARIES})
+    endif()
+
+    if(WIN32)
+      list(APPEND OpenCV_CUDA_LIBS_ABSPATH ${CUDA_nvcuvenc_LIBRARIES})
+    endif()
+
+    set(OpenCV_CUDA_LIBS_RELPATH "")
+    foreach(l ${OpenCV_CUDA_LIBS_ABSPATH})
+      get_filename_component(_tmp ${l} PATH)
+      if(NOT ${_tmp} MATCHES "-Wl.*")
+          list(APPEND OpenCV_CUDA_LIBS_RELPATH ${_tmp})
+      endif()
+    endforeach()
+
+    list(REMOVE_DUPLICATES OpenCV_CUDA_LIBS_RELPATH)
+    link_directories(${OpenCV_CUDA_LIBS_RELPATH})
+  endif()
+endforeach()
+
+# ==============================================================
+# Compatibility stuff
+# ==============================================================
+if(CMAKE_BUILD_TYPE MATCHES "Debug")
+  SET(OpenCV_LIB_DIR ${OpenCV_LIB_DIR_DBG} ${OpenCV_3RDPARTY_LIB_DIR_DBG})
+else()
+  SET(OpenCV_LIB_DIR ${OpenCV_LIB_DIR_OPT} ${OpenCV_3RDPARTY_LIB_DIR_OPT})
+endif()
+set(OpenCV_LIBRARIES ${OpenCV_LIBS})
+
+if(CMAKE_CROSSCOMPILING AND OpenCV_SHARED AND (CMAKE_SYSTEM_NAME MATCHES "Linux"))
+  foreach(dir ${OpenCV_LIB_DIR})
+    set(CMAKE_EXE_LINKER_FLAGS    "${CMAKE_EXE_LINKER_FLAGS}    -Wl,-rpath-link,${dir}")
+    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-rpath-link,${dir}")
+    set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,-rpath-link,${dir}")
+  endforeach()
+endif()
+
+
+
+#
+# Some macroses for samples
+#
+macro(ocv_check_dependencies)
+  set(OCV_DEPENDENCIES_FOUND TRUE)
+  foreach(d ${ARGN})
+    if(NOT TARGET ${d})
+      message(WARNING "OpenCV: Can't resolve dependency: ${d}")
+      set(OCV_DEPENDENCIES_FOUND FALSE)
+      break()
+    endif()
+  endforeach()
+endmacro()
+
+# adds include directories in such way that directories from the OpenCV source tree go first
+function(ocv_include_directories)
+  set(__add_before "")
+  file(TO_CMAKE_PATH "${OpenCV_DIR}" __baseDir)
+  foreach(dir ${ARGN})
+    get_filename_component(__abs_dir "${dir}" ABSOLUTE)
+    if("${__abs_dir}" MATCHES "^${__baseDir}")
+      list(APPEND __add_before "${dir}")
+    else()
+      include_directories(AFTER SYSTEM "${dir}")
+    endif()
+  endforeach()
+  include_directories(BEFORE ${__add_before})
+endfunction()
+
+macro(ocv_include_modules)
+  include_directories(BEFORE "${OpenCV_INCLUDE_DIRS}")
+endmacro()
+
+macro(ocv_include_modules_recurse)
+  include_directories(BEFORE "${OpenCV_INCLUDE_DIRS}")
+endmacro()
+
+macro(ocv_target_link_libraries)
+  target_link_libraries(${ARGN})
+endmacro()
+
+# remove all matching elements from the list
+macro(ocv_list_filterout lst regex)
+  foreach(item ${${lst}})
+    if(item MATCHES "${regex}")
+      list(REMOVE_ITEM ${lst} "${item}")
+    endif()
+  endforeach()
+endmacro()
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/cmake_uninstall.cmake.in b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/cmake_uninstall.cmake.in
new file mode 100644
index 000000000..0e63d705c
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/cmake_uninstall.cmake.in
@@ -0,0 +1,25 @@
+# -----------------------------------------------
+# File that provides "make uninstall" target
+#  We use the file 'install_manifest.txt'
+# -----------------------------------------------
+IF(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
+  MESSAGE(FATAL_ERROR "Cannot find install manifest: \"@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt\"")
+ENDIF(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
+
+FILE(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files)
+STRING(REGEX REPLACE "\n" ";" files "${files}")
+FOREACH(file ${files})
+  MESSAGE(STATUS "Uninstalling \"$ENV{DESTDIR}${file}\"")
+  IF(EXISTS "$ENV{DESTDIR}${file}")
+    EXEC_PROGRAM(
+      "@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\""
+      OUTPUT_VARIABLE rm_out
+      RETURN_VALUE rm_retval
+      )
+    IF(NOT "${rm_retval}" STREQUAL 0)
+      MESSAGE(FATAL_ERROR "Problem when removing \"$ENV{DESTDIR}${file}\"")
+    ENDIF(NOT "${rm_retval}" STREQUAL 0)
+  ELSE(EXISTS "$ENV{DESTDIR}${file}")
+    MESSAGE(STATUS "File \"$ENV{DESTDIR}${file}\" does not exist.")
+  ENDIF(EXISTS "$ENV{DESTDIR}${file}")
+ENDFOREACH(file)
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/cvconfig.h.in b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/cvconfig.h.in
new file mode 100644
index 000000000..4a1d1c632
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/cvconfig.h.in
@@ -0,0 +1,183 @@
+/* OpenCV compiled as static or dynamic libs */
+#cmakedefine BUILD_SHARED_LIBS
+
+/* Compile for 'real' NVIDIA GPU architectures */
+#define CUDA_ARCH_BIN "${OPENCV_CUDA_ARCH_BIN}"
+
+/* Create PTX or BIN for 1.0 compute capability */
+#cmakedefine CUDA_ARCH_BIN_OR_PTX_10
+
+/* NVIDIA GPU features are used */
+#define CUDA_ARCH_FEATURES "${OPENCV_CUDA_ARCH_FEATURES}"
+
+/* Compile for 'virtual' NVIDIA PTX architectures */
+#define CUDA_ARCH_PTX "${OPENCV_CUDA_ARCH_PTX}"
+
+/* AVFoundation video libraries */
+#cmakedefine HAVE_AVFOUNDATION
+
+/* V4L capturing support */
+#cmakedefine HAVE_CAMV4L
+
+/* V4L2 capturing support */
+#cmakedefine HAVE_CAMV4L2
+
+/* Carbon windowing environment */
+#cmakedefine HAVE_CARBON
+
+/* AMD's Basic Linear Algebra Subprograms Library*/
+#cmakedefine HAVE_CLAMDBLAS
+
+/* AMD's OpenCL Fast Fourier Transform Library*/
+#cmakedefine HAVE_CLAMDFFT
+
+/* Clp support */
+#cmakedefine HAVE_CLP
+
+/* Cocoa API */
+#cmakedefine HAVE_COCOA
+
+/* C= */
+#cmakedefine HAVE_CSTRIPES
+
+/* NVidia Cuda Basic Linear Algebra Subprograms (BLAS) API*/
+#cmakedefine HAVE_CUBLAS
+
+/* NVidia Cuda Runtime API*/
+#cmakedefine HAVE_CUDA
+
+/* NVidia Cuda Fast Fourier Transform (FFT) API*/
+#cmakedefine HAVE_CUFFT
+
+/* IEEE1394 capturing support */
+#cmakedefine HAVE_DC1394
+
+/* IEEE1394 capturing support - libdc1394 v2.x */
+#cmakedefine HAVE_DC1394_2
+
+/* DirectX */
+#cmakedefine HAVE_DIRECTX
+#cmakedefine HAVE_D3D11
+#cmakedefine HAVE_D3D10
+#cmakedefine HAVE_D3D9
+
+/* DirectShow Video Capture library */
+#cmakedefine HAVE_DSHOW
+
+/* Eigen Matrix & Linear Algebra Library */
+#cmakedefine HAVE_EIGEN
+
+/* FFMpeg video library */
+#cmakedefine HAVE_FFMPEG
+
+/* ffmpeg's libswscale */
+#cmakedefine HAVE_FFMPEG_SWSCALE
+
+/* ffmpeg in Gentoo */
+#cmakedefine HAVE_GENTOO_FFMPEG
+
+/* Geospatial Data Abstraction Library */
+#cmakedefine HAVE_GDAL
+
+/* GStreamer multimedia framework */
+#cmakedefine HAVE_GSTREAMER
+
+/* GTK+ 2.0 Thread support */
+#cmakedefine HAVE_GTHREAD
+
+/* GTK+ 2.x toolkit */
+#cmakedefine HAVE_GTK
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#cmakedefine HAVE_INTTYPES_H 1
+
+/* Intel Perceptual Computing SDK library */
+#cmakedefine HAVE_INTELPERC
+
+/* Intel Integrated Performance Primitives */
+#cmakedefine HAVE_IPP
+#cmakedefine HAVE_IPP_ICV_ONLY
+
+/* Intel IPP Async */
+#cmakedefine HAVE_IPP_A
+
+/* JPEG-2000 codec */
+#cmakedefine HAVE_JASPER
+
+/* IJG JPEG codec */
+#cmakedefine HAVE_JPEG
+
+/* libpng/png.h needs to be included */
+#cmakedefine HAVE_LIBPNG_PNG_H
+
+/* V4L/V4L2 capturing support via libv4l */
+#cmakedefine HAVE_LIBV4L
+
+/* Microsoft Media Foundation Capture library */
+#cmakedefine HAVE_MSMF
+
+/* NVidia Video Decoding API*/
+#cmakedefine HAVE_NVCUVID
+
+/* OpenCL Support */
+#cmakedefine HAVE_OPENCL
+#cmakedefine HAVE_OPENCL_STATIC
+#cmakedefine HAVE_OPENCL_SVM
+
+/* OpenEXR codec */
+#cmakedefine HAVE_OPENEXR
+
+/* OpenGL support*/
+#cmakedefine HAVE_OPENGL
+
+/* OpenNI library */
+#cmakedefine HAVE_OPENNI
+
+/* OpenNI library */
+#cmakedefine HAVE_OPENNI2
+
+/* PNG codec */
+#cmakedefine HAVE_PNG
+
+/* Qt support */
+#cmakedefine HAVE_QT
+
+/* Qt OpenGL support */
+#cmakedefine HAVE_QT_OPENGL
+
+/* QuickTime video libraries */
+#cmakedefine HAVE_QUICKTIME
+
+/* QTKit video libraries */
+#cmakedefine HAVE_QTKIT
+
+/* Intel Threading Building Blocks */
+#cmakedefine HAVE_TBB
+
+/* TIFF codec */
+#cmakedefine HAVE_TIFF
+
+/* Unicap video capture library */
+#cmakedefine HAVE_UNICAP
+
+/* Video for Windows support */
+#cmakedefine HAVE_VFW
+
+/* V4L2 capturing support in videoio.h */
+#cmakedefine HAVE_VIDEOIO
+
+/* Win32 UI */
+#cmakedefine HAVE_WIN32UI
+
+/* XIMEA camera support */
+#cmakedefine HAVE_XIMEA
+
+/* Xine video library */
+#cmakedefine HAVE_XINE
+
+/* Define if your processor stores words with the most significant byte
+   first (like Motorola and SPARC, unlike Intel and VAX). */
+#cmakedefine WORDS_BIGENDIAN
+
+/* gPhoto2 library */
+#cmakedefine HAVE_GPHOTO2
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv-XXX.pc.in b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv-XXX.pc.in
new file mode 100644
index 000000000..04d675af1
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv-XXX.pc.in
@@ -0,0 +1,14 @@
+# Package Information for pkg-config
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir_old=@includedir@/opencv
+includedir_new=@includedir@
+
+Name: OpenCV
+Description: Open Source Computer Vision Library
+Version: @OPENCV_VERSION_PLAIN@
+Libs: @OPENCV_PC_LIBS@
+Libs.private: @OPENCV_PC_LIBS_PRIVATE@
+Cflags: -I${includedir_old} -I${includedir_new}
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_abi.xml.in b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_abi.xml.in
new file mode 100644
index 000000000..292d9b491
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_abi.xml.in
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+
+    This file is auto-generated
+
+-->
+
+<descriptor>
+
+<version>
+    @OPENCV_ABI_VERSION@
+</version>
+
+<headers>
+    @OPENCV_ABI_HEADERS@
+</headers>
+
+<libs>
+    @OPENCV_ABI_LIBRARIES@
+</libs>
+
+<skip_headers>
+    opencv2/hal/intrin*
+    opencv2/core/cuda*
+    opencv2/core/private*
+    opencv/cxeigen.hpp
+    opencv2/core/eigen.hpp
+    opencv2/flann/hdf5.h
+    opencv2/imgcodecs/ios.h
+    opencv2/videoio/cap_ios.h
+    opencv2/ts.hpp
+    opencv2/ts/*
+    opencv2/xobjdetect/private.hpp
+    @OPENCV_ABI_SKIP_HEADERS@
+</skip_headers>
+
+<skip_libs>
+    @OPENCV_ABI_SKIP_LIBRARIES@
+</skip_libs>
+
+<gcc_options>
+ @OPENCV_ABI_GCC_OPTIONS@
+</gcc_options>
+
+</descriptor>
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_modules.hpp.in b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_modules.hpp.in
new file mode 100644
index 000000000..149871502
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_modules.hpp.in
@@ -0,0 +1,9 @@
+/*
+ *      ** File generated automatically, do not modify **
+ *
+ * This file defines the list of modules available in current build configuration
+ *
+ *
+*/
+
+@OPENCV_MODULE_DEFINITIONS_CONFIGMAKE@
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_run_all_tests_android.sh.in b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_run_all_tests_android.sh.in
new file mode 100644
index 000000000..93373fa96
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_run_all_tests_android.sh.in
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+BASE_DIR=`dirname $0`
+OPENCV_TEST_PATH=$BASE_DIR/@TEST_PATH@
+OPENCV_TEST_DATA_PATH=$BASE_DIR/sdk/etc/testdata/
+
+if [ $# -ne 1 ]; then
+  echo "Device architecture is not preset in command line"
+  echo "Tests are available for architectures: `ls -m ${OPENCV_TEST_PATH}`"
+  echo "Usage: $0 <target_device_arch>"
+  return 1
+else
+  TARGET_ARCH=$1
+fi
+
+if [ -z `which adb` ]; then
+  echo "adb command was not found in PATH"
+  return 1
+fi
+
+adb push $OPENCV_TEST_DATA_PATH /sdcard/opencv_testdata
+
+adb shell "mkdir -p /data/local/tmp/opencv_test"
+SUMMARY_STATUS=0
+for t in "$OPENCV_TEST_PATH/$TARGET_ARCH/"opencv_test_* "$OPENCV_TEST_PATH/$TARGET_ARCH/"opencv_perf_*;
+do
+  test_name=`basename "$t"`
+  report="$test_name-`date --rfc-3339=date`.xml"
+  adb push $t /data/local/tmp/opencv_test/
+  adb shell "export OPENCV_TEST_DATA_PATH=/sdcard/opencv_testdata && /data/local/tmp/opencv_test/$test_name --perf_min_samples=1 --perf_force_samples=1 --gtest_output=xml:/data/local/tmp/opencv_test/$report"
+  adb pull "/data/local/tmp/opencv_test/$report" $report
+  TEST_STATUS=0
+  if [ -e $report ]; then
+    if [ `grep -c "<fail" $report` -ne 0 ]; then
+      TEST_STATUS=2
+    fi
+  else
+    TEST_STATUS=3
+  fi
+  if [ $TEST_STATUS -ne 0 ]; then
+    SUMMARY_STATUS=$TEST_STATUS
+  fi
+done
+
+if [ $SUMMARY_STATUS -eq 0 ]; then
+  echo "All OpenCV tests finished successfully"
+else
+  echo "OpenCV tests finished with status $SUMMARY_STATUS"
+fi
+
+return $SUMMARY_STATUS
\ No newline at end of file
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_run_all_tests_unix.sh.in b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_run_all_tests_unix.sh.in
new file mode 100644
index 000000000..7b946af13
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_run_all_tests_unix.sh.in
@@ -0,0 +1,142 @@
+#!/bin/bash
+
+# Usage info
+
+usage()
+{
+cat << EOF
+usage: $0 [options]
+
+This script runs the OpenCV tests on linux device.
+
+OPTIONS:
+   -h           Show this message
+   -c           Color output
+EOF
+}
+
+# Parse options
+
+COLOR_OUTPUT=0
+while getopts “hc” OPTION
+do
+    case $OPTION in
+        h)
+            usage
+            exit 0
+            ;;
+        c)
+            COLOR_OUTPUT=1
+            ;;
+        ?)
+            usage
+            exit 1
+            ;;
+    esac
+done
+
+# Text style
+
+if [ $COLOR_OUTPUT -eq 1 ]; then
+    TEXT_RED="$(tput setaf 1)"
+    TEXT_GREEN="$(tput setaf 2)"
+    TEXT_CYAN="$(tput setaf 6)"
+    TEXT_RESET="$(tput sgr0)"
+else
+    TEXT_RED=""
+    TEXT_GREEN=""
+    TEXT_CYAN=""
+    TEXT_RESET=""
+fi
+
+# Test binaries and data paths
+
+OPENCV_TEST_PATH=@CMAKE_INSTALL_PREFIX@/@OPENCV_TEST_INSTALL_PATH@
+OPENCV_PYTHON_TESTS=@OPENCV_PYTHON_TESTS_LIST@
+export OPENCV_TEST_DATA_PATH=@CMAKE_INSTALL_PREFIX@/share/OpenCV/testdata
+
+# Run tests
+
+SUMMARY_STATUS=0
+FAILED_TESTS=""
+PASSED_TESTS=""
+
+for t in "$OPENCV_TEST_PATH/"opencv_test_* "$OPENCV_TEST_PATH/"opencv_perf_*;
+do
+    test_name=`basename "$t"`
+    report="$test_name-`date --rfc-3339=date`.xml"
+
+    cmd="$t --perf_min_samples=1 --perf_force_samples=1 --gtest_output=xml:\"$report\""
+
+    seg_reg="s/^/${TEXT_CYAN}[$test_name]${TEXT_RESET} /"                     # append test name
+    if [ $COLOR_OUTPUT -eq 1 ]; then
+        seg_reg="${seg_reg};s/\[==========\]/${TEXT_GREEN}&${TEXT_RESET}/g"   # green for [==========]
+        seg_reg="${seg_reg};s/\[----------\]/${TEXT_GREEN}&${TEXT_RESET}/g"   # green for [----------]
+        seg_reg="${seg_reg};s/\[ RUN      \]/${TEXT_GREEN}&${TEXT_RESET}/g"   # green for [ RUN      ]
+        seg_reg="${seg_reg};s/\[       OK \]/${TEXT_GREEN}&${TEXT_RESET}/g"   # green for [       OK ]
+        seg_reg="${seg_reg};s/\[  FAILED  \]/${TEXT_RED}&${TEXT_RESET}/g"     # red   for [  FAILED  ]
+        seg_reg="${seg_reg};s/\[  PASSED  \]/${TEXT_GREEN}&${TEXT_RESET}/g"   # green for [  PASSED  ]
+    fi
+
+    echo "${TEXT_CYAN}[$test_name]${TEXT_RESET} RUN : $cmd"
+    $cmd | sed -r "$seg_reg"
+    ret=${PIPESTATUS[0]}
+    echo "${TEXT_CYAN}[$test_name]${TEXT_RESET} RETURN_CODE : $ret"
+
+    if [ $ret -ne 0 ]; then
+        echo "${TEXT_CYAN}[$test_name]${TEXT_RESET} ${TEXT_RED}FAILED${TEXT_RESET}"
+        SUMMARY_STATUS=1
+        FAILED_TESTS="$FAILED_TESTS $test_name"
+    else
+        echo "${TEXT_CYAN}[$test_name]${TEXT_RESET} ${TEXT_GREEN}OK${TEXT_RESET}"
+        PASSED_TESTS="$PASSED_TESTS $test_name"
+    fi
+
+    echo ""
+done
+
+for t in $OPENCV_PYTHON_TESTS;
+do
+    test_name=`basename "$t"`
+    report="$test_name-`date --rfc-3339=date`.xml"
+
+    cmd="py.test --junitxml $report \"$OPENCV_TEST_PATH\"/$t"
+
+    seg_reg="s/^/${TEXT_CYAN}[$test_name]${TEXT_RESET} /"                 # append test name
+
+    echo "${TEXT_CYAN}[$test_name]${TEXT_RESET} RUN : $cmd"
+    eval "$cmd" | sed -r "$seg_reg"
+
+    ret=${PIPESTATUS[0]}
+    echo "${TEXT_CYAN}[$test_name]${TEXT_RESET} RETURN_CODE : $ret"
+
+    if [ $ret -ne 0 ]; then
+        echo "${TEXT_CYAN}[$test_name]${TEXT_RESET} ${TEXT_RED}FAILED${TEXT_RESET}"
+        SUMMARY_STATUS=1
+        FAILED_TESTS="$FAILED_TESTS $test_name"
+    else
+        echo "${TEXT_CYAN}[$test_name]${TEXT_RESET} ${TEXT_GREEN}OK${TEXT_RESET}"
+        PASSED_TESTS="$PASSED_TESTS $test_name"
+    fi
+
+    echo ""
+done
+
+# Remove temporary test files
+
+rm -f /tmp/__opencv_temp.*
+
+# Report final status
+
+echo "${TEXT_CYAN}===============================================================${TEXT_RESET}"
+echo "${TEXT_CYAN}PASSED TESTS : $PASSED_TESTS${TEXT_RESET}"
+echo "${TEXT_CYAN}FAILED TESTS : $FAILED_TESTS${TEXT_RESET}"
+if [ $SUMMARY_STATUS -eq 0 ]; then
+    echo "${TEXT_GREEN}STATUS : OK${TEXT_RESET}"
+    echo "${TEXT_GREEN}STATUS : All OpenCV tests finished successfully${TEXT_RESET}"
+else
+    echo "${TEXT_RED}STATUS : FAIL${TEXT_RESET}"
+    echo "${TEXT_RED}STATUS : OpenCV tests finished with status $SUMMARY_STATUS${TEXT_RESET}"
+fi
+
+exit $SUMMARY_STATUS
diff --git a/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_run_all_tests_windows.cmd.in b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_run_all_tests_windows.cmd.in
new file mode 100644
index 000000000..42bb1432d
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/opencv/cmake/templates/opencv_run_all_tests_windows.cmd.in
@@ -0,0 +1,74 @@
+@echo OFF
+setlocal ENABLEDELAYEDEXPANSION
+
+rem Process command line
+
+rem This script is designed to allow situations when the tests are installed in
+rem a different directory from the library.
+
+set OPENCV_DIR=%~1
+
+if "%OPENCV_DIR%" == "" (
+	echo>&2 This script runs the OpenCV tests on Windows.
+	echo>&2
+    echo>&2 usage: %0 ^<OpenCV install directory^>
+	exit /B 1
+)
+
+if NOT EXIST "%OPENCV_DIR%" (
+    echo>&2 error: "%OPENCV_DIR%" doesn't exist
+)
+
+rem Set up paths
+
+set PATH=%OPENCV_DIR%\@OPENCV_BIN_INSTALL_PATH@;%PATH%
+set OPENCV_TEST_PATH=%~dp0
+set OPENCV_TEST_DATA_PATH=%OPENCV_TEST_PATH%\..\testdata
+
+rem Run tests
+
+set SUMMARY_STATUS=0
+set FAILED_TESTS=
+set PASSED_TESTS=
+
+for %%t IN ("%OPENCV_TEST_PATH%\opencv_test_*.exe" "%OPENCV_TEST_PATH%\opencv_perf_*.exe") DO (
+    set test_name=%%~nt
+    set report=!test_name!.xml
+
+    set cmd="%%t" --perf_min_samples=1 --perf_force_samples=1 "--gtest_output=xml:!report!"
+
+    echo [!test_name!] RUN : !cmd!
+    !cmd!
+    set ret=!errorlevel!
+    echo [!test_name!] RETURN_CODE : !ret!
+
+    if !ret! EQU 0 (
+        echo [!test_name!] OK
+        set PASSED_TESTS=!PASSED_TESTS! !test_name!
+    ) ELSE (
+        echo [!test_name!] FAILED
+        set SUMMARY_STATUS=1
+        set FAILED_TESTS=!FAILED_TESTS! !test_name!
+    )
+
+    echo.
+)
+
+rem Remove temporary test files
+
+del /F /Q "%TMP%\ocv*.tmp*"
+
+rem Report final status
+
+echo ===============================================================
+echo PASSED TESTS : %PASSED_TESTS%
+echo FAILED TESTS : %FAILED_TESTS%
+if %SUMMARY_STATUS% EQU 0 (
+    echo STATUS : OK
+    echo STATUS : All OpenCV tests finished successfully
+) ELSE (
+    echo STATUS : FAIL
+    echo STATUS : OpenCV tests finished with status %SUMMARY_STATUS%
+)
+
+exit /B %SUMMARY_STATUS%
diff --git a/dependency-check-core/src/test/resources/cmake/zlib/CMakeLists.txt b/dependency-check-core/src/test/resources/cmake/zlib/CMakeLists.txt
new file mode 100644
index 000000000..0c0247cc5
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/zlib/CMakeLists.txt
@@ -0,0 +1,249 @@
+cmake_minimum_required(VERSION 2.4.4)
+set(CMAKE_ALLOW_LOOSE_LOOP_CONSTRUCTS ON)
+
+project(zlib C)
+
+set(VERSION "1.2.8")
+
+option(ASM686 "Enable building i686 assembly implementation")
+option(AMD64 "Enable building amd64 assembly implementation")
+
+set(INSTALL_BIN_DIR "${CMAKE_INSTALL_PREFIX}/bin" CACHE PATH "Installation directory for executables")
+set(INSTALL_LIB_DIR "${CMAKE_INSTALL_PREFIX}/lib" CACHE PATH "Installation directory for libraries")
+set(INSTALL_INC_DIR "${CMAKE_INSTALL_PREFIX}/include" CACHE PATH "Installation directory for headers")
+set(INSTALL_MAN_DIR "${CMAKE_INSTALL_PREFIX}/share/man" CACHE PATH "Installation directory for manual pages")
+set(INSTALL_PKGCONFIG_DIR "${CMAKE_INSTALL_PREFIX}/share/pkgconfig" CACHE PATH "Installation directory for pkgconfig (.pc) files")
+
+include(CheckTypeSize)
+include(CheckFunctionExists)
+include(CheckIncludeFile)
+include(CheckCSourceCompiles)
+enable_testing()
+
+check_include_file(sys/types.h HAVE_SYS_TYPES_H)
+check_include_file(stdint.h    HAVE_STDINT_H)
+check_include_file(stddef.h    HAVE_STDDEF_H)
+
+#
+# Check to see if we have large file support
+#
+set(CMAKE_REQUIRED_DEFINITIONS -D_LARGEFILE64_SOURCE=1)
+# We add these other definitions here because CheckTypeSize.cmake
+# in CMake 2.4.x does not automatically do so and we want
+# compatibility with CMake 2.4.x.
+if(HAVE_SYS_TYPES_H)
+    list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_SYS_TYPES_H)
+endif()
+if(HAVE_STDINT_H)
+    list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_STDINT_H)
+endif()
+if(HAVE_STDDEF_H)
+    list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_STDDEF_H)
+endif()
+check_type_size(off64_t OFF64_T)
+if(HAVE_OFF64_T)
+   add_definitions(-D_LARGEFILE64_SOURCE=1)
+endif()
+set(CMAKE_REQUIRED_DEFINITIONS) # clear variable
+
+#
+# Check for fseeko
+#
+check_function_exists(fseeko HAVE_FSEEKO)
+if(NOT HAVE_FSEEKO)
+    add_definitions(-DNO_FSEEKO)
+endif()
+
+#
+# Check for unistd.h
+#
+check_include_file(unistd.h Z_HAVE_UNISTD_H)
+
+if(MSVC)
+    set(CMAKE_DEBUG_POSTFIX "d")
+    add_definitions(-D_CRT_SECURE_NO_DEPRECATE)
+    add_definitions(-D_CRT_NONSTDC_NO_DEPRECATE)
+    include_directories(${CMAKE_CURRENT_SOURCE_DIR})
+endif()
+
+if(NOT CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_CURRENT_BINARY_DIR)
+    # If we're doing an out of source build and the user has a zconf.h
+    # in their source tree...
+    if(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/zconf.h)
+        message(STATUS "Renaming")
+        message(STATUS "    ${CMAKE_CURRENT_SOURCE_DIR}/zconf.h")
+        message(STATUS "to 'zconf.h.included' because this file is included with zlib")
+        message(STATUS "but CMake generates it automatically in the build directory.")
+        file(RENAME ${CMAKE_CURRENT_SOURCE_DIR}/zconf.h ${CMAKE_CURRENT_SOURCE_DIR}/zconf.h.included)
+  endif()
+endif()
+
+set(ZLIB_PC ${CMAKE_CURRENT_BINARY_DIR}/zlib.pc)
+configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/zlib.pc.cmakein
+		${ZLIB_PC} @ONLY)
+configure_file(	${CMAKE_CURRENT_SOURCE_DIR}/zconf.h.cmakein
+		${CMAKE_CURRENT_BINARY_DIR}/zconf.h @ONLY)
+include_directories(${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_SOURCE_DIR})
+
+
+#============================================================================
+# zlib
+#============================================================================
+
+set(ZLIB_PUBLIC_HDRS
+    ${CMAKE_CURRENT_BINARY_DIR}/zconf.h
+    zlib.h
+)
+set(ZLIB_PRIVATE_HDRS
+    crc32.h
+    deflate.h
+    gzguts.h
+    inffast.h
+    inffixed.h
+    inflate.h
+    inftrees.h
+    trees.h
+    zutil.h
+)
+set(ZLIB_SRCS
+    adler32.c
+    compress.c
+    crc32.c
+    deflate.c
+    gzclose.c
+    gzlib.c
+    gzread.c
+    gzwrite.c
+    inflate.c
+    infback.c
+    inftrees.c
+    inffast.c
+    trees.c
+    uncompr.c
+    zutil.c
+)
+
+if(NOT MINGW)
+    set(ZLIB_DLL_SRCS
+        win32/zlib1.rc # If present will override custom build rule below.
+    )
+endif()
+
+if(CMAKE_COMPILER_IS_GNUCC)
+    if(ASM686)
+        set(ZLIB_ASMS contrib/asm686/match.S)
+    elseif (AMD64)
+        set(ZLIB_ASMS contrib/amd64/amd64-match.S)
+    endif ()
+
+	if(ZLIB_ASMS)
+		add_definitions(-DASMV)
+		set_source_files_properties(${ZLIB_ASMS} PROPERTIES LANGUAGE C COMPILE_FLAGS -DNO_UNDERLINE)
+	endif()
+endif()
+
+if(MSVC)
+    if(ASM686)
+		ENABLE_LANGUAGE(ASM_MASM)
+        set(ZLIB_ASMS
+			contrib/masmx86/inffas32.asm
+			contrib/masmx86/match686.asm
+		)
+    elseif (AMD64)
+		ENABLE_LANGUAGE(ASM_MASM)
+        set(ZLIB_ASMS
+			contrib/masmx64/gvmat64.asm
+			contrib/masmx64/inffasx64.asm
+		)
+    endif()
+
+	if(ZLIB_ASMS)
+		add_definitions(-DASMV -DASMINF)
+	endif()
+endif()
+
+# parse the full version number from zlib.h and include in ZLIB_FULL_VERSION
+file(READ ${CMAKE_CURRENT_SOURCE_DIR}/zlib.h _zlib_h_contents)
+string(REGEX REPLACE ".*#define[ \t]+ZLIB_VERSION[ \t]+\"([-0-9A-Za-z.]+)\".*"
+    "\\1" ZLIB_FULL_VERSION ${_zlib_h_contents})
+
+if(MINGW)
+    # This gets us DLL resource information when compiling on MinGW.
+    if(NOT CMAKE_RC_COMPILER)
+        set(CMAKE_RC_COMPILER windres.exe)
+    endif()
+
+    add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/zlib1rc.obj
+                       COMMAND ${CMAKE_RC_COMPILER}
+                            -D GCC_WINDRES
+                            -I ${CMAKE_CURRENT_SOURCE_DIR}
+                            -I ${CMAKE_CURRENT_BINARY_DIR}
+                            -o ${CMAKE_CURRENT_BINARY_DIR}/zlib1rc.obj
+                            -i ${CMAKE_CURRENT_SOURCE_DIR}/win32/zlib1.rc)
+    set(ZLIB_DLL_SRCS ${CMAKE_CURRENT_BINARY_DIR}/zlib1rc.obj)
+endif(MINGW)
+
+add_library(zlib SHARED ${ZLIB_SRCS} ${ZLIB_ASMS} ${ZLIB_DLL_SRCS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS})
+add_library(zlibstatic STATIC ${ZLIB_SRCS} ${ZLIB_ASMS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS})
+set_target_properties(zlib PROPERTIES DEFINE_SYMBOL ZLIB_DLL)
+set_target_properties(zlib PROPERTIES SOVERSION 1)
+
+if(NOT CYGWIN)
+    # This property causes shared libraries on Linux to have the full version
+    # encoded into their final filename.  We disable this on Cygwin because
+    # it causes cygz-${ZLIB_FULL_VERSION}.dll to be created when cygz.dll
+    # seems to be the default.
+    #
+    # This has no effect with MSVC, on that platform the version info for
+    # the DLL comes from the resource file win32/zlib1.rc
+    set_target_properties(zlib PROPERTIES VERSION ${ZLIB_FULL_VERSION})
+endif()
+
+if(UNIX)
+    # On unix-like platforms the library is almost always called libz
+   set_target_properties(zlib zlibstatic PROPERTIES OUTPUT_NAME z)
+   if(NOT APPLE)
+     set_target_properties(zlib PROPERTIES LINK_FLAGS "-Wl,--version-script,\"${CMAKE_CURRENT_SOURCE_DIR}/zlib.map\"")
+   endif()
+elseif(BUILD_SHARED_LIBS AND WIN32)
+    # Creates zlib1.dll when building shared library version
+    set_target_properties(zlib PROPERTIES SUFFIX "1.dll")
+endif()
+
+if(NOT SKIP_INSTALL_LIBRARIES AND NOT SKIP_INSTALL_ALL )
+    install(TARGETS zlib zlibstatic
+        RUNTIME DESTINATION "${INSTALL_BIN_DIR}"
+        ARCHIVE DESTINATION "${INSTALL_LIB_DIR}"
+        LIBRARY DESTINATION "${INSTALL_LIB_DIR}" )
+endif()
+if(NOT SKIP_INSTALL_HEADERS AND NOT SKIP_INSTALL_ALL )
+    install(FILES ${ZLIB_PUBLIC_HDRS} DESTINATION "${INSTALL_INC_DIR}")
+endif()
+if(NOT SKIP_INSTALL_FILES AND NOT SKIP_INSTALL_ALL )
+    install(FILES zlib.3 DESTINATION "${INSTALL_MAN_DIR}/man3")
+endif()
+if(NOT SKIP_INSTALL_FILES AND NOT SKIP_INSTALL_ALL )
+    install(FILES ${ZLIB_PC} DESTINATION "${INSTALL_PKGCONFIG_DIR}")
+endif()
+
+#============================================================================
+# Example binaries
+#============================================================================
+
+add_executable(example test/example.c)
+target_link_libraries(example zlib)
+add_test(example example)
+
+add_executable(minigzip test/minigzip.c)
+target_link_libraries(minigzip zlib)
+
+if(HAVE_OFF64_T)
+    add_executable(example64 test/example.c)
+    target_link_libraries(example64 zlib)
+    set_target_properties(example64 PROPERTIES COMPILE_FLAGS "-D_FILE_OFFSET_BITS=64")
+    add_test(example64 example64)
+
+    add_executable(minigzip64 test/minigzip.c)
+    target_link_libraries(minigzip64 zlib)
+    set_target_properties(minigzip64 PROPERTIES COMPILE_FLAGS "-D_FILE_OFFSET_BITS=64")
+endif()
diff --git a/dependency-check-core/src/test/resources/cmake/zlib/README b/dependency-check-core/src/test/resources/cmake/zlib/README
new file mode 100644
index 000000000..5ca9d127e
--- /dev/null
+++ b/dependency-check-core/src/test/resources/cmake/zlib/README
@@ -0,0 +1,115 @@
+ZLIB DATA COMPRESSION LIBRARY
+
+zlib 1.2.8 is a general purpose data compression library.  All the code is
+thread safe.  The data format used by the zlib library is described by RFCs
+(Request for Comments) 1950 to 1952 in the files
+http://tools.ietf.org/html/rfc1950 (zlib format), rfc1951 (deflate format) and
+rfc1952 (gzip format).
+
+All functions of the compression library are documented in the file zlib.h
+(volunteer to write man pages welcome, contact zlib@gzip.org).  A usage example
+of the library is given in the file test/example.c which also tests that
+the library is working correctly.  Another example is given in the file
+test/minigzip.c.  The compression library itself is composed of all source
+files in the root directory.
+
+To compile all files and run the test program, follow the instructions given at
+the top of Makefile.in.  In short "./configure; make test", and if that goes
+well, "make install" should work for most flavors of Unix.  For Windows, use
+one of the special makefiles in win32/ or contrib/vstudio/ .  For VMS, use
+make_vms.com.
+
+Questions about zlib should be sent to <zlib@gzip.org>, or to Gilles Vollant
+<info@winimage.com> for the Windows DLL version.  The zlib home page is
+http://zlib.net/ .  Before reporting a problem, please check this site to
+verify that you have the latest version of zlib; otherwise get the latest
+version and check whether the problem still exists or not.
+
+PLEASE read the zlib FAQ http://zlib.net/zlib_faq.html before asking for help.
+
+Mark Nelson <markn@ieee.org> wrote an article about zlib for the Jan.  1997
+issue of Dr.  Dobb's Journal; a copy of the article is available at
+http://marknelson.us/1997/01/01/zlib-engine/ .
+
+The changes made in version 1.2.8 are documented in the file ChangeLog.
+
+Unsupported third party contributions are provided in directory contrib/ .
+
+zlib is available in Java using the java.util.zip package, documented at
+http://java.sun.com/developer/technicalArticles/Programming/compression/ .
+
+A Perl interface to zlib written by Paul Marquess <pmqs@cpan.org> is available
+at CPAN (Comprehensive Perl Archive Network) sites, including
+http://search.cpan.org/~pmqs/IO-Compress-Zlib/ .
+
+A Python interface to zlib written by A.M. Kuchling <amk@amk.ca> is
+available in Python 1.5 and later versions, see
+http://docs.python.org/library/zlib.html .
+
+zlib is built into tcl: http://wiki.tcl.tk/4610 .
+
+An experimental package to read and write files in .zip format, written on top
+of zlib by Gilles Vollant <info@winimage.com>, is available in the
+contrib/minizip directory of zlib.
+
+
+Notes for some targets:
+
+- For Windows DLL versions, please see win32/DLL_FAQ.txt
+
+- For 64-bit Irix, deflate.c must be compiled without any optimization. With
+  -O, one libpng test fails. The test works in 32 bit mode (with the -n32
+  compiler flag). The compiler bug has been reported to SGI.
+
+- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1 it works
+  when compiled with cc.
+
+- On Digital Unix 4.0D (formely OSF/1) on AlphaServer, the cc option -std1 is
+  necessary to get gzprintf working correctly. This is done by configure.
+
+- zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works with
+  other compilers. Use "make test" to check your compiler.
+
+- gzdopen is not supported on RISCOS or BEOS.
+
+- For PalmOs, see http://palmzlib.sourceforge.net/
+
+
+Acknowledgments:
+
+  The deflate format used by zlib was defined by Phil Katz.  The deflate and
+  zlib specifications were written by L.  Peter Deutsch.  Thanks to all the
+  people who reported problems and suggested various improvements in zlib; they
+  are too numerous to cite here.
+
+Copyright notice:
+
+ (C) 1995-2013 Jean-loup Gailly and Mark Adler
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  jloup@gzip.org          madler@alumni.caltech.edu
+
+If you use the zlib library in a product, we would appreciate *not* receiving
+lengthy legal documents to sign.  The sources are provided for free but without
+warranty of any kind.  The library has been entirely written by Jean-loup
+Gailly and Mark Adler; it does not include third-party code.
+
+If you redistribute modified sources, we would appreciate that you include in
+the file ChangeLog history information documenting your changes.  Please read
+the FAQ for more information on the distribution of modified source versions.
diff --git a/dependency-check-core/src/test/resources/hibernate3.jar b/dependency-check-core/src/test/resources/hibernate3.jar
new file mode 100644
index 000000000..27894ef01
Binary files /dev/null and b/dependency-check-core/src/test/resources/hibernate3.jar differ
diff --git a/dependency-check-core/src/test/resources/nvdcve-2.0-2014.xml b/dependency-check-core/src/test/resources/nvdcve-2.0-2014.xml
new file mode 100644
index 000000000..9cca2bc49
--- /dev/null
+++ b/dependency-check-core/src/test/resources/nvdcve-2.0-2014.xml
@@ -0,0 +1,156821 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<nvd xmlns:patch="http://scap.nist.gov/schema/patch/0.1" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1" xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" nvd_xml_version="2.0" pub_date="2014-05-03T03:00:00" xsi:schemaLocation="http://scap.nist.gov/schema/patch/0.1 http://nvd.nist.gov/schema/patch_0.1.xsd http://scap.nist.gov/schema/scap-core/0.1 http://nvd.nist.gov/schema/scap-core_0.1.xsd http://scap.nist.gov/schema/feed/vulnerability/2.0 http://nvd.nist.gov/schema/nvd-cve-feed_2.0.xsd">
+  <entry id="CVE-2014-0001">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mariadb:mariadb:5.5.34"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:-</vuln:product>
+      <vuln:product>cpe:/a:mariadb:mariadb:5.5.34</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0001</vuln:cve-id>
+    <vuln:published-datetime>2014-01-31T18:55:04.503-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:17.220-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-03T11:10:48.857-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64" xml:lang="en">http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://mariadb.com/kb/en/mariadb-5535-changelog/" xml:lang="en">https://mariadb.com/kb/en/mariadb-5535-changelog/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1054592" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1054592</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102714" xml:lang="en">102714</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0189.html" xml:lang="en">RHSA-2014:0189</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0186.html" xml:lang="en">RHSA-2014:0186</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0173.html" xml:lang="en">RHSA-2014:0173</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0164.html" xml:lang="en">RHSA-2014:0164</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102713" xml:lang="en">102713</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0002">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.0.0:m3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.0.0:m2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.0.0:m1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.12.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:camel:2.10.2</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.12.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.0.0:m3</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.0.0:m1</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.3</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.4</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.5</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.12.2</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.11.3</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.11.2</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.7</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.6</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.6.3</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.6.4</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.0.0:m2</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.11.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.11.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0002</vuln:cve-id>
+    <vuln:published-datetime>2014-03-21T00:38:59.027-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:45:51.813-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T10:58:02.820-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65901" xml:lang="en">65901</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57719" xml:lang="en">57719</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57716" xml:lang="en">57716</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57125" xml:lang="en">57125</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0372.html" xml:lang="en">RHSA-2014:0372</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0371.html" xml:lang="en">RHSA-2014:0371</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc" xml:lang="en">http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0003">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.0.0:m3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.0.0:m2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.0.0:m1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:1.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:camel:2.12.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:camel:2.10.2</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.12.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.0.0:m3</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.0.0:m1</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.3</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.4</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.5</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.12.2</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.11.3</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.11.2</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.7</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.10.6</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.6.3</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.6.4</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.0.0:m2</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.11.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:camel:2.11.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0003</vuln:cve-id>
+    <vuln:published-datetime>2014-03-21T00:38:59.057-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:45:51.923-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T10:58:57.887-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65902" xml:lang="en">65902</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57719" xml:lang="en">57719</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57716" xml:lang="en">57716</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57125" xml:lang="en">57125</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0372.html" xml:lang="en">RHSA-2014:0372</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0371.html" xml:lang="en">RHSA-2014:0371</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0254.html" xml:lang="en">RHSA-2014:0254</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0245.html" xml:lang="en">RHSA-2014:0245</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc" xml:lang="en">http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0004">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:freedesktop:udisks:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:freedesktop:udisks:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freedesktop:udisks:2.0.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:freedesktop:udisks:2.0.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:freedesktop:udisks:2.0.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:freedesktop:udisks:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:freedesktop:udisks:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freedesktop:udisks:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:freedesktop:udisks:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:freedesktop:udisks:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freedesktop:udisks:1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:12.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:13.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:freedesktop:udisks:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:freedesktop:udisks:1.0</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:12.10</vuln:product>
+      <vuln:product>cpe:/a:freedesktop:udisks:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:freedesktop:udisks:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:freedesktop:udisks:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:freedesktop:udisks:2.0.92</vuln:product>
+      <vuln:product>cpe:/a:freedesktop:udisks:2.0.91</vuln:product>
+      <vuln:product>cpe:/a:freedesktop:udisks:2.0.90</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:12.04:-:lts</vuln:product>
+      <vuln:product>cpe:/a:freedesktop:udisks:2.1.0</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:13.10</vuln:product>
+      <vuln:product>cpe:/a:freedesktop:udisks:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:freedesktop:udisks:2.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0004</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T15:37:03.223-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:55:44.533-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T14:20:58.250-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html" xml:lang="en">[devkit-devel] 20140310 udisks 2.1.3 / 1.0.5 security updates</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2142-1" xml:lang="en">USN-2142-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2872" xml:lang="en">DSA-2872</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0293.html" xml:lang="en">RHSA-2014:0293</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html" xml:lang="en">openSUSE-SU-2014:0390</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html" xml:lang="en">openSUSE-SU-2014:0389</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html" xml:lang="en">openSUSE-SU-2014:0388</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0006">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:swift:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openstack:swift:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.7.0</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.7.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.4.7</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.4.8</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.11.0</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.4.6</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.10.0</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.9.0</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.9.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.9.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.7.6</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.7.4</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.7.5</vuln:product>
+      <vuln:product>cpe:/a:openstack:swift:1.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0006</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T20:55:04.007-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-08T00:12:30.730-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T13:31:05.777-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/17/5" xml:lang="en">[oss-security] 20140117 [OSSA 2014-002] Swift TempURL timing attack (CVE-2014-0006)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.launchpad.net/swift/+bug/1265665" xml:lang="en">https://bugs.launchpad.net/swift/+bug/1265665</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0232.html" xml:lang="en">RHSA-2014:0232</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0008">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0008</vuln:cve-id>
+    <vuln:published-datetime>2014-01-20T10:14:25.437-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:06.437-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-22T10:37:56.513-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://moodle.org/mod/forum/discuss.php?d=252414" xml:lang="en">https://moodle.org/mod/forum/discuss.php?d=252414</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-36721" xml:lang="en">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-36721</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029647" xml:lang="en">1029647</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/01/20/1" xml:lang="en">[oss-security] 20140120 Moodle security notifications public</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html" xml:lang="en">FEDORA-2014-1396</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html" xml:lang="en">FEDORA-2014-1377</vuln:reference>
+    </vuln:references>
+    <vuln:summary>lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0009">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0009</vuln:cve-id>
+    <vuln:published-datetime>2014-01-20T10:14:32.313-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:06.530-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-22T10:37:19.027-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://moodle.org/mod/forum/discuss.php?d=252415" xml:lang="en">https://moodle.org/mod/forum/discuss.php?d=252415</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-42643" xml:lang="en">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-42643</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029648" xml:lang="en">1029648</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/01/20/1" xml:lang="en">[oss-security] 20140120 Moodle security notifications public</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html" xml:lang="en">FEDORA-2014-1396</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html" xml:lang="en">FEDORA-2014-1377</vuln:reference>
+    </vuln:references>
+    <vuln:summary>course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0010">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0010</vuln:cve-id>
+    <vuln:published-datetime>2014-01-20T10:14:32.347-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:06.627-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-22T10:39:27.017-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://moodle.org/mod/forum/discuss.php?d=252416" xml:lang="en">https://moodle.org/mod/forum/discuss.php?d=252416</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-42883" xml:lang="en">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-42883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029649" xml:lang="en">1029649</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/01/20/1" xml:lang="en">[oss-security] 20140120 Moodle security notifications public</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html" xml:lang="en">FEDORA-2014-1396</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html" xml:lang="en">FEDORA-2014-1377</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0015">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.33.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.34.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.30.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.31.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.32.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.23.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.25.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.28.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.29.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.18.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.10.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.30.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.31.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.32.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.33.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.34.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.28.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.29.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.23.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.25.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.18.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.10.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:haxx:libcurl:7.27.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.20.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.28.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.20.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.31.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.24.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.23.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.10.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.23.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.22.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.10.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.10.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.34.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.25.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.11.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.28.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.11.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.11.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.10.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.33.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.13.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.26.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.13.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.13.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.31.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.29.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.27.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.20.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.30.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.10.8</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.18.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.33.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.17.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.14.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.14.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.24.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.28.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.18.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.22.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.18.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.32.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.18.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.18.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.18.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.20.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.34.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.26.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.17.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.11.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.12.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.12.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.12.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.12.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.13.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.13.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.30.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.13.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.23.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.17.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.32.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.23.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.11.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.11.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.12.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.12.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.25.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.12.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.12.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.14.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.14.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.17.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.10.8</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.29.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.28.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0015</vuln:cve-id>
+    <vuln:published-datetime>2014-02-01T19:55:05.317-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:17.690-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-03T14:00:05.230-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://curl.haxx.se/docs/adv_20140129.html" xml:lang="en">http://curl.haxx.se/docs/adv_20140129.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2097-1" xml:lang="en">USN-2097-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SLACKWARE</vuln:source>
+      <vuln:reference href="http://www.slackware.com/security/viewer.php?l=slackware-security&amp;y=2014&amp;m=slackware-security.502652" xml:lang="en">SSA:2014-044-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029710" xml:lang="en">1029710</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65270" xml:lang="en">65270</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2849" xml:lang="en">DSA-2849</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56734" xml:lang="en">56734</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56731" xml:lang="en">56731</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56728" xml:lang="en">56728</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00066.html" xml:lang="en">openSUSE-SU-2014:0274</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128408.html" xml:lang="en">FEDORA-2014-1864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127627.html" xml:lang="en">FEDORA-2014-1876</vuln:reference>
+    </vuln:references>
+    <vuln:summary>cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0016">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.09"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.08"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.07"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.06"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.05"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.04"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.00"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.8p4"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.8p3"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.8p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.8p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.8:p4"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.8:p3"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.8:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.8:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.4a"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.21c"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.21b"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.21a"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.0:b7"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.0:b6"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.0:b5"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.0:b4"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.0:b3"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.0:b2"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.0:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:stunnel:stunnel:4.56"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.8:p3</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.8:p2</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.56</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.8:p1</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.52</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.50</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.51</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.53</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.55</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.8p2</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.54</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.4a</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.8p1</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.7</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.6</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.9</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.8</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.2</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.00</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.1</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.0</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.05</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.01</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.02</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.03</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.04</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.3</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.8:p4</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.5</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.14</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.13</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.12</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.11</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.17</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.19</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.18</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.15</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.20</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.22</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.21</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.23</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.24</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.25</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.26</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.27</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:0.1</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.10</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.10</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.11</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.09</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.07</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.08</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.06</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.0</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.16</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.15</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.14</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.13</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.12</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.42</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.43</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.44</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:2.0</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.39</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:2.1</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.41</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.40</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.49</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.21b</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.21c</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.46</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.45</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.48</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.47</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.32</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.33</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.31</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:1.1</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:1.0</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:1.3</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:1.2</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.0:b1</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.29</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:1.4</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.28</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.21a</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.0:b3</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.0:b2</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.0:b5</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.0:b4</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.30</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.37</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.36</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.35</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.34</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.8p4</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.0:b7</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:1.5</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.0:b6</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:1.6</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:4.38</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.8p3</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.21</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.20</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.19</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.18</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.17</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.16</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.26</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.24</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.25</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.22</vuln:product>
+      <vuln:product>cpe:/a:stunnel:stunnel:3.23</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0016</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T12:31:08.447-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:28:07.833-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T12:51:11.537-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.stunnel.org/sdf_ChangeLog.html" xml:lang="en">https://www.stunnel.org/sdf_ChangeLog.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1072180" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1072180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/attachment.cgi?id=870826&amp;action=diff" xml:lang="en">https://bugzilla.redhat.com/attachment.cgi?id=870826&amp;action=diff</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/05/1" xml:lang="en">[oss-security] 20140305 libssh and stunnel PRNG flaws</vuln:reference>
+    </vuln:references>
+    <vuln:summary>stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0017">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:libssh:libssh:0.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:libssh:libssh:0.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:libssh:libssh:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:libssh:libssh:0.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:libssh:libssh:0.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:libssh:libssh:0.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:libssh:libssh:0.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:libssh:libssh:0.5.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:libssh:libssh:0.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:libssh:libssh:0.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:libssh:libssh:0.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:libssh:libssh:0.5.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:libssh:libssh:0.4.8</vuln:product>
+      <vuln:product>cpe:/a:libssh:libssh:0.5.2</vuln:product>
+      <vuln:product>cpe:/a:libssh:libssh:0.4.7</vuln:product>
+      <vuln:product>cpe:/a:libssh:libssh:0.5.3</vuln:product>
+      <vuln:product>cpe:/a:libssh:libssh:0.5.4</vuln:product>
+      <vuln:product>cpe:/a:libssh:libssh:0.5.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:libssh:libssh:0.5.5</vuln:product>
+      <vuln:product>cpe:/a:libssh:libssh:0.6.0</vuln:product>
+      <vuln:product>cpe:/a:libssh:libssh:0.6.2</vuln:product>
+      <vuln:product>cpe:/a:libssh:libssh:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:libssh:libssh:0.5.1</vuln:product>
+      <vuln:product>cpe:/a:libssh:libssh:0.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0017</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T11:55:05.603-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:55:45.500-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>1.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T04:53:07.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/" xml:lang="en">http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1072191" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1072191</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2145-1" xml:lang="en">USN-2145-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/05/1" xml:lang="en">[oss-security] 20140305 libssh and stunnel PRNG flaws</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2879" xml:lang="en">DSA-2879</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57407" xml:lang="en">57407</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00040.html" xml:lang="en">openSUSE-SU-2014:0370</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00036.html" xml:lang="en">openSUSE-SU-2014:0366</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0018">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:redhat:jboss_enterprise_application_platform:6.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:jboss_wildfly_application_server:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:redhat:jboss_enterprise_application_platform:6.2.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:jboss_wildfly_application_server:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0018</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T10:55:05.343-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-18T10:54:09.897-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>1.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T10:54:09.803-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1052783" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1052783</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0172.html" xml:lang="en">RHSA-2014:0172</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0171.html" xml:lang="en">RHSA-2014:0171</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0170.html" xml:lang="en">RHSA-2014:0170</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0019">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.7.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.7.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:1.7.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:2.0.0:b6"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:2.0.0:b3"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:2.0.0:b4"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:2.0.0:b5"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:2.0.0:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dest-unreach:socat:2.0.0:b2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:dest-unreach:socat:2.0.0:b5</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:2.0.0:b4</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.3.1.0</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:2.0.0:b3</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:2.0.0:b2</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.7.1.0</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.4.1.0</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.3.2.2</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.3.0.0</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.3.0.1</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.4.3.0</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.4.3.1</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.7.0.0</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:2.0.0:b6</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.7.0.1</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.6.0.1</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.7.1.3</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.7.1.2</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:2.0.0:b1</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.7.1.1</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.4.0.3</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.4.2.0</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.4.0.1</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.4.0.2</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.4.0.0</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.7.2.0</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.7.2.1</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.6.0.0</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.7.2.2</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.3.2.1</vuln:product>
+      <vuln:product>cpe:/a:dest-unreach:socat:1.3.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0019</vuln:cve-id>
+    <vuln:published-datetime>2014-02-04T16:55:05.263-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:07.267-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>1.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-05T10:04:41.587-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.dest-unreach.org/socat" xml:lang="en">http://www.dest-unreach.org/socat</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/159" xml:lang="en">[oss-security] 20140128 Socat security advisory 5 - PROXY-CONNECT address overflow</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65201" xml:lang="en">65201</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:033" xml:lang="en">MDVSA-2014:033</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt" xml:lang="en">http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102612" xml:lang="en">102612</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128229.html" xml:lang="en">FEDORA-2014-1795</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128190.html" xml:lang="en">FEDORA-2014-1811</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0020">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.7.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pidgin:pidgin:2.10.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.7.7</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.7.6</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.7.9</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.7.8</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.7.3</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.7.5</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.7.4</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.6.4</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.6.6</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.6.5</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.10.2</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.10.0</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.7.0</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.6.0</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.6.2</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.8.0</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.7.10</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.5.8</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.5.9</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.6.3</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.5.6</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.5.7</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.9.0</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.7.11</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.5.5</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.10.4</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.10.5</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.10.3</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.10.6</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.10.7</vuln:product>
+      <vuln:product>cpe:/a:pidgin:pidgin:2.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0020</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T11:10:59.217-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:43:47.157-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T16:01:56.473-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="https://rhn.redhat.com/errata/RHSA-2014-0139.html" xml:lang="en">RHSA-2014:0139</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2100-1" xml:lang="en">USN-2100-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2859" xml:lang="en">DSA-2859</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://pidgin.im/news/security/?id=85" xml:lang="en">http://pidgin.im/news/security/?id=85</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html" xml:lang="en">openSUSE-SU-2014:0326</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html" xml:lang="en">openSUSE-SU-2014:0239</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://hg.pidgin.im/pidgin/main/rev/a167504359e5" xml:lang="en">http://hg.pidgin.im/pidgin/main/rev/a167504359e5</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://hg.pidgin.im/pidgin/main/rev/9f132a6855cd" xml:lang="en">http://hg.pidgin.im/pidgin/main/rev/9f132a6855cd</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://hg.pidgin.im/pidgin/main/rev/7d0fb0c6d8d4" xml:lang="en">http://hg.pidgin.im/pidgin/main/rev/7d0fb0c6d8d4</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://hg.pidgin.im/pidgin/main/rev/6b0e0566af20" xml:lang="en">http://hg.pidgin.im/pidgin/main/rev/6b0e0566af20</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://hg.pidgin.im/pidgin/main/rev/5845d9fa7084" xml:lang="en">http://hg.pidgin.im/pidgin/main/rev/5845d9fa7084</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://hg.pidgin.im/pidgin/main/rev/4d9be297d399" xml:lang="en">http://hg.pidgin.im/pidgin/main/rev/4d9be297d399</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0022">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:baseurl:yum:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:baseurl:yum:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:baseurl:yum:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:baseurl:yum:3.4.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:baseurl:yum:3.4.3</vuln:product>
+      <vuln:product>cpe:/a:baseurl:yum:3.4.0</vuln:product>
+      <vuln:product>cpe:/a:baseurl:yum:3.4.1</vuln:product>
+      <vuln:product>cpe:/a:baseurl:yum:3.4.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0022</vuln:cve-id>
+    <vuln:published-datetime>2014-01-26T11:58:11.197-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-27T12:20:03.367-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T12:20:03.320-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=9df69e5794" xml:lang="en">http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=9df69e5794</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1057377" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1057377</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1052440" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1052440</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65119" xml:lang="en">65119</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56637" xml:lang="en">56637</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0025">
+    <vuln:cve-id>CVE-2014-0025</vuln:cve-id>
+    <vuln:published-datetime>2014-01-28T18:55:03.547-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-28T18:55:03.657-05:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-1690.  Reason: This candidate is a reservation duplicate of CVE-2014-1690.  Notes: All CVE users should reference CVE-2014-1690 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0027">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cmu:flite:1.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cmu:flite:1.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0027</vuln:cve-id>
+    <vuln:published-datetime>2014-01-25T20:55:19.877-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:08.030-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.3</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T11:06:43.220-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-59"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1048678" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1048678</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64791" xml:lang="en">64791</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/101948" xml:lang="en">101948</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:032" xml:lang="en">MDVSA-2014:032</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/59" xml:lang="en">[oss-security] 20140110 temporary file issue in flite</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127776.html" xml:lang="en">FEDORA-2014-0579</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127748.html" xml:lang="en">FEDORA-2014-0574</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav.  NOTE: some of these details are obtained from third party information.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0028">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:redhat:libvirt:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0028</vuln:cve-id>
+    <vuln:published-datetime>2014-01-24T13:55:04.900-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:18.440-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-24T17:16:54.207-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html" xml:lang="en">[libvirt] 20140115 [PATCH 0/4] CVE-2014-0028: domain events vs. ACL filtering</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1048637" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1048637</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2093-1" xml:lang="en">USN-2093-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html" xml:lang="en">openSUSE-SU-2014:0268</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://libvirt.org/news.html" xml:lang="en">http://libvirt.org/news.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0031">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.0:-:community"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:4.0.0:incubating"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cloudstack:4.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:cloudstack:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.12</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.13</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.0:-:community</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.2.14</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:4.0.0:incubating</vuln:product>
+      <vuln:product>cpe:/a:apache:cloudstack:4.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0031</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:04.093-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-25T07:38:36.640-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T13:09:30.463-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://issues.apache.org/jira/browse/CLOUDSTACK-5145" xml:lang="en">https://issues.apache.org/jira/browse/CLOUDSTACK-5145</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl" xml:lang="en">https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/55960" xml:lang="en">55960</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0032">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.8.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:subversion:1.7.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:subversion:1.7.14</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.13</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.12</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.8.4</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.8.5</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.11</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.10</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.2</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.8.3</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.4</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.0</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.8</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.7</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.6</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.5</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.8.1</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.7.9</vuln:product>
+      <vuln:product>cpe:/a:apache:subversion:1.8.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0032</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T10:55:05.907-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:43:47.830-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:00:47.830-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.apache.org/viewvc?view=revision&amp;revision=1557320" xml:lang="en">http://svn.apache.org/viewvc?view=revision&amp;revision=1557320</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90986" xml:lang="en">apache-subversion-cve20140032-dos(90986)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65434" xml:lang="en">65434</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102927" xml:lang="en">102927</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES" xml:lang="en">http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES" xml:lang="en">http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56822" xml:lang="en">56822</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0255.html" xml:lang="en">RHSA-2014:0255</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA@mail.gmail.com%3E" xml:lang="en">[subversion-dev] 20140110 Sin mod_dav_svn with repositories on /</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C871u0gqb0d.fsf@ntlworld.com%3E" xml:lang="en">[subversion-dev] 20140110 Re: Segfault in mod_dav_svn with repositories on /</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C52D328AB.8090502@reser.org%3E" xml:lang="en">[subversion-dev] 20140110 2 Re: Segfault in mod_dav_svn with repositories on /</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00011.html" xml:lang="en">openSUSE-SU-2014:0334</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html" xml:lang="en">openSUSE-SU-2014:0307</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0033">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:6.0.37"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.34</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.33</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.35</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.36</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:6.0.37</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0033</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T09:55:08.537-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-26T14:29:45.393-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-26T14:29:45.207-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1069919" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1069919</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tomcat.apache.org/security-6.html" xml:lang="en">http://tomcat.apache.org/security-6.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.apache.org/viewvc?view=revision&amp;revision=1558822" xml:lang="en">http://svn.apache.org/viewvc?view=revision&amp;revision=1558822</vuln:reference>
+    </vuln:references>
+    <vuln:summary>org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0036">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.23::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.22::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.21::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.20::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.19::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.18::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.17::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.16::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.15::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.14::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.13::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.12::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.11::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.10::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.9::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.8::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.7::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.6::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.5::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.4::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.3::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.2::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:amos_benari:rbovirt:0.0.1::~~~ruby~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.19::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.20::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.21::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.8::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.9::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.10::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.6::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.11::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.7::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.12::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.4::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.22::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.13::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.5::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.23::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.14::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.17::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.18::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.15::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.16::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.3::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.2::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:amos_benari:rbovirt:0.0.1::~~~ruby~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0036</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:06.230-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-18T09:48:54.390-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-18T09:48:54.233-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1058595" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1058595</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/509" xml:lang="en">[oss-security] 20140306 CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130180.html" xml:lang="en">FEDORA-2014-3526</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130148.html" xml:lang="en">FEDORA-2014-3573</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0037">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.00"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.00"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.8</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.6</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.7</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.8</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.4</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.9</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.5</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.6</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.7</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.3</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.5</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.7</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.2</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.6</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.5</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.3</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.0</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.17</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.1.4</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.13</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.20</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.16</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.00</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.13</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.01</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.02</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.03</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.12</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.17</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.22</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.12</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.9</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.00</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.5</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.6</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.01</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.7</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.8</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.2</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.3</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.02</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.4</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.0</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.9</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.12</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.13</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.14</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.15</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.1.3</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.16</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0037</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:06.080-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T07:35:51.057-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T07:35:50.760-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1059903" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1059903</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1056767" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1056767</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/31/14" xml:lang="en">[oss-security] 20140131 Security Flaw CVE-2014-0037</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:044" xml:lang="en">MDVSA-2014:044</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0038">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0038</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T17:55:03.327-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:18.923-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T11:05:35.337-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268" xml:lang="en">https://github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2def2ef2ae5f3990aabdbe8a755911902707d268" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2def2ef2ae5f3990aabdbe8a755911902707d268</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/saelo/cve-2014-0038" xml:lang="en">https://github.com/saelo/cve-2014-0038</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=338594" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=338594</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1060023" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1060023</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2096-1" xml:lang="en">USN-2096-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2095-1" xml:lang="en">USN-2095-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2094-1" xml:lang="en">USN-2094-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/31/2" xml:lang="en">[oss-security] 20140131 Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:038" xml:lang="en">MDVSA-2014:038</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31347" xml:lang="en">31347</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31346" xml:lang="en">31346</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://pastebin.com/raw.php?i=DH3Lbg54" xml:lang="en">http://pastebin.com/raw.php?i=DH3Lbg54</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html" xml:lang="en">openSUSE-SU-2014:0205</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" xml:lang="en">openSUSE-SU-2014:0204</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0039">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:0.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:0.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:0.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:0.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:0.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:0.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:0.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:0.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:0.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cipherdyne:fwsnort:0.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:0.8.0</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:0.5</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:0.8.2</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:0.8.1</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:0.6.2</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:0.6.4</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:0.7.0</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:0.6.3</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.5</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:0.6.5</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.6</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.6.4</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.6.3</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:0.6</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:0.9.0</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:cipherdyne:fwsnort:1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0039</vuln:cve-id>
+    <vuln:published-datetime>2014-02-07T19:55:06.113-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:09.170-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-10T10:52:01.240-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348" xml:lang="en">https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/mrash/fwsnort/blob/master/ChangeLog" xml:lang="en">https://github.com/mrash/fwsnort/blob/master/ChangeLog</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65341" xml:lang="en">65341</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/221" xml:lang="en">[oss-security] 20140203 CVE-2014-0039: fwsnort loaded configuration file from cwd when run as a non-root user</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102822" xml:lang="en">102822</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128205.html" xml:lang="en">FEDORA-2014-1972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128188.html" xml:lang="en">FEDORA-2014-1975</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0044">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2.3:rc2</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2.3:rc1</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2.3:rc3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0044</vuln:cve-id>
+    <vuln:published-datetime>2014-02-07T19:55:06.160-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:19.097-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-10T05:50:21.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2854" xml:lang="en">DSA-2854</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102904" xml:lang="en">102904</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://mumble.info/security/Mumble-SA-2014-001.txt" xml:lang="en">http://mumble.info/security/Mumble-SA-2014-001.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00063.html" xml:lang="en">openSUSE-SU-2014:0271</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read (aka "out-of-bounds array access").</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0045">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.1::~~~iphone_os~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.1.1::~~~iphone_os~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.1:rc1:~~~iphone_os~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2::~~~iphone_os~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2.1::~~~iphone_os~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2.2::~~~iphone_os~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumblekit:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:light_speed_gaming:mumblekit:-</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2.1::~~~iphone_os~~</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.1:rc1:~~~iphone_os~~</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2.2::~~~iphone_os~~</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2.3:rc2</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.1.1::~~~iphone_os~~</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2.3:rc1</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2.3:rc3</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.1::~~~iphone_os~~</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2::~~~iphone_os~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0045</vuln:cve-id>
+    <vuln:published-datetime>2014-02-07T19:55:06.177-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:19.173-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-10T11:33:20.393-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2854" xml:lang="en">DSA-2854</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102958" xml:lang="en">102958</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102905" xml:lang="en">102905</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://mumble.info/security/Mumble-SA-2014-004.txt" xml:lang="en">http://mumble.info/security/Mumble-SA-2014-004.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://mumble.info/security/Mumble-SA-2014-002.txt" xml:lang="en">http://mumble.info/security/Mumble-SA-2014-002.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00063.html" xml:lang="en">openSUSE-SU-2014:0271</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative integer to an unsigned integer, and a heap-based buffer over-read and over-write.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0046">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emberjs:ember.js:1.4.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:emberjs:ember.js:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emberjs:ember.js:1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emberjs:ember.js:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emberjs:ember.js:1.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emberjs:ember.js:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:emberjs:ember.js:1.3.1</vuln:product>
+      <vuln:product>cpe:/a:emberjs:ember.js:1.4.0:beta</vuln:product>
+      <vuln:product>cpe:/a:emberjs:ember.js:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:emberjs:ember.js:1.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0046</vuln:cve-id>
+    <vuln:published-datetime>2014-02-27T10:55:04.907-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:19.267-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T10:03:58.707-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://groups.google.com/forum/#%21topic/ember-security/1h6FRgr8lXQ" xml:lang="en">https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91242" xml:lang="en">emberjs-linkto-xss(91242)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/14/6" xml:lang="en">[oss-security] 20140214 [CVE-2014-0046] XSS Vulnerability With {{link-to}} Helper in Non-block Form</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56965" xml:lang="en">56965</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://emberjs.com/blog/2014/02/07/ember-security-releases.html" xml:lang="en">http://emberjs.com/blog/2014/02/07/ember-security-releases.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0049">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0049</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:01:06.060-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-11T10:26:44.843-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.4</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T10:26:42.767-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/03/1" xml:lang="en">[oss-security] 20140303 CVE-2014-0049 -- Linux kernel: kvm: mmio_fragments out-of-the-bounds access</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/a08d3b3b99efd509133946056531cdf8f3a0c09b" xml:lang="en">https://github.com/torvalds/linux/commit/a08d3b3b99efd509133946056531cdf8f3a0c09b</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1062368" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1062368</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a08d3b3b99efd509133946056531cdf8f3a0c09b" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a08d3b3b99efd509133946056531cdf8f3a0c09b</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0050">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.2:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.4:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:7.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:8.0.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:8.0.0:rc10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:8.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:tomcat:8.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:commons_fileupload:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:commons_fileupload:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:commons_fileupload:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:commons_fileupload:1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:commons_fileupload:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:commons_fileupload:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:commons_fileupload:1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:commons_fileupload:1.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.5</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.40</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.41</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.42</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.43</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.44</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.45</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.46</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.37</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.38</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.39</vuln:product>
+      <vuln:product>cpe:/a:apache:commons_fileupload:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.10</vuln:product>
+      <vuln:product>cpe:/a:apache:commons_fileupload:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.8</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.13</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.9</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.6</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.11</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.7</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.12</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.36</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.47</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:8.0.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:8.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.49</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:8.0.0:rc10</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.48</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:8.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.22</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.4:beta</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.23</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.24</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.2:beta</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.0:beta</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.20</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.21</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.50</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.35</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.19</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.33</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.34</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.16</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.31</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.15</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.32</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.18</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.17</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.30</vuln:product>
+      <vuln:product>cpe:/a:apache:commons_fileupload:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.14</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.25</vuln:product>
+      <vuln:product>cpe:/a:apache:commons_fileupload:1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:commons_fileupload:1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:commons_fileupload:1.3</vuln:product>
+      <vuln:product>cpe:/a:apache:commons_fileupload:1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.29</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.28</vuln:product>
+      <vuln:product>cpe:/a:apache:commons_fileupload:1.3.1</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.27</vuln:product>
+      <vuln:product>cpe:/a:apache:tomcat:7.0.26</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0050</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:27:51.373-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:02:52.993-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T10:01:08.553-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tomcat.apache.org/security-8.html" xml:lang="en">http://tomcat.apache.org/security-8.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tomcat.apache.org/security-7.html" xml:lang="en">http://tomcat.apache.org/security-7.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.apache.org/r1565143" xml:lang="en">http://svn.apache.org/r1565143</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1062337" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1062337</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57915" xml:lang="en">57915</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0400.html" xml:lang="en">RHSA-2014:0400</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E" xml:lang="en">[commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017" xml:lang="en">JVNDB-2014-000017</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN14876762/index.html" xml:lang="en">JVN#14876762</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html" xml:lang="en">http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0053">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.5"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.5"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0053</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:55:08.640-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T13:54:49.580-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T07:39:07.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://twitter.com/Ramsharan065/status/434975409134792704" xml:lang="en">https://twitter.com/Ramsharan065/status/434975409134792704</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91270" xml:lang="en">grails-cve20140053-info-disc(91270)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65678" xml:lang="en">65678</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531281/100/0/threaded" xml:lang="en">20140227 Update: CVE-2014-0053 Information Disclosure when using Grails</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.gopivotal.com/security/cve-2014-0053" xml:lang="en">http://www.gopivotal.com/security/cve-2014-0053</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56841" xml:lang="en">56841</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html" xml:lang="en">20140227 Update: CVE-2014-0053 Information Disclosure when using Grails</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0194.html" xml:lang="en">20140219 CVE-2014-0053 Information Disclosure when using Grails</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote attackers to obtain sensitive information via a direct request.  NOTE: this identifier has been SPLIT due to different researchers and different vulnerability types. See CVE-2014-2857 for the META-INF variant and CVE-2014-2858 for the directory traversal.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0054">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:4.0.0:m1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:4.0.0:m2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:4.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0.m2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0.m1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:m4"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:m3"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:m2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:m1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0.m1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0.m2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.7</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:4.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:4.0.0:m2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:4.0.0:m1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:m1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:m2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:m3</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:m4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0054</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:06.417-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-18T09:56:57.203-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-18T09:56:56.967-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://jira.spring.io/browse/SPR-11376" xml:lang="en">https://jira.spring.io/browse/SPR-11376</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57915" xml:lang="en">57915</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0400.html" xml:lang="en">RHSA-2014:0400</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0055">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:redhat:enterprise_linux:6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:redhat:enterprise_linux:6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0055</vuln:cve-id>
+    <vuln:published-datetime>2014-03-26T10:55:04.710-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:45:56.627-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T14:28:12.737-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1062577" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1062577</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0339.html" xml:lang="en">RHSA-2014:0339</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0328.html" xml:lang="en">RHSA-2014:0328</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0057">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:redhat:cloudforms:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:cloudforms_3.0_management_engine:5.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:redhat:cloudforms_3.0_management_engine:5.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:cloudforms:3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0057</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T13:02:52.887-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-19T10:03:56.427-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T10:03:38.987-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1064140" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1064140</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57376" xml:lang="en">57376</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0215.html" xml:lang="en">RHSA-2014:0215</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0058">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:jboss_enterprise_application_platform:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:jboss_enterprise_application_platform:6.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:jboss_enterprise_application_platform:6.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:redhat:jboss_enterprise_application_platform:6.2.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:jboss_enterprise_application_platform:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:jboss_enterprise_application_platform:6.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0058</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T10:55:08.953-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T10:49:21.817-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>1.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T10:49:08.287-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0205.html" xml:lang="en">RHSA-2014:0205</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0204.html" xml:lang="en">RHSA-2014:0204</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0060">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.17"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.17</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.16</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.19</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.18</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0060</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:08.663-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T13:47:07.757-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:47:04.317-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.postgresql.org/about/news/1506/" xml:lang="en">http://www.postgresql.org/about/news/1506/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2865" xml:lang="en">DSA-2865</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2864" xml:lang="en">DSA-2864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wiki.postgresql.org/wiki/20140220securityrelease" xml:lang="en">http://wiki.postgresql.org/wiki/20140220securityrelease</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0061">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.17"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.17</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.16</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.19</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.18</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0061</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:15.383-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T13:52:06.877-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:52:03.813-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.postgresql.org/about/news/1506/" xml:lang="en">http://www.postgresql.org/about/news/1506/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2865" xml:lang="en">DSA-2865</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2864" xml:lang="en">DSA-2864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wiki.postgresql.org/wiki/20140220securityrelease" xml:lang="en">http://wiki.postgresql.org/wiki/20140220securityrelease</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0062">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.17"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.17</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.16</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.19</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.18</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0062</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:15.397-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T13:54:55.677-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:54:55.317-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.postgresql.org/about/news/1506/" xml:lang="en">http://www.postgresql.org/about/news/1506/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2865" xml:lang="en">DSA-2865</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2864" xml:lang="en">DSA-2864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wiki.postgresql.org/wiki/20140220securityrelease" xml:lang="en">http://wiki.postgresql.org/wiki/20140220securityrelease</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0063">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.17"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.17</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.16</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.19</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.18</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0063</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:15.710-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T13:50:48.670-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:50:48.357-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/postgres/postgres/commit/4318daecc959886d001a6e79c6ea853e8b1dfb4b" xml:lang="en">https://github.com/postgres/postgres/commit/4318daecc959886d001a6e79c6ea853e8b1dfb4b</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1065226" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1065226</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.postgresql.org/support/security/" xml:lang="en">http://www.postgresql.org/support/security/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.postgresql.org/about/news/1506/" xml:lang="en">http://www.postgresql.org/about/news/1506/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2865" xml:lang="en">DSA-2865</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2864" xml:lang="en">DSA-2864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wiki.postgresql.org/wiki/20140220securityrelease" xml:lang="en">http://wiki.postgresql.org/wiki/20140220securityrelease</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0064">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.17"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.17</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.16</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.19</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.18</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0064</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:15.740-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T13:56:29.493-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:56:29.087-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a" xml:lang="en">https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1065230" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1065230</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.postgresql.org/support/security/" xml:lang="en">http://www.postgresql.org/support/security/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.postgresql.org/about/news/1506/" xml:lang="en">http://www.postgresql.org/about/news/1506/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2865" xml:lang="en">DSA-2865</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2864" xml:lang="en">DSA-2864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wiki.postgresql.org/wiki/20140220securityrelease" xml:lang="en">http://wiki.postgresql.org/wiki/20140220securityrelease</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow.  NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0065">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.17"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.17</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.16</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.19</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.18</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0065</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:15.757-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-03T13:15:49.360-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T14:04:39.213-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.postgresql.org/about/news/1506/" xml:lang="en">http://www.postgresql.org/about/news/1506/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2865" xml:lang="en">DSA-2865</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2864" xml:lang="en">DSA-2864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wiki.postgresql.org/wiki/20140220securityrelease" xml:lang="en">http://wiki.postgresql.org/wiki/20140220securityrelease</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0066">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.17"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.17</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.16</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.19</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.18</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0066</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:15.773-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-03T13:53:27.483-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T14:03:16.430-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.postgresql.org/about/news/1506/" xml:lang="en">http://www.postgresql.org/about/news/1506/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2865" xml:lang="en">DSA-2865</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2864" xml:lang="en">DSA-2864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wiki.postgresql.org/wiki/20140220securityrelease" xml:lang="en">http://wiki.postgresql.org/wiki/20140220securityrelease</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0067">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:8.4.17"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.17</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.16</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.19</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.18</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:8.4.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0067</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:15.787-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T13:58:37.420-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:58:37.107-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.postgresql.org/about/news/1506/" xml:lang="en">http://www.postgresql.org/about/news/1506/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2865" xml:lang="en">DSA-2865</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2864" xml:lang="en">DSA-2864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wiki.postgresql.org/wiki/20140220securityrelease" xml:lang="en">http://wiki.postgresql.org/wiki/20140220securityrelease</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0069">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0069</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T01:18:54.010-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:27:57.107-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T12:03:13.557-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f" xml:lang="en">https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d81de8e8667da7135d3a32a964087c0faf5483f" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d81de8e8667da7135d3a32a964087c0faf5483f</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1064253" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1064253</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/17/4" xml:lang="en">[oss-security] 20140217 CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0328.html" xml:lang="en">RHSA-2014:0328</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://article.gmane.org/gmane.linux.kernel.cifs/9401" xml:lang="en">[linux-cifs] 20140214 [PATCH] cifs: ensure that uncached writes handle unmapped areas correctly</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0070">
+    <vuln:cve-id>CVE-2014-0070</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:02.993-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-26T20:55:03.070-05:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was not a security issue.  Notes: none.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0071">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openstack:4.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:redhat:openstack:4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0071</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:06.450-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-17T12:00:04.640-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-17T12:00:04.533-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1064163" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1064163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66001" xml:lang="en">66001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0233.html" xml:lang="en">RHSA-2014:0233</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0076">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.1c"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.3a"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.5a"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.5a:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.5a:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6a"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6a:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6a:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6a:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6b"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6c"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6d"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6e"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6f"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6g"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6h"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6i"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6j"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6k"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6l"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.6m"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7a"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7b"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7c"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7d"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7e"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7f"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7g"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7h"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7i"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7j"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7k"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7l"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.7m"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8a"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8b"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8c"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8d"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8e"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8f"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8g"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8h"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8i"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8j"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8k"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8l"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8m"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8m:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8n"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8o"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8p"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8q"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8r"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8s"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8t"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8u"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8v"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8w"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8x"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:0.9.8y"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0l"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0k"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0j"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0i"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0h"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0g"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0f"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0e"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0d"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0c"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0b"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0a"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8u</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7:beta6</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7k</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8w</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8v</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7h</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8m:beta1</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7g</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.4</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7j</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.5</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7i</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7d</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7f</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7e</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8y</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8x</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7l</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7m</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.5a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0d</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0c</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0b</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0l</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0j</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0k</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0h</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0i</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0f</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8o</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0g</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8n</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8m</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0e</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8f</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8g</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8t</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8e</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6a:beta1</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8r</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.3a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8s</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6a:beta3</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8p</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6a:beta2</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8q</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8l</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6b</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8j</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8k</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8h</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8i</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.5a:beta2</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.5a:beta1</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7b</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.2b</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.7c</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6i</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6h</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6g</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6f</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6j</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6e</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6d</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6c</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6l</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.1c</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6m</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.6k</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8b</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8c</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:0.9.8d</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0076</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T09:25:21.977-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:55:49.000-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-25T10:32:53.127-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.novell.com/show_bug.cgi?id=869945" xml:lang="en">https://bugzilla.novell.com/show_bug.cgi?id=869945</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.gentoo.org/show_bug.cgi?id=505278" xml:lang="en">https://bugs.gentoo.org/show_bug.cgi?id=505278</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29" xml:lang="en">http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://eprint.iacr.org/2014/140" xml:lang="en">http://eprint.iacr.org/2014/140</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0077">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0077</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T19:55:07.530-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T10:59:32.337-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T10:59:30.133-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d8316f3991d207fe32881a9ac20241be8fa2bad0" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d8316f3991d207fe32881a9ac20241be8fa2bad0</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0" xml:lang="en">https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1064440" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1064440</vuln:reference>
+    </vuln:references>
+    <vuln:summary>drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0079">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.00"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.00"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.1.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.00</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.01</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.1.8</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.02</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.20</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.00</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.01</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.02</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.03</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.22</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0079</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:06.157-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T07:52:00.900-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T07:52:00.807-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1059903" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1059903</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:044" xml:lang="en">MDVSA-2014:044</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0080">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.2:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.1.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.0:beta</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.0:-</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.1:-</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.2:-</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.1.0:beta1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0080</vuln:cve-id>
+    <vuln:published-datetime>2014-02-20T10:27:02.750-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-20T19:13:30.407-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-20T07:47:10.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ" xml:lang="en">[rubyonrails-security] 20140218 Data Injection Vulnerability in Active Record (CVE-2014-0080)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/18/9" xml:lang="en">[oss-security] 20140218 Data Injection Vulnerability in Active Record (CVE-2014-0080)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0081">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.14:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.14:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:0.9.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:1.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:2.3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.1:pre"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.10:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.12:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.13:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.2:pre"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.5:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc8"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.5:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.13:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.13:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.2:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.1.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.8.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.0:-</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.1:-</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.6.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.13:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.12:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.10:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.2:pre</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.5.6</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.5.5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.5:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.1:pre</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.2:-</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.3:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.10.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.9.4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.3:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.13.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.13.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.5.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.7</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.9</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.11.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.11.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.13:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.14:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.13:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.14:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.14</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.13</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.16</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.15</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.12</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.11</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.6.5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc6</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc8</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.20</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.11</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc7</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.2:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.8.5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.5:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.14.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.14.4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.14.3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.14.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.2.6</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.13</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.14</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.15</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.16</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:1.9.5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.12</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.9.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.7.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.1.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.9.4.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:4.0.0:beta</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.5.7</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.12.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:0.12.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:2.3.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0081</vuln:cve-id>
+    <vuln:published-datetime>2014-02-20T10:27:09.140-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:55:51.047-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-20T12:51:59.640-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ" xml:lang="en">[rubyonrails-security] 20140218 XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57376" xml:lang="en">57376</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0306.html" xml:lang="en">RHSA-2014:0306</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0215.html" xml:lang="en">RHSA-2014:0215</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/18/8" xml:lang="en">[oss-security] 20140218 XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" xml:lang="en">openSUSE-SU-2014:0295</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0082">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.14:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.14:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.1:pre"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.10:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.12:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.13:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.2:pre"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.5:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc8"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.5:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.13:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.13:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:rubyonrails:ruby_on_rails:3.2.16"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.13:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.12:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.10:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.2:pre</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.8:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.7:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.6:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.5:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.1:pre</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.3:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.3:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.9:rc3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.7</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.9</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.14:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.13:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.13:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.14:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.14</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.13</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.16</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.15</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.12</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.11</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc6</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.20</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc8</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc7</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.2:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.1:rc3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.5:rc1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:rubyonrails:ruby_on_rails:3.0.0:beta</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0082</vuln:cve-id>
+    <vuln:published-datetime>2014-02-20T10:27:09.170-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:02:56.307-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-20T08:01:44.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ" xml:lang="en">[rubyonrails-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57836" xml:lang="en">57836</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57376" xml:lang="en">57376</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0306.html" xml:lang="en">RHSA-2014:0306</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0215.html" xml:lang="en">RHSA-2014:0215</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/18/10" xml:lang="en">[oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" xml:lang="en">openSUSE-SU-2014:0295</vuln:reference>
+    </vuln:references>
+    <vuln:summary>actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0085">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:zookeeper:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:jboss_fuse:6.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:redhat:jboss_fuse:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:zookeeper:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0085</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:06.467-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-17T12:03:20.257-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-17T12:03:20.177-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1067265" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1067265</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57915" xml:lang="en">57915</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0400.html" xml:lang="en">RHSA-2014:0400</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0086">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:redhat:jboss_web_framework_kit:2.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:richfaces:5.0.0:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:richfaces:5.0.0:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:richfaces:5.0.0:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:richfaces:4.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:richfaces:4.3.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:redhat:richfaces:4.3.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:richfaces:5.0.0:alpha3</vuln:product>
+      <vuln:product>cpe:/a:redhat:richfaces:5.0.0:alpha2</vuln:product>
+      <vuln:product>cpe:/a:redhat:jboss_web_framework_kit:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:richfaces:4.3.5</vuln:product>
+      <vuln:product>cpe:/a:redhat:richfaces:5.0.0:alpha1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0086</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:19.587-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T13:33:56.620-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:33:56.497-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://issues.jboss.org/browse/RF-13250" xml:lang="en">https://issues.jboss.org/browse/RF-13250</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757" xml:lang="en">https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1067268" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1067268</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57053" xml:lang="en">57053</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0088">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0088</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:49.920-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T10:10:30.290-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T10:10:30.257-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" xml:lang="en">[nginx-announce] 20140304 nginx security advisory (CVE-2014-0088)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030150" xml:lang="en">1030150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0089">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:theforeman:foreman:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:theforeman:foreman:1.4.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:theforeman:foreman:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:theforeman:foreman:1.4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0089</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T12:55:05.660-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-27T14:59:21.333-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-27T14:59:21.240-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://projects.theforeman.org/issues/4456" xml:lang="en">http://projects.theforeman.org/issues/4456</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1071741" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1071741</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://theforeman.org/security.html" xml:lang="en">http://theforeman.org/security.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57575" xml:lang="en">57575</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0092">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.17"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.20</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.21</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.7</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.19</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.9</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.8.1</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.18</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.11</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0092</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T19:10:53.573-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:45:58.847-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-07T07:10:31.353-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1069865" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1069865</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2127-1" xml:lang="en">USN-2127-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2869" xml:lang="en">DSA-2869</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57321" xml:lang="en">57321</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57274" xml:lang="en">57274</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57260" xml:lang="en">57260</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57254" xml:lang="en">57254</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57204" xml:lang="en">57204</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57103" xml:lang="en">57103</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56933" xml:lang="en">56933</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0339.html" xml:lang="en">RHSA-2014:0339</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0288.html" xml:lang="en">RHSA-2014:0288</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0247.html" xml:lang="en">RHSA-2014:0247</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0246.html" xml:lang="en">RHSA-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html" xml:lang="en">SUSE-SU-2014:0445</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html" xml:lang="en">openSUSE-SU-2014:0346</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html" xml:lang="en">openSUSE-SU-2014:0328</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html" xml:lang="en">openSUSE-SU-2014:0325</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html" xml:lang="en">SUSE-SU-2014:0324</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html" xml:lang="en">SUSE-SU-2014:0323</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html" xml:lang="en">SUSE-SU-2014:0322</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html" xml:lang="en">SUSE-SU-2014:0321</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" xml:lang="en">SUSE-SU-2014:0320</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html" xml:lang="en">SUSE-SU-2014:0319</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://gnutls.org/security.html#GNUTLS-SA-2014-2" xml:lang="en">http://gnutls.org/security.html#GNUTLS-SA-2014-2</vuln:reference>
+    </vuln:references>
+    <vuln:summary>lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0093">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:redhat:jboss_enterprise_application_platform:6.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:redhat:jboss_enterprise_application_platform:6.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0093</vuln:cve-id>
+    <vuln:published-datetime>2014-04-03T12:15:12.127-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-03T12:51:22.310-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-03T12:51:22.137-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57675" xml:lang="en">57675</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0345.html" xml:lang="en">RHSA-2014:0345</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0344.html" xml:lang="en">RHSA-2014:0344</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0343.html" xml:lang="en">RHSA-2014:0343</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0094">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:struts:2.1.8.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.12</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.16</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.4.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.3.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0094</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:00:37.107-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-11T10:00:53.477-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T10:00:50.277-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029876" xml:lang="en">1029876</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65999" xml:lang="en">65999</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531362/100/0/threaded" xml:lang="en">20140306 [ANN] Struts 2.3.16.1 GA release available - security fix</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://struts.apache.org/release/2.3.x/docs/s2-020.html" xml:lang="en">http://struts.apache.org/release/2.3.x/docs/s2-020.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56440" xml:lang="en">56440</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0098">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.28:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.32:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.34:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:http_server:2.4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:http_server:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.64</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.32:beta</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.34:beta</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.18</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.38</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.28:beta</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.53</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.54</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.55</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.56</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.57</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.58</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.59</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.63</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.60</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.61</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.49</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.40</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.19</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.41</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.25</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.24</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.23</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.22</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.28</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.52</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.51</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.32</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.50</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.1</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.11</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.37</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.36</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.35</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.15</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.12</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.14</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.13</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.17</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.14</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.16</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.15</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.16</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.13</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.12</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.39</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.20</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.42</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.44</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.43</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.2.21</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.46</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.45</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.48</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:apache:http_server:2.0.47</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0098</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T01:18:18.750-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:27:58.013-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-18T08:33:41.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394&amp;r2=1575400&amp;diff_format=h" xml:lang="en">http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394&amp;r2=1575400&amp;diff_format=h</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2152-1" xml:lang="en">USN-2152-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.apache.org/dist/httpd/CHANGES_2.4.9" xml:lang="en">http://www.apache.org/dist/httpd/CHANGES_2.4.9</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c" xml:lang="en">http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0100">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0100</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:01:06.733-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-11T10:30:21.320-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T10:30:10.773-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/04/4" xml:lang="en">[oss-security] 20140304 CVE-2014-0100 -- Linux kernel: net: inet frag code race condition leading to user-after-free</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1070618" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1070618</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://patchwork.ozlabs.org/patch/325844/" xml:lang="en">http://patchwork.ozlabs.org/patch/325844/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0101">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0101</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:01:06.733-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:27:58.187-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T10:50:24.897-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/04/6" xml:lang="en">[oss-security] 20140304 CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729" xml:lang="en">https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1070705" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1070705</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0328.html" xml:lang="en">RHSA-2014:0328</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ec0223ec48a90cb605244b45f7c62de856403729" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ec0223ec48a90cb605244b45f7c62de856403729</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0102">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0102</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:01:08.670-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-11T11:03:22.243-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.2</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T11:03:20.897-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/04/21" xml:lang="en">[oss-security] 20140304 CVE-2014-0102 -- Linux kernel: security: keyring cycle detector DoS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1072419" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1072419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.kernelhub.org/?msg=425013&amp;p=2" xml:lang="en">http://www.kernelhub.org/?msg=425013&amp;p=2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://lkml.org/lkml/2014/2/27/507" xml:lang="en">[linux-kernel] 20140227 kernel BUG at security/keys/keyring.c:1003!</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0105">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openstack:python-keystoneclient:0.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:python-keystoneclient:0.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:python-keystoneclient:0.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:python-keystoneclient:0.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:python-keystoneclient:0.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:python-keystoneclient:0.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:python-keystoneclient:0.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openstack:python-keystoneclient:0.4.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:python-keystoneclient:0.3.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:python-keystoneclient:0.3.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:python-keystoneclient:0.3.0</vuln:product>
+      <vuln:product>cpe:/a:openstack:python-keystoneclient:0.2.3</vuln:product>
+      <vuln:product>cpe:/a:openstack:python-keystoneclient:0.2.4</vuln:product>
+      <vuln:product>cpe:/a:openstack:python-keystoneclient:0.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0105</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T10:55:03.577-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T08:31:00.920-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T08:31:00.750-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/27/4" xml:lang="en">[oss-security] 20140327 [OSSA 2014-007] Potential context confusion in Keystone middleware  (CVE-2014-0105)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.launchpad.net/python-keystoneclient/+bug/1282865" xml:lang="en">https://bugs.launchpad.net/python-keystoneclient/+bug/1282865</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0382.html" xml:lang="en">RHSA-2014:0382</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0106">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.1p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.1p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.3p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.3p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.4p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.4p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.4p3"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.4p4"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.8.4p5"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.10p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.10p10"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.10p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.10p3"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.10p4"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.10p5"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.10p6"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.10p7"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.10p8"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.10p9"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.2p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.2p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.2p3"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.2p4"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.2p5"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.2p6"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.2p7"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.3b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.4p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.4p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.4p3"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.4p4"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.4p5"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.4p6"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.6p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.6p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.8p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.8p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.7.9p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.6.9p20"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.6.9p21"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.6.9p22"/>
+        <cpe-lang:fact-ref name="cpe:/a:todd_miller:sudo:1.6.9p23"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.0</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.2</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.6p1</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.6p2</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.8p2</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.8p1</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.3</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.4</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.9p1</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.4p4</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.4p5</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.4p2</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.4p3</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.4p1</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.2p1</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.10p10</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.3p2</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.3p1</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.1p2</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.10p4</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.4p1</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.4p2</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.10</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.4p5</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.10p1</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.4p6</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.10p2</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.4p3</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.10p3</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.4p4</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.10p5</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.10p6</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.1p1</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.10p7</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.3b1</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.10p8</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.10p9</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.2p4</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.2p3</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.2p2</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.2p7</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.2p6</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.2p5</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.2</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.1</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.6.9</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.6.9p23</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.6.9p22</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.6.9p21</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.6.9p20</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.9</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.7</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.8</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.5</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.6</vuln:product>
+      <vuln:product>cpe:/a:todd_miller:sudo:1.7.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0106</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T15:37:03.240-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:55:53.157-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T14:26:24.713-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.sudo.ws/sudo/alerts/env_add.html" xml:lang="en">http://www.sudo.ws/sudo/alerts/env_add.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2146-1" xml:lang="en">USN-2146-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/06/2" xml:lang="en">[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0266.html" xml:lang="en">RHSA-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0107">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:2.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:2.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:2.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:xalan-java:1.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:xalan-java:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:apache:xalan-java:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:xalan-java:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:xalan-java:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:xalan-java:2.6.0</vuln:product>
+      <vuln:product>cpe:/a:apache:xalan-java:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:apache:xalan-java:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:apache:xalan-java:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:apache:xalan-java:2.7.0</vuln:product>
+      <vuln:product>cpe:/a:apache:xalan-java:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:apache:xalan-java:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:xalan-java:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:apache:xalan-java:2.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0107</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:13.070-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T09:45:03.180-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T09:45:02.883-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.ocert.org/advisories/ocert-2014-002.html" xml:lang="en">http://www.ocert.org/advisories/ocert-2014-002.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.apache.org/viewvc?view=revision&amp;revision=1581058" xml:lang="en">http://svn.apache.org/viewvc?view=revision&amp;revision=1581058</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://issues.apache.org/jira/browse/XALANJ-2435" xml:lang="en">https://issues.apache.org/jira/browse/XALANJ-2435</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92023" xml:lang="en">apache-xalanjava-cve20140107-sec-bypass(92023)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66397" xml:lang="en">66397</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57563" xml:lang="en">57563</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0111">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:syncope:1.1.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:syncope:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:syncope:1.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0111</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:06.763-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-18T10:18:45.927-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-18T10:18:45.803-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531841/100/0/threaded" xml:lang="en">20140415 [SECURITY] CVE-2014-0111 Apache Syncope</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://syncope.apache.org/security.html" xml:lang="en">http://syncope.apache.org/security.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/%3C534CE273.9020601@apache.org%3E" xml:lang="en">[www-announce] 20140415 [SECURITY] CVE-2014-0111 Apache Syncope</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0112">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:struts:2.3.14</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.12</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.16</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.4.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.8.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.3.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.16.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0112</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.670-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:59:24.903-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:59:24.420-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://cwiki.apache.org/confluence/display/WW/S2-021" xml:lang="en">https://cwiki.apache.org/confluence/display/WW/S2-021</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1091939" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1091939</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045" xml:lang="en">JVNDB-2014-000045</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN19294237/index.html" xml:lang="en">JVN#19294237</vuln:reference>
+    </vuln:references>
+    <vuln:summary>ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0113">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:struts:2.3.14</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.12</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.16</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.4.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.8.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.3.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.16.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0113</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.700-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:59:31.653-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:59:30.983-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://cwiki.apache.org/confluence/display/WW/S2-021" xml:lang="en">https://cwiki.apache.org/confluence/display/WW/S2-021</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0114">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.1:b3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.1:b2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.1:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:struts:1.3.5</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.1:b3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.1:b2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.3.10</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.2.9</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.1:b1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.3.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.2.6</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.2.7</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.2.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0114</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:03.973-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T10:28:16.450-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T10:28:16.280-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1091938" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1091938</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0122">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0122</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.370-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T11:28:28.697-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T11:28:28.007-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://moodle.org/mod/forum/discuss.php?d=256418" xml:lang="en">https://moodle.org/mod/forum/discuss.php?d=256418</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/17/1" xml:lang="en">[oss-security] 20140317 Moodle security notifications public</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-44082" xml:lang="en">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-44082</vuln:reference>
+    </vuln:references>
+    <vuln:summary>mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0123">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0123</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.370-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:39:47.670-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T07:26:46.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://moodle.org/mod/forum/discuss.php?d=256419" xml:lang="en">https://moodle.org/mod/forum/discuss.php?d=256419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/17/1" xml:lang="en">[oss-security] 20140317 Moodle security notifications public</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-39990" xml:lang="en">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-39990</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0124">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0124</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.387-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:37:38.167-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T11:28:53.027-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://moodle.org/mod/forum/discuss.php?d=256421" xml:lang="en">https://moodle.org/mod/forum/discuss.php?d=256421</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/17/1" xml:lang="en">[oss-security] 20140317 Moodle security notifications public</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43916" xml:lang="en">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43916</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0125">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0125</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.400-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:37:09.290-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T07:30:13.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://moodle.org/mod/forum/discuss.php?d=256422" xml:lang="en">https://moodle.org/mod/forum/discuss.php?d=256422</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/17/1" xml:lang="en">[oss-security] 20140317 Moodle security notifications public</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-29409" xml:lang="en">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-29409</vuln:reference>
+    </vuln:references>
+    <vuln:summary>repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0126">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0126</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.400-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:34:58.520-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T11:31:10.233-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://moodle.org/mod/forum/discuss.php?d=256423" xml:lang="en">https://moodle.org/mod/forum/discuss.php?d=256423</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/17/1" xml:lang="en">[oss-security] 20140317 Moodle security notifications public</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43146" xml:lang="en">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43146</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0127">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0127</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.417-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T11:33:00.220-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T11:32:59.767-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://moodle.org/mod/forum/discuss.php?d=256417" xml:lang="en">https://moodle.org/mod/forum/discuss.php?d=256417</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/17/1" xml:lang="en">[oss-security] 20140317 Moodle security notifications public</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43656" xml:lang="en">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43656</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0128">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:11.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:squid-cache:squid:3.4.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.17</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.18</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.18</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.19</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.6</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.15</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.16</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.5</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.16</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.17</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.8</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.13</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.14</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.7</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.14</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.15</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.9</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.10</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.11</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.10</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.4.0.2</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.4.0.1</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.12</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.13</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.11</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.12</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.4.3</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.7</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.9</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.4.0.3</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.4.2</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.4.1</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.1</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.5.1</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.10</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.2</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.3</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.4</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.11</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.3</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.12</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.8</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.1</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.9</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.0.2</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.6</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.7</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.11</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.5</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.4</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.9</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.8</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.7</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.0.6</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.4</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.5</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.0.3</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.3.0.2</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:squid-cache:squid:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:novell:opensuse:11.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0128</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T11:09:05.710-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T07:56:35.213-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T07:56:32.667-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57288" xml:lang="en">57288</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.squid-cache.org/Advisories/SQUID-2014_1.txt" xml:lang="en">http://www.squid-cache.org/Advisories/SQUID-2014_1.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57889" xml:lang="en">57889</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html" xml:lang="en">openSUSE-SU-2014:0513</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0129">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0129</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.417-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:33:25.890-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T07:41:34.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://moodle.org/mod/forum/discuss.php?d=256424" xml:lang="en">https://moodle.org/mod/forum/discuss.php?d=256424</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/17/1" xml:lang="en">[oss-security] 20140317 Moodle security notifications public</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-44140" xml:lang="en">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-44140</vuln:reference>
+    </vuln:references>
+    <vuln:summary>badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0131">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0131</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T12:40:48.093-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T15:23:15.607-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.9</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T09:37:26.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/1fd819ecb90cc9b822cd84d3056ddba315d3340f" xml:lang="en">https://github.com/torvalds/linux/commit/1fd819ecb90cc9b822cd84d3056ddba315d3340f</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1fd819ecb90cc9b822cd84d3056ddba315d3340f" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1fd819ecb90cc9b822cd84d3056ddba315d3340f</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1074589" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1074589</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.spinics.net/lists/netdev/msg274316.html" xml:lang="en">[netdev] 20140310 [PATCH 5/5] skbuff: skb_segment: orphan frags before copying</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.spinics.net/lists/netdev/msg274250.html" xml:lang="en">[netdev] 20140310 [PATCH 0/5] skbuff: fix skb_segment with zero copy skbs</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/10/4" xml:lang="en">[oss-security] 20140310 CVE-2014-0131 -- kernel: net: use-after-free during segmentation with zerocopy</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0132">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:fedoraproject:389_directory_server:1.2.11.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.14</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.15</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.17</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.19</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.25</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.22</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.23</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.20</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.21</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.10</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.11</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.12</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.13</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.8</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.9</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.6</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.1</vuln:product>
+      <vuln:product>cpe:/a:fedoraproject:389_directory_server:1.2.11.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0132</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T13:02:53.420-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-19T10:12:09.563-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T10:12:03.673-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://fedorahosted.org/389/ticket/47739" xml:lang="en">https://fedorahosted.org/389/ticket/47739</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/" xml:lang="en">https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57427" xml:lang="en">57427</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57412" xml:lang="en">57412</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0292.html" xml:lang="en">RHSA-2014:0292</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0133">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.3.16"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.4.2</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.3.16</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.9</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.3.15</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.8</vuln:product>
+      <vuln:product>cpe:/o:novell:opensuse:13.1</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.4.3</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.11</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.10</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0133</vuln:cve-id>
+    <vuln:published-datetime>2014-03-28T11:55:08.607-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T10:00:27.687-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T10:00:17.577-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" xml:lang="en">[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html" xml:lang="en">openSUSE-SU-2014:0450</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0138">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.18.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.23.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.25.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.28.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.29.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.30.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.31.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.32.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.33.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.34.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.18.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.23.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.25.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.28.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.29.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.30.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.31.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.32.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.33.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.34.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.35.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.35.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:haxx:libcurl:7.27.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.20.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.28.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.20.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.31.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.24.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.23.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.23.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.10.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.22.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.35.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.10.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.10.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.34.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.25.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.28.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.11.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.11.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.11.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.10.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.33.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.26.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.13.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.13.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.13.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.31.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.29.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.27.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.20.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.30.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.10.8</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.18.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.33.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.17.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.14.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.14.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.24.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.28.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.22.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.18.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.32.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.18.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.18.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.18.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.18.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.20.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.34.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.26.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.17.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.11.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.12.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.12.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.12.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.12.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.13.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.13.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.23.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.13.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.30.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.32.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.23.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.17.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.11.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.11.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.35.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.12.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.25.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.12.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.12.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.12.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.14.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.14.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.17.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.10.8</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.29.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.28.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0138</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T10:55:04.107-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:03:03.573-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T08:41:01.737-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2902" xml:lang="en">DSA-2902</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57968" xml:lang="en">57968</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57966" xml:lang="en">57966</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57836" xml:lang="en">57836</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://curl.haxx.se/docs/adv_20140326A.html" xml:lang="en">http://curl.haxx.se/docs/adv_20140326A.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0139">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.16.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.18.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.21.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.23.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.25.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.28.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.29.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.30.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.31.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.32.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.33.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.34.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.16.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.18.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.21.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.23.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.25.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.28.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.29.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.30.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.31.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.32.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.33.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.34.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.35.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.35.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:haxx:libcurl:7.27.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.20.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.28.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.20.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.31.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.24.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.23.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.23.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.10.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.21.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.22.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.35.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.19.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.10.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.10.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.34.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.25.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.19.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.28.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.11.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.11.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.11.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.10.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.33.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.26.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.13.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.13.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.13.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.31.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.29.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.27.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.20.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.30.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.10.8</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.18.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.33.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.17.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.6</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.14.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.14.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.21.7</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.24.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.28.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.22.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.18.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.32.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.18.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.18.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.18.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.18.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.16.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.20.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.34.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.26.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.17.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.11.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.12.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.5</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.12.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.4</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.12.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.15.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.12.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.13.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.13.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.23.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.13.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.30.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.32.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.23.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.17.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.11.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.11.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.35.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.12.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.25.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.12.2</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.12.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.12.3</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.14.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.14.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.17.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.10.8</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.29.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.16.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.28.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.15.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0139</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T10:55:04.137-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:03:03.790-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T08:46:31.310-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2902" xml:lang="en">DSA-2902</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57968" xml:lang="en">57968</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57966" xml:lang="en">57966</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57836" xml:lang="en">57836</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://curl.haxx.se/docs/adv_20140326B.html" xml:lang="en">http://curl.haxx.se/docs/adv_20140326B.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0150">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.6.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.6.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.9.1-5"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.15.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.15.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.14.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.14.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.14.0:rc0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.13.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.13.0:rc0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0-rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0-rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0-rc0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0:rc0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:2.0.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:2.0.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:2.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:2.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:2.0.0:rc0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:redhat:enterprise_linux:6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:qemu:qemu:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.9.1-5</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.4.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.9.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0-rc0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0-rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0-rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.8.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.8.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.8.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.5.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.5.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.5.5</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.5.4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.5.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.5.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.14.0:rc0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.14.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.14.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.4.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.4.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.4.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1.4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1.5</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1.6</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.15.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.15.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1.1</vuln:product>
+      <vuln:product>cpe:/o:redhat:enterprise_linux:6</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:2.0.0:rc0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:2.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:2.0.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:2.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0:rc0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:2.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.13.0:rc0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.13.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.5</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.6</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.1:rc4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.1:rc3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.6.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.7.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.6.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.6.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.14.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.14.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.5</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.13.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:2.0.0:-</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.15.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.15.0:rc2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0150</vuln:cve-id>
+    <vuln:published-datetime>2014-04-18T10:55:25.947-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T11:04:45.497-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T11:04:44.373-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://thread.gmane.org/gmane.comp.emulators.qemu/266713" xml:lang="en">[Qemu-devel] 20140411 [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1078846" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1078846</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57878" xml:lang="en">57878</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://article.gmane.org/gmane.comp.emulators.qemu/266768" xml:lang="en">[Qemu-devel] 20140411 Re: [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0155">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0155</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T19:55:07.577-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T11:06:54.553-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T11:06:52.443-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60" xml:lang="en">http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1081589" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1081589</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/07/2" xml:lang="en">[oss-security] 20140407 CVE-2014-0155 -- kernel: kvm: BUG caused by invalid entry in guest ioapic redirection table</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC.  NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0157">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openstack:horizon:2013.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:horizon:2013.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:horizon:2013.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:horizon:2013.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openstack:horizon:2013.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:horizon:2013.2.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:horizon:2013.2.3</vuln:product>
+      <vuln:product>cpe:/a:openstack:horizon:2013.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0157</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T10:55:04.187-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T08:46:58.483-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T08:46:58.437-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/08/8" xml:lang="en">[oss-security] 20140408 [OSSA 2014-010] XSS in Horizon orchestration dashboard (CVE-2014-0157)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://launchpad.net/bugs/1289033" xml:lang="en">https://launchpad.net/bugs/1289033</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0159">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.4.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openafs:openafs:1.4.14.1</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.4.11</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.3</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.5.1</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.5.2</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.2.1</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.4</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.4.14</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.4.12</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.4.15</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.4.9</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.4.8</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.6</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.4.10</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0159</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T11:09:05.990-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T09:13:44.620-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T09:13:44.447-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog" xml:lang="en">http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2899" xml:lang="en">DSA-2899</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57832" xml:lang="en">57832</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57779" xml:lang="en">57779</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt" xml:lang="en">http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0160">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.1f"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.1b"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.1c"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.1d"/>
+        <cpe-lang:fact-ref name="cpe:/a:openssl:openssl:1.0.1e"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.1d</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.1c</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.1f</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.1b</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.1a</vuln:product>
+      <vuln:product>cpe:/a:openssl:openssl:1.0.1e</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0160</vuln:cve-id>
+    <vuln:published-datetime>2014-04-07T18:55:03.893-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T07:52:23.313-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T07:52:20.860-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT</vuln:source>
+      <vuln:reference href="http://www.us-cert.gov/ncas/alerts/TA14-098A" xml:lang="en">TA14-098A</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/720951" xml:lang="en">VU#720951</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.cert.fi/en/reports/2014/vulnerability788210.html" xml:lang="en">https://www.cert.fi/en/reports/2014/vulnerability788210.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html" xml:lang="en">[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gist.github.com/chapmajs/10473815" xml:lang="en">https://gist.github.com/chapmajs/10473815</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/mod-spdy/issues/detail?id=85" xml:lang="en">https://code.google.com/p/mod-spdy/issues/detail?id=85</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1084875" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1084875</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://blog.torproject.org/blog/openssl-bug-cve-2014-0160" xml:lang="en">https://blog.torproject.org/blog/openssl-bug-cve-2014-0160</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.splunk.com/view/SP-CAAAMB3" xml:lang="en">http://www.splunk.com/view/SP-CAAAMB3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030082" xml:lang="en">1030082</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030081" xml:lang="en">1030081</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030080" xml:lang="en">1030080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030079" xml:lang="en">1030079</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030078" xml:lang="en">1030078</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030077" xml:lang="en">1030077</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030074" xml:lang="en">1030074</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030026" xml:lang="en">1030026</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66690" xml:lang="en">66690</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.openssl.org/news/secadv_20140407.txt" xml:lang="en">http://www.openssl.org/news/secadv_20140407.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.f-secure.com/en/web/labs_global/fsc-2014-1" xml:lang="en">http://www.f-secure.com/en/web/labs_global/fsc-2014-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32764" xml:lang="en">32764</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32745" xml:lang="en">32745</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2896" xml:lang="en">DSA-2896</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.blackberry.com/btsc/KB35882" xml:lang="en">http://www.blackberry.com/btsc/KB35882</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21670161" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21670161</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed" xml:lang="en">20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57968" xml:lang="en">57968</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57966" xml:lang="en">57966</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57836" xml:lang="en">57836</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57721" xml:lang="en">57721</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57483" xml:lang="en">57483</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57347" xml:lang="en">57347</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/91" xml:lang="en">20140408 Re: heartbleed OpenSSL bug CVE-2014-0160</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/90" xml:lang="en">20140408 heartbleed OpenSSL bug CVE-2014-0160</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/190" xml:lang="en">20140412 Re: heartbleed OpenSSL bug CVE-2014-0160</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/173" xml:lang="en">20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/109" xml:lang="en">20140409 Re: heartbleed OpenSSL bug CVE-2014-0160</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0396.html" xml:lang="en">RHSA-2014:0396</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0378.html" xml:lang="en">RHSA-2014:0378</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0377.html" xml:lang="en">RHSA-2014:0377</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0376.html" xml:lang="en">RHSA-2014:0376</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139722163017074&amp;w=2" xml:lang="en">HPSBMU02995</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html" xml:lang="en">SUSE-SA:2014:002</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html" xml:lang="en">openSUSE-SU-2014:0492</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html" xml:lang="en">FEDORA-2014-4910</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html" xml:lang="en">FEDORA-2014-4879</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://heartbleed.com/" xml:lang="en">http://heartbleed.com/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3" xml:lang="en">http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/" xml:lang="en">http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0162">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openstack:icehouse:rc-1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:icehouse:rc-1</vuln:product>
+      <vuln:product>cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0162</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T16:55:23.667-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T14:09:33.227-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T14:09:33.180-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://launchpad.net/bugs/1298698" xml:lang="en">https://launchpad.net/bugs/1298698</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/10/13" xml:lang="en">[oss-security] 20140410 [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0165">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.9.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.4:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2.5:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:0.71"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.3.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.3.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.4.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.4.0</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.4.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2.5:a</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.5.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.6.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.0</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.6.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.9.1.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.8.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.5.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.5.1.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.9.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.5.1.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.5.0</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:0.71</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.9</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.7</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.6</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.8</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.6</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.7</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.6</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.4</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.6.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.4:a</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.5.1.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0165</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T20:55:06.267-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-10T10:18:56.427-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-10T10:18:45.597-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1085866" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1085866</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://core.trac.wordpress.org/changeset/27976" xml:lang="en">http://core.trac.wordpress.org/changeset/27976</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://codex.wordpress.org/Version_3.8.2" xml:lang="en">http://codex.wordpress.org/Version_3.8.2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://codex.wordpress.org/Version_3.7.2" xml:lang="en">http://codex.wordpress.org/Version_3.7.2</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0166">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.9.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.4:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2.5:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:0.71"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.3.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.3.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.4.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.4.0</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.4.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2.5:a</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.5.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.6.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.0</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.6.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.9.1.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.8.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.5.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.5.1.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.9.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.5.1.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.5.0</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:0.71</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.9</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.7</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.6</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.0</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.8</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.6</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.7</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.6</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.4</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.6.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.8.4:a</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:3.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:wordpress:wordpress:1.5.1.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0166</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T20:55:09.530-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-10T10:20:58.303-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-10T10:20:57.740-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1085858" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1085858</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://core.trac.wordpress.org/changeset/28054" xml:lang="en">http://core.trac.wordpress.org/changeset/28054</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://codex.wordpress.org/Version_3.8.2" xml:lang="en">http://codex.wordpress.org/Version_3.8.2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://codex.wordpress.org/Version_3.7.2" xml:lang="en">http://codex.wordpress.org/Version_3.7.2</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0167">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openstack:icehouse:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:compute:2013.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:compute:2013.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:compute:2013.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:compute:2013.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:compute:2013.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:compute:2013.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:compute:2013.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:compute:2013.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openstack:compute:2013.1.3</vuln:product>
+      <vuln:product>cpe:/a:openstack:compute:2013.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:compute:2013.2.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:compute:2013.2.3</vuln:product>
+      <vuln:product>cpe:/a:openstack:compute:2013.2.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:compute:2013.1.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:compute:2013.1.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:compute:2013.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:icehouse:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0167</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T10:55:04.200-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T09:15:02.540-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T09:15:02.447-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/09/26" xml:lang="en">[oss-security] 20140409 [OSSA 2014-011] RBAC policy not properly enforced in Nova EC2 API  (CVE-2014-0167)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://launchpad.net/bugs/1290537" xml:lang="en">https://launchpad.net/bugs/1290537</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0172">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:elfutils_project:elfutils:0.153"/>
+        <cpe-lang:fact-ref name="cpe:/a:elfutils_project:elfutils:0.154"/>
+        <cpe-lang:fact-ref name="cpe:/a:elfutils_project:elfutils:0.155"/>
+        <cpe-lang:fact-ref name="cpe:/a:elfutils_project:elfutils:0.156"/>
+        <cpe-lang:fact-ref name="cpe:/a:elfutils_project:elfutils:0.157"/>
+        <cpe-lang:fact-ref name="cpe:/a:elfutils_project:elfutils:0.158"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:elfutils_project:elfutils:0.154</vuln:product>
+      <vuln:product>cpe:/a:elfutils_project:elfutils:0.153</vuln:product>
+      <vuln:product>cpe:/a:elfutils_project:elfutils:0.156</vuln:product>
+      <vuln:product>cpe:/a:elfutils_project:elfutils:0.155</vuln:product>
+      <vuln:product>cpe:/a:elfutils_project:elfutils:0.157</vuln:product>
+      <vuln:product>cpe:/a:elfutils_project:elfutils:0.158</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0172</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T11:55:18.757-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T11:12:23.983-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T11:12:23.903-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-April/003921.html" xml:lang="en">[elfutils-devel] 20140409 [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1085663" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1085663</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66714" xml:lang="en">66714</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/54" xml:lang="en">[oss-security] 20140409 Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0173">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.9.3::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.9.2::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.9.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.9::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.8::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.7::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.6.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.6::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.5::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.4.2::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.4.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.4::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.3.5::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.3.4::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.3.3::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.3.2::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.3.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.3::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.2.5::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.2.4::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.2.3::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.2.2::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.2.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.2::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.1.2::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.1.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.0.4::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.0.3::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.0.2::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.0.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:2.0::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:1.9.2::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:1.9.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:automattic:jetpack:1.9::~~~wordpress~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:automattic:jetpack:2.3.3::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.3.4::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.3.5::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:1.9::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.0.3::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.2.2::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.0.2::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.2.3::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.0.4::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.2.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.6.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.5::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.4::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.7::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.6::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.9.3::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.9.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.9.2::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.4.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.4.2::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.9::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.8::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:1.9.2::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.3::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.2::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.1.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.0::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.1.2::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.3.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.3.2::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.0.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.2.5::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:2.2.4::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:automattic:jetpack:1.9.1::~~~wordpress~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0173</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T09:06:27.023-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T12:05:00.417-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-22T12:04:55.887-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92560" xml:lang="en">jetpack-wordpress-cve20140173-sec-bypass(92560)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66789" xml:lang="en">66789</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57729" xml:lang="en">57729</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://jetpack.me/2014/04/10/jetpack-security-update/" xml:lang="en">http://jetpack.me/2014/04/10/jetpack-security-update/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors.  NOTE: some of these details are obtained from third party information.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0181">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0181</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T20:55:05.750-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T11:50:11.293-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T11:50:05.183-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e" xml:lang="en">https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/23/6" xml:lang="en">[oss-security] 20140423 Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://marc.info/?l=linux-netdev&amp;m=139828832919748&amp;w=2" xml:lang="en">[netdev] 20140423 [PATCH 0/5]: Preventing abuse when passing file descriptors</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0187">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2014.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.2.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openstack:neutron:2013.2.3</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.1.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.2.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.1.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.1.4</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.2.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.1.3</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.1.5</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2014.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0187</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:06.237-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T10:26:22.943-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T10:26:22.817-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.launchpad.net/neutron/+bug/1300785" xml:lang="en">https://bugs.launchpad.net/neutron/+bug/1300785</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/22/8" xml:lang="en">[oss-security] 20140422 [OSSA 2014-014] Neutron security groups bypass through invalid CIDR (CVE-2014-0187)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0188">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:1.1:-:enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:1.0:-:enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:1.2.2:-:enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:2.0.5::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:2.0.4::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:2.0.3::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:2.0.2::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:2.0.1::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:2.0::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:1.2.7::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:1.2.6::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:1.2.5::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:1.2.4::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:1.2.3::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:1.2.1::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:openshift:1.2::enterprise"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:redhat:openshift:1.0:-:enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:1.1:-:enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:1.2::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:2.0.2::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:1.2.5::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:1.2.4::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:1.2.3::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:1.2.7::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:1.2.6::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:1.2.1::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:2.0.1::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:2.0.4::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:2.0.3::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:2.0.5::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:2.0::enterprise</vuln:product>
+      <vuln:product>cpe:/a:redhat:openshift:1.2.2:-:enterprise</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0188</vuln:cve-id>
+    <vuln:published-datetime>2014-04-24T10:55:04.263-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T15:06:46.787-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T15:06:46.570-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1090120" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1090120</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0423.html" xml:lang="en">RHSA-2014:0423</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0422.html" xml:lang="en">RHSA-2014:0422</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0189">
+    <vuln:cve-id>CVE-2014-0189</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:05.823-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:05.823-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1088732" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1088732</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1081286" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1081286</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67089" xml:lang="en">67089</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/28/2" xml:lang="en">[oss-security] 20140428 CVE-2014-0189: /etc/sysconfig/virt-who is world-readable (contains unencrypted passwords)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0235">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0235</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:05.400-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T11:45:45.060-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T11:45:02.277-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-018" xml:lang="en">MS14-018</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0253">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:4.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:2.0:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:1.1:sp1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:.net_framework:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:4.5</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:4.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:4.5.1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:1.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:2.0:sp2</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:3.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0253</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:39.937-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T09:17:57.830-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T09:17:57.767-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-009" xml:lang="en">MS14-009</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0254">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x86"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_rt:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x64</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0254</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:39.970-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T09:24:07.187-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T09:24:06.330-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-006" xml:lang="en">MS14-006</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0257">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:1.0:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:4.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:2.0:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:1.1:sp1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:.net_framework:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:4.5</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:4.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:4.5.1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:1.0:sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:1.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:2.0:sp2</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:3.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0257</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:39.987-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T09:37:47.970-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T09:37:47.907-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-009" xml:lang="en">MS14-009</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0258">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word_viewer"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office_compatibility_pack::sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2007:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2003:sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:word:2007:sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word_viewer</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2003:sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office_compatibility_pack::sp3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0258</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:13:03.837-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:40.223-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T15:54:15.187-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-001" xml:lang="en">MS14-001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029599" xml:lang="en">1029599</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029598" xml:lang="en">1029598</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0259">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office_compatibility_pack::sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2007:sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:word:2007:sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office_compatibility_pack::sp3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0259</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:13:03.850-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:40.300-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T15:54:48.907-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-001" xml:lang="en">MS14-001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029599" xml:lang="en">1029599</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029598" xml:lang="en">1029598</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0260">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office_web_apps_server:2013"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2013:-:~-~-~rt~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office_web_apps:2010:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office_web_apps:2010:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:sharepoint_server:2013"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:sharepoint_server:2010:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:sharepoint_server:2010:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2013"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2010:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2010:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word_viewer"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office_compatibility_pack::sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2007:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2003:sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:word:2007:sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2003:sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2013:-:~-~-~rt~~</vuln:product>
+      <vuln:product>cpe:/a:microsoft:sharepoint_server:2013</vuln:product>
+      <vuln:product>cpe:/a:microsoft:sharepoint_server:2010:sp1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2010:sp2</vuln:product>
+      <vuln:product>cpe:/a:microsoft:sharepoint_server:2010:sp2</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2010:sp1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word_viewer</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office_web_apps:2010:sp1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office_web_apps:2010:sp2</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2013</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office_compatibility_pack::sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office_web_apps_server:2013</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0260</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:13:03.883-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:40.397-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T16:14:49.357-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-001" xml:lang="en">MS14-001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029599" xml:lang="en">1029599</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029598" xml:lang="en">1029598</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0261">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:dynamics_ax:4.0:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:dynamics_ax:2009:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:dynamics_ax:2012"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:dynamics_ax:2012:r2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:dynamics_ax:2012</vuln:product>
+      <vuln:product>cpe:/a:microsoft:dynamics_ax:2009:sp1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:dynamics_ax:4.0:sp2</vuln:product>
+      <vuln:product>cpe:/a:microsoft:dynamics_ax:2012:r2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0261</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:13:03.913-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:40.473-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T16:28:51.907-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-004" xml:lang="en">MS14-004</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029601" xml:lang="en">1029601</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS) instance, aka "Query Filter DoS Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0262">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0262</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:13:03.930-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:10.437-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T16:36:09.010-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-003" xml:lang="en">MS14-003</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029600" xml:lang="en">1029600</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64725" xml:lang="en">64725</vuln:reference>
+    </vuln:references>
+    <vuln:summary>win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0263">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt_8.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_rt:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_rt_8.1:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0263</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.033-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T10:05:35.597-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T10:05:35.397-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-007" xml:lang="en">MS14-007</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a large 2D geometric figure that is encountered with Internet Explorer, aka "Microsoft Graphics Component Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0266">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:xml_core_services:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt_8.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:-:sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_xp:-:sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_rt_8.1:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp3</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_rt:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+      <vuln:product>cpe:/a:microsoft:xml_core_services:3.0</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0266</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.063-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T10:16:06.827-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T10:15:57.247-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-005" xml:lang="en">MS14-005</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0267">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0267</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.077-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T10:24:27.297-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T10:23:59.703-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0289 and CVE-2014-0290.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0268">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0268</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.110-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T12:37:47.780-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T10:33:18.007-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0269">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0269</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.140-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T10:56:28.060-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T10:56:11.310-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0270">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0270</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.157-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T10:50:09.967-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T10:50:09.920-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0273, CVE-2014-0274, and CVE-2014-0288.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0271">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:vbscript:5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:vbscript:5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:vbscript:5.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+      <vuln:product>cpe:/a:microsoft:vbscript:5.7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:vbscript:5.8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:vbscript:5.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0271</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.187-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T10:55:45.167-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T10:55:30.337-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-011" xml:lang="en">MS14-011</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0272">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0272</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.220-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T11:10:52.750-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T11:10:52.687-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0273">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0273</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.237-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T11:12:40.707-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T11:12:39.800-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0274, and CVE-2014-0288.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0274">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0274</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.267-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T12:23:54.710-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T11:28:52.573-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0288.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0275">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0275</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.283-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T11:18:26.453-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T11:18:25.847-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0285 and CVE-2014-0286.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0276">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0276</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.313-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T11:30:51.483-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T11:30:43.170-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0277">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0277</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.327-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T12:23:40.693-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T11:36:02.823-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0278 and CVE-2014-0279.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0278">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0278</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.360-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T12:22:47.973-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T11:37:27.373-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0279.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0279">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0279</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.377-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T12:22:08.970-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:03:21.357-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0278.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0280">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0280</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.407-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T11:47:48.537-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T11:47:48.287-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0281">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0281</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.423-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T12:21:54.957-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:05:35.547-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0287.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0283">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0283</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.453-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T12:17:10.193-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:06:26.223-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0284">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0284</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.470-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T13:18:03.483-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:07:13.270-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0285">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0285</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.500-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T13:17:31.247-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:08:07.087-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0286.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0286">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0286</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.517-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T13:15:50.350-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:08:51.727-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0285.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0287">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0287</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.547-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T13:12:59.847-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:09:35.510-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0281.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0288">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0288</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.563-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T13:12:30.093-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:10:17.467-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0274.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0289">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0289</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.593-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T13:12:15.627-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:11:10.890-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0290.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0290">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0290</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.627-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T13:11:15.107-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:12:13.813-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0289.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0293">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0293</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.640-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T13:11:01.577-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:14:12.817-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-010" xml:lang="en">MS14-010</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0294">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:microsoft_forefront_protection_2010:-::~~~exchange_server~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:microsoft_forefront_protection_2010:-::~~~exchange_server~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0294</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:40.673-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T12:15:29.807-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:14:22.427-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-008" xml:lang="en">MS14-008</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0295">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:.net_framework:2.0:sp2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:.net_framework:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:.net_framework:2.0:sp2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0295</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:41.283-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-12T12:41:52.257-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T12:25:19.577-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-009" xml:lang="en">MS14-009</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.greyhathacker.net/?p=585" xml:lang="en">http://www.greyhathacker.net/?p=585</vuln:reference>
+    </vuln:references>
+    <vuln:summary>VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0297">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0297</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.333-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T15:04:17.427-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T15:04:13.253-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0308, CVE-2014-0312, and CVE-2014-0324.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0298">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0298</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.367-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T15:05:44.977-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T15:05:44.943-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0299">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0299</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.397-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T15:14:52.597-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T15:14:52.347-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0305 and CVE-2014-0311.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0300">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt_8.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:-:sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_xp:-:sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp3</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_rt:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_rt_8.1:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0300</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.413-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T16:14:32.030-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T16:14:31.017-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-015" xml:lang="en">MS14-015</vuln:reference>
+    </vuln:references>
+    <vuln:summary>win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0301">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:-:sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_xp:-:sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp3</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0301</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.443-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T17:36:34.620-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T17:36:34.200-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-013" xml:lang="en">MS14-013</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0302">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0302</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.460-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T15:16:43.177-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T15:16:38.070-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0303.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0303">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0303</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.473-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T15:18:50.433-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T15:18:50.230-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0302.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0304">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0304</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.507-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T15:20:17.560-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T15:20:00.683-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0305">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0305</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.520-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T15:21:09.153-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T15:21:08.887-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and CVE-2014-0311.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0306">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0306</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.553-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T15:22:37.173-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T15:22:36.983-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0307">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0307</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.567-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:56:05.470-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T15:24:08.610-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32438" xml:lang="en">32438</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0308">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0308</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.600-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T15:58:22.070-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T15:58:22.007-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0312, and CVE-2014-0324.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0309">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0309</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.630-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T15:59:09.850-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T15:59:09.803-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0311">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0311</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.677-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T16:00:10.680-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T16:00:02.040-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and CVE-2014-0305.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0312">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0312</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.723-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T16:01:06.183-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T16:01:05.073-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0324.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0313">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0313</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.770-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T16:02:27.310-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T16:01:45.760-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0321.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0314">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0314</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.833-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T16:03:43.093-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T16:03:42.997-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0315">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt_8.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:-:sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_xp:-:sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp3</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_rt:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_rt_8.1:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0315</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:05.853-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T19:21:46.920-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T19:21:37.497-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-019" xml:lang="en">MS14-019</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://blogs.technet.com/b/srd/archive/2014/04/08/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file.aspx" xml:lang="en">http://blogs.technet.com/b/srd/archive/2014/04/08/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file.aspx</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0317">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:-:sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_xp:-:sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp3</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0317</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.897-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T17:43:58.897-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T17:43:58.430-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-016" xml:lang="en">MS14-016</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0319">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:5.0.60401.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:5.0.60818.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:5.0.60818.0:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:5.0.61118.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:5.1.10411.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:5.1.20125.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:5.1.20513.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:silverlight:5.1.20913.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:silverlight:5.1.20513.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:5.0.60401.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:5.0.60818.0:rc</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:5.1.20913.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:5.0.60818.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:5.1.20125.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:5.0.61118.0</vuln:product>
+      <vuln:product>cpe:/a:microsoft:silverlight:5.1.10411.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0319</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:19.943-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T17:59:11.997-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T17:59:10.920-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-014" xml:lang="en">MS14-014</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka "Silverlight DEP/ASLR Bypass Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0321">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0321</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:20.007-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T16:05:42.407-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T16:05:42.313-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0313.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0322">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0322</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T11:55:07.500-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:44:01.910-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:33:47.520-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/732479" xml:lang="en">VU#732479</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.dropbox.com/s/pyxjgycmudirbqe/CVE-2014-0322.zip" xml:lang="en">https://www.dropbox.com/s/pyxjgycmudirbqe/CVE-2014-0322.zip</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html" xml:lang="en">http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html" xml:lang="en">http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/nanoc0re/statuses/434251658344673281" xml:lang="en">http://twitter.com/nanoc0re/statuses/434251658344673281</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/advisory/2934088" xml:lang="en">http://technet.microsoft.com/security/advisory/2934088</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://community.websense.com/blogs/securitylabs/archive/2014/02/13/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx" xml:lang="en">http://community.websense.com/blogs/securitylabs/archive/2014/02/13/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, as exploited in the wild in January and February 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0323">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt_8.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_rt:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:-"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8:-:-:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008:r2:sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_7::sp1:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2008::sp2:x86"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_vista::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:itanium"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_server_2003::sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp:-:sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_xp::sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_xp:-:sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_xp::sp3</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~essentials~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_7::sp1:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_rt:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8:-:-:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x64~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:x86</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-:-:~-~-~-~x86~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_rt_8.1:-</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_vista::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~standard~~~</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008:r2:sp1:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2003::sp2:x64</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2008::sp2:itanium</vuln:product>
+      <vuln:product>cpe:/o:microsoft:windows_server_2012:r2:-:~-~datacenter~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0323</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:20.037-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T16:16:17.063-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T16:16:15.847-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-015" xml:lang="en">MS14-015</vuln:reference>
+    </vuln:references>
+    <vuln:summary>win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0324">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0324</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:20.067-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T16:06:18.347-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T16:06:18.237-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-012" xml:lang="en">MS14-012</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0312.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0329">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:zte:zxv10_w300:2.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:zte:zxv10_w300:2.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0329</vuln:cve-id>
+    <vuln:published-datetime>2014-02-04T00:39:08.450-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-13T10:13:58.487-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-04T07:45:18.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/228886" xml:lang="en">VU#228886</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90958" xml:lang="en">zxv10-w300-cve20140329-sec-bypass(90958)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65310" xml:lang="en">65310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html" xml:lang="en">http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102816" xml:lang="en">102816</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html" xml:lang="en">http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0330">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:dell:kace_k1000_systems_management_appliance_software:5.5.90545"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:dell:kace_k1000_systems_management_appliance:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:dell:kace_k1000_systems_management_appliance:-</vuln:product>
+      <vuln:product>cpe:/a:dell:kace_k1000_systems_management_appliance_software:5.5.90545</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0330</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T18:55:03.993-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-07T13:09:12.020-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T13:09:11.940-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/813382" xml:lang="en">VU#813382</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0331">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:fortinet:fortiadc_firmware:3.2.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:fortinet:fortiadc-4000d:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:fortinet:fortiadc-2000d:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:fortinet:fortiadc-1500d:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:fortinet:fortiadc-1000e:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:fortinet:fortiadc-600e:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:fortinet:fortiadc-400e:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:fortinet:fortiadc-300e:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:fortinet:fortiadc-200d:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:fortinet:fortiadc-300e:-</vuln:product>
+      <vuln:product>cpe:/h:fortinet:fortiadc-400e:-</vuln:product>
+      <vuln:product>cpe:/o:fortinet:fortiadc_firmware:3.2.0</vuln:product>
+      <vuln:product>cpe:/h:fortinet:fortiadc-200d:-</vuln:product>
+      <vuln:product>cpe:/h:fortinet:fortiadc-1500d:-</vuln:product>
+      <vuln:product>cpe:/h:fortinet:fortiadc-1000e:-</vuln:product>
+      <vuln:product>cpe:/h:fortinet:fortiadc-4000d:-</vuln:product>
+      <vuln:product>cpe:/h:fortinet:fortiadc-2000d:-</vuln:product>
+      <vuln:product>cpe:/h:fortinet:fortiadc-600e:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0331</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T16:29:20.440-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T11:35:42.060-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T11:35:33.557-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.fortiguard.com/advisory/FG-IR-14-004" xml:lang="en">http://www.fortiguard.com/advisory/FG-IR-14-004</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/53" xml:lang="en">20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0332">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:dell:sonicwall_global_management_system:7.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dell:sonicwall_global_management_system:7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dell:sonicwall_global_management_system:7.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:dell:sonicwall_analyzer:7.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dell:sonicwall_analyzer:7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dell:sonicwall_analyzer:7.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:dell:sonicwall_universal_management_appliance_e5000:7.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dell:sonicwall_universal_management_appliance_e5000:7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:dell:sonicwall_universal_management_appliance_e5000:7.0:sp1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:dell:sonicwall_universal_management_appliance_e5000:7.0:sp1</vuln:product>
+      <vuln:product>cpe:/a:dell:sonicwall_universal_management_appliance_e5000:7.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:dell:sonicwall_analyzer:7.1</vuln:product>
+      <vuln:product>cpe:/a:dell:sonicwall_analyzer:7.0</vuln:product>
+      <vuln:product>cpe:/a:dell:sonicwall_global_management_system:7.1</vuln:product>
+      <vuln:product>cpe:/a:dell:sonicwall_global_management_system:7.0</vuln:product>
+      <vuln:product>cpe:/a:dell:sonicwall_universal_management_appliance_e5000:7.1</vuln:product>
+      <vuln:product>cpe:/a:dell:sonicwall_analyzer:7.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:dell:sonicwall_global_management_system:7.1:sp1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0332</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T11:55:08.030-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:23.533-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T12:14:29.720-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/727318" xml:lang="en">VU#727318</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91062" xml:lang="en">sonicwall-cve20140332-nodeid-xss(91062)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf" xml:lang="en">http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0333">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.1:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.2:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.3:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.4:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.7:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.8:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:libpng:libpng:1.6.9:beta"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.2:beta</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.5</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.1:beta</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.7</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.0:beta</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.6</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.9</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.8</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.4:beta</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.3:beta</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.4</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.9:beta</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.8:beta</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.7:beta</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:libpng:libpng:1.6.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0333</vuln:cve-id>
+    <vuln:published-datetime>2014-02-27T15:55:04.850-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:56:09.813-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T10:45:31.003-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/684412" xml:lang="en">VU#684412</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff" xml:lang="en">ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff" xml:lang="en">https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html" xml:lang="en">openSUSE-SU-2014:0358</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0334">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0334</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T12:55:02.720-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:58:20.833-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T11:56:51.667-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/526062" xml:lang="en">VU#526062</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0335">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:serena:dimensions_cm:12.2:build7.199.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:serena:dimensions_cm:12.2:build7.199.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0335</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.130-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:19:21.430-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T11:21:03.383-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/823452" xml:lang="en">VU#823452</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0336">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:serena:dimensions_cm:12.2:build7.199.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:serena:dimensions_cm:12.2:build7.199.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0336</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.147-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:19:02.663-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T11:24:31.217-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/823452" xml:lang="en">VU#823452</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the adminconsole/ URI.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0337">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:huawei:echo_life_hg8247_firmware:v1r006c00s120"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:huawei:echo_life:hg8247"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:huawei:echo_life:hg8247</vuln:product>
+      <vuln:product>cpe:/o:huawei:echo_life_hg8247_firmware:v1r006c00s120</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0337</vuln:cve-id>
+    <vuln:published-datetime>2014-04-05T00:01:37.547-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-07T10:36:28.637-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-07T10:36:28.573-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/917700" xml:lang="en">VU#917700</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0338">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:watchguard:fireware:11.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:watchguard:fireware:11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:watchguard:fireware:11.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:watchguard:fireware:11.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:watchguard:fireware:11.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:watchguard:fireware:11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:watchguard:fireware:11.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:watchguard:fireware:11.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:watchguard:fireware:11.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:watchguard:fireware:11.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:watchguard:fireware:11.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:watchguard:fireware:11.6.3</vuln:product>
+      <vuln:product>cpe:/o:watchguard:fireware:11.7.4</vuln:product>
+      <vuln:product>cpe:/o:watchguard:fireware:11.6.1</vuln:product>
+      <vuln:product>cpe:/o:watchguard:fireware:11.7.3</vuln:product>
+      <vuln:product>cpe:/o:watchguard:fireware:11.6</vuln:product>
+      <vuln:product>cpe:/o:watchguard:fireware:11.7</vuln:product>
+      <vuln:product>cpe:/o:watchguard:fireware:11.8.1</vuln:product>
+      <vuln:product>cpe:/o:watchguard:fireware:11.7.2</vuln:product>
+      <vuln:product>cpe:/o:watchguard:fireware:11.6.6</vuln:product>
+      <vuln:product>cpe:/o:watchguard:fireware:11.8</vuln:product>
+      <vuln:product>cpe:/o:watchguard:fireware:11.6.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0338</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.117-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-17T14:05:17.487-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T14:05:13.097-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/807134" xml:lang="en">VU#807134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://watchguardsecuritycenter.com/2014/03/13/fireware-xtm-11-8-3-update-corrects-xss-flaw/" xml:lang="en">http://watchguardsecuritycenter.com/2014/03/13/fireware-xtm-11-8-3-update-corrects-xss-flaw/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the pol_name parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0339">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:webmin:webmin:1.670"/>
+        <cpe-lang:fact-ref name="cpe:/a:webmin:webmin:1.650"/>
+        <cpe-lang:fact-ref name="cpe:/a:webmin:webmin:1.630"/>
+        <cpe-lang:fact-ref name="cpe:/a:webmin:webmin:1.610"/>
+        <cpe-lang:fact-ref name="cpe:/a:webmin:webmin:1.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:webmin:webmin:1.620"/>
+        <cpe-lang:fact-ref name="cpe:/a:webmin:webmin:1.640"/>
+        <cpe-lang:fact-ref name="cpe:/a:webmin:webmin:1.660"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:webmin:webmin:1.620</vuln:product>
+      <vuln:product>cpe:/a:webmin:webmin:1.650</vuln:product>
+      <vuln:product>cpe:/a:webmin:webmin:1.600</vuln:product>
+      <vuln:product>cpe:/a:webmin:webmin:1.640</vuln:product>
+      <vuln:product>cpe:/a:webmin:webmin:1.670</vuln:product>
+      <vuln:product>cpe:/a:webmin:webmin:1.610</vuln:product>
+      <vuln:product>cpe:/a:webmin:webmin:1.630</vuln:product>
+      <vuln:product>cpe:/a:webmin:webmin:1.660</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0339</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.147-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-17T14:12:07.793-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T14:12:07.310-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/381692" xml:lang="en">VU#381692</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.webmin.com/changes.html" xml:lang="en">http://www.webmin.com/changes.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0341">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.0:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.0:b2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.0:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.0:b1</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.0:b2</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.0:rc</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0341</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T06:55:11.870-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T12:36:29.267-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T12:36:29.093-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/901156" xml:lang="en">VU#901156</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/pivot-weblog/code/4349/" xml:lang="en">http://sourceforge.net/p/pivot-weblog/code/4349/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/pivot-weblog/code/4345/" xml:lang="en">http://sourceforge.net/p/pivot-weblog/code/4345/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://pivotx.net/page/security" xml:lang="en">http://pivotx.net/page/security</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released" xml:lang="en">http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0342">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.0:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.0:b2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.0:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:pivotx:pivotx:2.2.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.0:b1</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.0:b2</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:pivotx:pivotx:2.2.0:rc</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0342</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T06:55:11.900-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T12:39:56.837-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T12:39:56.727-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/901156" xml:lang="en">VU#901156</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/pivot-weblog/code/4347/" xml:lang="en">http://sourceforge.net/p/pivot-weblog/code/4347/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://pivotx.net/page/security" xml:lang="en">http://pivotx.net/page/security</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released" xml:lang="en">http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0343">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:virtualaccess:gw6110a_firmware:9.00"/>
+          <cpe-lang:fact-ref name="cpe:/o:virtualaccess:gw6110a_firmware:10.00"/>
+          <cpe-lang:fact-ref name="cpe:/o:virtualaccess:gw6110a_firmware:9.50"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:virtualaccess:gw6110a:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:virtualaccess:gw6110a_firmware:9.50</vuln:product>
+      <vuln:product>cpe:/o:virtualaccess:gw6110a_firmware:9.00</vuln:product>
+      <vuln:product>cpe:/h:virtualaccess:gw6110a:-</vuln:product>
+      <vuln:product>cpe:/o:virtualaccess:gw6110a_firmware:10.00</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0343</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T16:55:07.027-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T11:48:18.507-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T11:48:18.443-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/213046" xml:lang="en">VU#213046</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0344">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:zohocorp:manageengine_opstor:8.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:zohocorp:manageengine_opstor:8.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0344</vuln:cve-id>
+    <vuln:published-datetime>2014-03-29T16:55:04.060-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T13:20:03.827-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:20:01.483-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/140886" xml:lang="en">VU#140886</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0346">
+    <vuln:cve-id>CVE-2014-0346</vuln:cve-id>
+    <vuln:published-datetime>2014-04-07T18:55:03.940-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-07T18:55:04.020-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-0160.  Reason: This candidate is a reservation duplicate of CVE-2014-0160.  Notes: All CVE users should reference CVE-2014-0160 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0347">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:websense:triton_unified_security_center:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:websense:triton_web_filter:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:websense:triton_web_security:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:websense:triton_web_security_gateway:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:websense:triton_web_security_gateway_anywhere:7.7.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:websense:triton_web_filter:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:websense:triton_unified_security_center:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:websense:triton_web_security_gateway_anywhere:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:websense:triton_web_security:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:websense:triton_web_security_gateway:7.7.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0347</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.377-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:39:34.860-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:39:23.983-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/568252" xml:lang="en">VU#568252</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&amp;prodidx=20&amp;osidx=0&amp;intidx=0&amp;versionidx=0" xml:lang="en">https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&amp;prodidx=20&amp;osidx=0&amp;intidx=0&amp;versionidx=0</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0348">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ontariosystems:artiva_workstation:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ontariosystems:artiva_rm:3.1:mr7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ontariosystems:artiva_healthcare:5.2:mr5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ontariosystems:artiva_architect:3.2:mr5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ontariosystems:artiva_healthcare:5.2:mr5</vuln:product>
+      <vuln:product>cpe:/a:ontariosystems:artiva_architect:3.2:mr5</vuln:product>
+      <vuln:product>cpe:/a:ontariosystems:artiva_rm:3.1:mr7</vuln:product>
+      <vuln:product>cpe:/a:ontariosystems:artiva_workstation:1.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0348</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T06:55:11.947-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T12:57:11.933-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T12:57:11.637-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/215284" xml:lang="en">VU#215284</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding username on a Windows client machine.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0349">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:j2k-codec:j2k-codec:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:j2k-codec:j2k-codec:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0349</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.423-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:47:35.313-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:47:35.283-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/345337" xml:lang="en">VU#345337</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in J2k-Codec allow remote attackers to execute arbitrary code via a crafted JPEG 2000 file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0350">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:p3"/>
+        <cpe-lang:fact-ref name="cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:p2</vuln:product>
+      <vuln:product>cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:p1</vuln:product>
+      <vuln:product>cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:p3</vuln:product>
+      <vuln:product>cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:-</vuln:product>
+      <vuln:product>cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0350</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T21:55:04.967-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T09:03:33.290-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T09:03:33.243-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/118748" xml:lang="en">VU#118748</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG" xml:lang="en">https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0353">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:zyxel:n300_netusb_nbg-419n_firmware:1.00%28bfq_6%29c0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:zyxel:n300_netusb_nbg-419n:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:zyxel:n300_netusb_nbg-419n_firmware:1.00%28bfq_6%29c0</vuln:product>
+      <vuln:product>cpe:/h:zyxel:n300_netusb_nbg-419n:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0353</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T06:55:11.963-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T13:55:05.707-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.1</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T13:55:01.190-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/939260" xml:lang="en">VU#939260</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0354">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:zyxel:n300_netusb_nbg-419n_firmware:1.00%28bfq_6%29c0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:zyxel:n300_netusb_nbg-419n:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:zyxel:n300_netusb_nbg-419n_firmware:1.00%28bfq_6%29c0</vuln:product>
+      <vuln:product>cpe:/h:zyxel:n300_netusb_nbg-419n:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0354</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T06:55:11.993-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T13:56:13.817-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T13:56:13.740-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/939260" xml:lang="en">VU#939260</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0355">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:zyxel:n300_netusb_nbg-419n_firmware:1.00%28bfq_6%29c0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:zyxel:n300_netusb_nbg-419n:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:zyxel:n300_netusb_nbg-419n_firmware:1.00%28bfq_6%29c0</vuln:product>
+      <vuln:product>cpe:/h:zyxel:n300_netusb_nbg-419n:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0355</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T06:55:12.027-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T13:56:33.943-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.9</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T13:56:33.850-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/939260" xml:lang="en">VU#939260</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather function; the (2) WeatherCity or (3) WeatherDegree variable to the detectWeather function; unspecified input to the (4) UpnpAddRunRLQoS, (5) UpnpDeleteRunRLQoS, or (6) UpnpDeletePortCheckType function; or (7) the SET COUNTRY udps command.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0356">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:zyxel:n300_netusb_nbg-419n_firmware:1.00%28bfq_6%29c0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:zyxel:n300_netusb_nbg-419n:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:zyxel:n300_netusb_nbg-419n_firmware:1.00%28bfq_6%29c0</vuln:product>
+      <vuln:product>cpe:/h:zyxel:n300_netusb_nbg-419n:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0356</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T06:55:12.057-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T13:56:38.117-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.9</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T13:56:38.067-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/939260" xml:lang="en">VU#939260</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0357">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:amtelco:misecuremessages:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:amtelco:misecuremessages:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0357</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T06:55:12.087-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T14:11:47.333-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T14:11:47.270-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/251628" xml:lang="en">VU#251628</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0358">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:xangati:xangati_xnr:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:xangati:xangati_software_release:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:xangati:xangati_software_release:-</vuln:product>
+      <vuln:product>cpe:/a:xangati:xangati_xnr:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0358</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T06:55:12.120-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T15:07:08.633-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T15:07:08.600-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/657622" xml:lang="en">VU#657622</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0359">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:xangati:xangati_xnr:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:xangati:xangati_software_release:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:xangati:xangati_software_release:-</vuln:product>
+      <vuln:product>cpe:/a:xangati:xangati_xnr:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0359</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T06:55:12.150-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T15:11:04.623-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T15:11:04.563-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/657622" xml:lang="en">VU#657622</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0360">
+    <vuln:cve-id>CVE-2014-0360</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T16:55:06.703-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T16:55:06.890-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-2741.  Reason: This candidate is a duplicate of CVE-2014-2741.  Notes: All CVE users should reference CVE-2014-2741 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0361">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:toshibacommerce:4690_point_of_sale_operating_system:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:toshibacommerce:4690_point_of_sale_operating_system:6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:toshibacommerce:4690_point_of_sale_operating_system:6.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:toshibacommerce:4690_point_of_sale_operating_system:6.2</vuln:product>
+      <vuln:product>cpe:/o:toshibacommerce:4690_point_of_sale_operating_system:6.3</vuln:product>
+      <vuln:product>cpe:/o:toshibacommerce:4690_point_of_sale_operating_system:6.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0361</vuln:cve-id>
+    <vuln:published-datetime>2014-04-21T18:55:08.240-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T09:58:31.083-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.0</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-22T09:58:30.973-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/622950" xml:lang="en">VU#622950</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=pos1R1005054" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=pos1R1005054</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack against an ADXCSOUF.DAT file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0363">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-15"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-13"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-09"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-06"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-29"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-26"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-25"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-21"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-18"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-16"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-13"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-12"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-11"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-10"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-03"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-02"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-23"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-21"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-20"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-19"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-18"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-16"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-20</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-02</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-21</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.4.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-15</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-13</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-23</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-19</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-03</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-16</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-18</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-13</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-06</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-09</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-29</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-21</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-25</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-26</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-18</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-11</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-10</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-12</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-16</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0363</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.490-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T10:47:23.507-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T10:47:22.397-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/489228" xml:lang="en">VU#489228</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://issues.igniterealtime.org/browse/SMACK-410" xml:lang="en">http://issues.igniterealtime.org/browse/SMACK-410</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released" xml:lang="en">http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0364">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-15"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-13"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-09"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-06"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-29"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-26"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-25"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-21"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-18"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-16"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-13"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-12"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-11"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-10"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-03"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-02"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-23"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-21"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-20"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-19"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-18"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-16"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-20</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-02</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-21</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.4.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-15</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-13</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-23</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-19</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-03</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-16</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-18</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-13</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-06</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-09</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-29</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-21</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-25</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-26</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-18</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-11</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-10</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-12</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-16</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0364</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.520-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T11:07:13.453-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T11:07:13.203-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/489228" xml:lang="en">VU#489228</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released" xml:lang="en">http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0366">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:e-business_suite:12.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:e-business_suite:12.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:e-business_suite:12.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:e-business_suite:11.5.10.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:e-business_suite:12.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:e-business_suite:12.1.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:e-business_suite:12.0.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:e-business_suite:11.5.10.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0366</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:06.610-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:40.737-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T13:42:05.773-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029619" xml:lang="en">1029619</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64828" xml:lang="en">64828</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56471" xml:lang="en">56471</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102090" xml:lang="en">102090</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Attachments.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0367">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:hyperion:11.1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:hyperion:11.1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:hyperion:11.1.2.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:hyperion:11.1.2.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:hyperion:11.1.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:hyperion:11.1.2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0367</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:06.657-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:40.833-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T13:46:24.590-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64814" xml:lang="en">64814</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56469" xml:lang="en">56469</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102114" xml:lang="en">102114</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Hyperion Essbase Administration Services component in Oracle Hyperion 11.1.2.1, 11.1.2.2, and 11.1.2.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Admin Console.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0368">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_55"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0368</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:06.687-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:09.497-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T13:51:14.270-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1052919" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1052919</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2124-1" xml:lang="en">USN-2124-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2089-1" xml:lang="en">USN-2089-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64930" xml:lang="en">64930</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56486" xml:lang="en">56486</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56432" xml:lang="en">56432</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0136.html" xml:lang="en">RHSA-2014:0136</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0097.html" xml:lang="en">RHSA-2014:0097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0027.html" xml:lang="en">RHSA-2014:0027</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0026.html" xml:lang="en">RHSA-2014:0026</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" xml:lang="en">openSUSE-SU-2014:0180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" xml:lang="en">openSUSE-SU-2014:0177</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" xml:lang="en">openSUSE-SU-2014:0174</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e6160aedadd5" xml:lang="en">http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e6160aedadd5</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0369">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:siebel_crm:8.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:siebel_crm:8.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:siebel_crm:8.1.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:siebel_crm:8.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0369</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:06.720-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:41.003-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T13:53:21.960-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029622" xml:lang="en">1029622</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64832" xml:lang="en">64832</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56480" xml:lang="en">56480</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102107" xml:lang="en">102107</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0370">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:siebel_crm:8.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:siebel_crm:8.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:siebel_crm:8.1.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:siebel_crm:8.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0370</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:06.767-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:41.083-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>MULTIPLE_INSTANCES</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T13:54:58.023-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029622" xml:lang="en">1029622</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64837" xml:lang="en">64837</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56481" xml:lang="en">56481</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102108" xml:lang="en">102108</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Clinical Trip Report.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0371">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:7.2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:7.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:7.3.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:7.2.0.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:7.3.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0371</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:06.797-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:41.177-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:02:04.567-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029620" xml:lang="en">1029620</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64886" xml:lang="en">64886</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56474" xml:lang="en">56474</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102098" xml:lang="en">102098</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote authenticated users to affect integrity via unknown vectors related to DM Others.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0372">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:7.2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:7.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:7.3.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:7.2.0.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:7.3.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0372</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:06.830-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:41.253-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:03:53.757-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029620" xml:lang="en">1029620</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64826" xml:lang="en">64826</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56474" xml:lang="en">56474</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102103" xml:lang="en">102103</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to DM Others.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0373">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_55"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0373</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:06.860-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:09.873-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:15:37.270-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1051699" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1051699</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2124-1" xml:lang="en">USN-2124-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2089-1" xml:lang="en">USN-2089-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64922" xml:lang="en">64922</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56432" xml:lang="en">56432</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0136.html" xml:lang="en">RHSA-2014:0136</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0097.html" xml:lang="en">RHSA-2014:0097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0027.html" xml:lang="en">RHSA-2014:0027</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0026.html" xml:lang="en">RHSA-2014:0026</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" xml:lang="en">openSUSE-SU-2014:0180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" xml:lang="en">openSUSE-SU-2014:0177</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" xml:lang="en">openSUSE-SU-2014:0174</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/496c51673dec" xml:lang="en">http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/496c51673dec</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0374">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0374</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:06.890-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:41.427-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:18:18.510-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029613" xml:lang="en">1029613</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64830" xml:lang="en">64830</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56464" xml:lang="en">56464</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102093" xml:lang="en">102093</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Page Parameters and Events.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0375">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0375</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:06.923-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:10.043-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:18:17.307-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90339" xml:lang="en">oracle-cpujan2014-cve20140375(90339)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64916" xml:lang="en">64916</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102007" xml:lang="en">102007</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0376">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_55"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0376</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:06.953-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:10.123-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:31:50.107-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1051923" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1051923</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90350" xml:lang="en">oracle-cpujan2014-cve20140376(90350)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2124-1" xml:lang="en">USN-2124-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2089-1" xml:lang="en">USN-2089-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64907" xml:lang="en">64907</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56486" xml:lang="en">56486</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56432" xml:lang="en">56432</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0136.html" xml:lang="en">RHSA-2014:0136</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0097.html" xml:lang="en">RHSA-2014:0097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0027.html" xml:lang="en">RHSA-2014:0027</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0026.html" xml:lang="en">RHSA-2014:0026</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102018" xml:lang="en">102018</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" xml:lang="en">openSUSE-SU-2014:0180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" xml:lang="en">openSUSE-SU-2014:0177</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" xml:lang="en">openSUSE-SU-2014:0174</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/783ceae9b736" xml:lang="en">http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/783ceae9b736</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/42be8e6266ab" xml:lang="en">http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/42be8e6266ab</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0377">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:11.2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:12.1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:11.2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:11.1.0.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:database_server:11.1.0.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:database_server:11.2.0.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:database_server:11.2.0.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:database_server:12.1.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0377</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:06.987-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:24.753-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:10:57.517-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029607" xml:lang="en">1029607</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64824" xml:lang="en">64824</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56452" xml:lang="en">56452</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102081" xml:lang="en">102081</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html" xml:lang="en">SUSE-SU-2014:0130</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors related to SYS tables.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0378">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:12.1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:11.2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:11.2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:11.1.0.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:database_server:11.1.0.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:database_server:11.2.0.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:database_server:11.2.0.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:database_server:12.1.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0378</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.033-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:24.830-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:22:17.483-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029607" xml:lang="en">1029607</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64812" xml:lang="en">64812</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56452" xml:lang="en">56452</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102080" xml:lang="en">102080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html" xml:lang="en">SUSE-SU-2014:0130</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Spatial component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0379">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:7.2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:7.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:7.3.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:7.2.0.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:7.3.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite_sql-server:12.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0379</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.080-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:41.847-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:24:21.017-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029620" xml:lang="en">1029620</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64857" xml:lang="en">64857</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56474" xml:lang="en">56474</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102097" xml:lang="en">102097</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors related to DM Others.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0380">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0380</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.110-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:41.943-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:27:25.740-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64865" xml:lang="en">64865</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56478" xml:lang="en">56478</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102037" xml:lang="en">102037</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to MultiChannel Framework (MCF).</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0381">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0381</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.127-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:42.020-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:28:45.053-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64892" xml:lang="en">64892</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56478" xml:lang="en">56478</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102045" xml:lang="en">102045</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0445.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0382">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:javafx:2.2.45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:javafx:2.2.45</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0382</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.157-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:44:15.643-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:31:11.933-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90355" xml:lang="en">oracle-cpujan2014-cve20140382(90355)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64936" xml:lang="en">64936</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56484" xml:lang="en">56484</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102026" xml:lang="en">102026</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0383">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.2.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.2.1.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0383</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.203-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:42.193-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:33:18.467-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029613" xml:lang="en">1029613</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64842" xml:lang="en">64842</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56459" xml:lang="en">56459</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102102" xml:lang="en">102102</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Identity Console.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0384">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.35"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.35</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0384</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:23.777-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T11:58:24.497-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T11:58:24.137-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0385">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0385</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.237-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:42.287-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:34:08.420-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64901" xml:lang="en">64901</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101998" xml:lang="en">101998</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 7u45, when installing on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0386">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23_bk"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.31:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.32-bzr"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.34:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.37:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.40:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.43:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.46:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.49:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.5a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.52:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.66"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.67"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.68"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.69"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.71"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.52:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.49:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.46:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.40:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.43:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.37:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.62</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.61</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.60</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.34:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.66</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.65</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.64</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.63</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.69</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.68</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23_bk</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.31:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.67</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.51</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.26</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.52</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.55</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.54</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.57</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.59</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.58</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.56</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.14</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.29</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.28</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.70</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.5a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.71</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.46</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.47</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.48</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.17</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.16</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.19</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.32-bzr</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.36</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.37</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.35</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23a</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.40</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.50</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.49</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.45</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.44</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.43</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.42</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.41</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.39</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.38</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.34</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.31</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.30</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.33</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.32</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0386</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.267-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:25.407-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:38:20.693-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90380" xml:lang="en">oracle-cpujan2014-cve20140386(90380)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64904" xml:lang="en">64904</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2848" xml:lang="en">DSA-2848</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2845" xml:lang="en">DSA-2845</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://ubuntu.com/usn/usn-2086-1" xml:lang="en">USN-2086-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56580" xml:lang="en">56580</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56541" xml:lang="en">56541</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56491" xml:lang="en">56491</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0189.html" xml:lang="en">RHSA-2014:0189</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0186.html" xml:lang="en">RHSA-2014:0186</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0173.html" xml:lang="en">RHSA-2014:0173</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0164.html" xml:lang="en">RHSA-2014:0164</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102069" xml:lang="en">102069</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0387">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+          <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+          <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+          <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0387</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.330-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:10.903-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:57:30.327-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64882" xml:lang="en">64882</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102002" xml:lang="en">102002</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0388">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:9.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:9.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0388</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.360-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:42.550-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:48:18.597-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64878" xml:lang="en">64878</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56477" xml:lang="en">56477</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102040" xml:lang="en">102040</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human Resources component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Org and Workforce Dev.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0389">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:ilearning:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:ilearning:6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0389</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.390-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:42.630-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:49:58.147-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029621" xml:lang="en">1029621</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64845" xml:lang="en">64845</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56482" xml:lang="en">56482</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102109" xml:lang="en">102109</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle iLearning 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Pages.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0390">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:sun:sunos:5.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:sun:sunos:5.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0390</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.423-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:42.723-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:51:23.540-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90362" xml:lang="en">oracle-cpujan2014-cve20140390(90362)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64859" xml:lang="en">64859</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56488" xml:lang="en">56488</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102052" xml:lang="en">102052</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0391">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.7.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.2.1.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.5.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.7.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0391</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.437-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:42.800-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T15:00:05.080-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029613" xml:lang="en">1029613</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64829" xml:lang="en">64829</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56459" xml:lang="en">56459</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102099" xml:lang="en">102099</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect confidentiality via unknown vectors related to End User Self Service.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0392">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:9.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:9.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0392</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.470-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:42.897-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T14:52:38.853-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64874" xml:lang="en">64874</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56477" xml:lang="en">56477</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102039" xml:lang="en">102039</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0393">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23_bk"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.31:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.32-bzr"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.34:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.37:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.40:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.43:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.46:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.49:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.5a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.52:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.66"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.67"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.68"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.69"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.71"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.52:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.49:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.46:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.40:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.43:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.37:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.62</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.61</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.34:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.60</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.66</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.65</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.64</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.63</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.69</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23_bk</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.68</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.31:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.67</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.51</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.52</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.55</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.54</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.57</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.59</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.58</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.56</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.14</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.29</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.28</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.70</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.5a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.71</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.46</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.47</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.48</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.17</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.16</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.19</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.32-bzr</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.36</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.37</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.35</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23a</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.40</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.50</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.49</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.45</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.44</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.43</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.42</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.41</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.39</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.38</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.34</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.31</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.30</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.33</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.32</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0393</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.500-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:25.987-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>MULTIPLE_INSTANCES</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T15:25:06.477-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90386" xml:lang="en">oracle-cpujan2014-cve20140393(90386)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64877" xml:lang="en">64877</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2848" xml:lang="en">DSA-2848</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2845" xml:lang="en">DSA-2845</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://ubuntu.com/usn/usn-2086-1" xml:lang="en">USN-2086-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56580" xml:lang="en">56580</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56541" xml:lang="en">56541</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56491" xml:lang="en">56491</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0189.html" xml:lang="en">RHSA-2014:0189</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0186.html" xml:lang="en">RHSA-2014:0186</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0173.html" xml:lang="en">RHSA-2014:0173</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0164.html" xml:lang="en">RHSA-2014:0164</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102075" xml:lang="en">102075</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0394">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0394</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.533-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:43.067-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T15:34:54.940-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64848" xml:lang="en">64848</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56478" xml:lang="en">56478</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102033" xml:lang="en">102033</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Updates Environment Mgmt, a different vulnerability than CVE-2014-0395.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0395">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0395</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.563-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:43.147-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T15:38:06.210-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64852" xml:lang="en">64852</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56478" xml:lang="en">56478</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102034" xml:lang="en">102034</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Updates Environment Mgmt, a different vulnerability than CVE-2014-0394.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0396">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0396</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.627-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:43.237-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T15:40:32.463-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64841" xml:lang="en">64841</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56478" xml:lang="en">56478</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102031" xml:lang="en">102031</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal - Web Services.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0398">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:e-business_suite:12.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:e-business_suite:12.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:e-business_suite:12.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:e-business_suite:11.5.10.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:e-business_suite:12.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:e-business_suite:12.1.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:e-business_suite:12.0.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:e-business_suite:11.5.10.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0398</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.657-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:43.333-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T22:07:17.520-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029619" xml:lang="en">1029619</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64818" xml:lang="en">64818</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56471" xml:lang="en">56471</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102105" xml:lang="en">102105</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Discoverer.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0399">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0399</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:07.687-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:43.410-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T22:41:34.580-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029620" xml:lang="en">1029620</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64861" xml:lang="en">64861</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102085" xml:lang="en">102085</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Data, Domain &amp; Function Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0400">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.7.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.7.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0400</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:09.673-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:43.487-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T22:55:29.977-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029618" xml:lang="en">1029618</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64822" xml:lang="en">64822</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56460" xml:lang="en">56460</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102112" xml:lang="en">102112</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to OID LDAP server.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0401">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.34"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23_bk"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.31:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.32-bzr"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.34:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.37:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.40:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.43:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.46:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.49:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.5a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.52:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.66"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.67"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.68"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.69"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.72"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.52:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.49:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.46:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.40:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.43:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.37:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.62</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.61</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.60</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.34:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.66</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.65</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.64</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.63</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.69</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.68</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23_bk</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.31:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.67</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.51</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.26</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.52</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.55</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.54</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.57</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.59</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.58</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.56</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.14</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.29</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.28</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.70</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.5a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.71</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.46</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.72</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.47</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.48</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.17</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.16</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.19</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.32-bzr</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.36</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.37</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.35</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23a</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.50</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.40</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.49</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.45</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.44</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.43</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.42</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.41</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.39</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.38</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.34</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.31</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.30</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.33</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.32</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0401</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:09.703-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:26.550-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T23:01:40.640-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90382" xml:lang="en">oracle-cpujan2014-cve20140401(90382)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64898" xml:lang="en">64898</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2848" xml:lang="en">DSA-2848</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2845" xml:lang="en">DSA-2845</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://ubuntu.com/usn/usn-2086-1" xml:lang="en">USN-2086-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56580" xml:lang="en">56580</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56541" xml:lang="en">56541</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56491" xml:lang="en">56491</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0189.html" xml:lang="en">RHSA-2014:0189</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0186.html" xml:lang="en">RHSA-2014:0186</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0173.html" xml:lang="en">RHSA-2014:0173</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0164.html" xml:lang="en">RHSA-2014:0164</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102071" xml:lang="en">102071</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0402">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23_bk"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.31:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.32-bzr"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.34:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.37:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.40:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.43:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.46:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.49:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.5a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.52:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.66"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.67"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.68"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.69"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.71"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.52:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.49:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.46:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.40:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.43:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.37:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.62</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.61</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.34:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.60</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.66</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.65</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.64</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.63</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.69</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23_bk</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.68</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.31:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.67</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.51</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.52</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.55</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.54</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.57</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.59</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.58</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.56</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.14</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.29</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.28</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.70</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.5a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.46</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.71</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.47</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.48</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.17</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.16</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.19</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.32-bzr</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.36</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.37</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.35</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23a</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.40</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.50</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.49</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.45</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.44</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.43</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.42</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.41</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.39</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.38</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.34</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.31</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.30</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.33</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.32</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0402</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:09.737-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:26.627-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T23:06:43.427-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90379" xml:lang="en">oracle-cpujan2014-cve20140402(90379)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64908" xml:lang="en">64908</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2848" xml:lang="en">DSA-2848</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2845" xml:lang="en">DSA-2845</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://ubuntu.com/usn/usn-2086-1" xml:lang="en">USN-2086-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56580" xml:lang="en">56580</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56541" xml:lang="en">56541</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56491" xml:lang="en">56491</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0189.html" xml:lang="en">RHSA-2014:0189</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0186.html" xml:lang="en">RHSA-2014:0186</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0173.html" xml:lang="en">RHSA-2014:0173</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0164.html" xml:lang="en">RHSA-2014:0164</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102068" xml:lang="en">102068</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0403">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0403</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:09.767-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:12.077-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T23:35:52.483-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90338" xml:lang="en">oracle-cpujan2014-cve20140403(90338)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64920" xml:lang="en">64920</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102006" xml:lang="en">102006</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0404">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.18</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0404</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:09.797-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:56:16.157-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T22:10:15.290-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90372" xml:lang="en">oracle-cpujan2014-cve20140404(90372)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029610" xml:lang="en">1029610</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64911" xml:lang="en">64911</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2878" xml:lang="en">DSA-2878</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56490" xml:lang="en">56490</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102061" xml:lang="en">102061</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0405">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.18</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0405</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:09.813-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:43.943-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T23:38:43.393-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90370" xml:lang="en">oracle-cpujan2014-cve20140405(90370)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029610" xml:lang="en">1029610</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64900" xml:lang="en">64900</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56490" xml:lang="en">56490</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102059" xml:lang="en">102059</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0406">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.18</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0406</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:09.843-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:56:18.517-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T23:42:01.087-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90371" xml:lang="en">oracle-cpujan2014-cve20140406(90371)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029610" xml:lang="en">1029610</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64905" xml:lang="en">64905</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2878" xml:lang="en">DSA-2878</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56490" xml:lang="en">56490</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102060" xml:lang="en">102060</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0407">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:3.2.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.0.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:3.2.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.18</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0407</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:09.877-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:56:18.797-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T23:44:03.430-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90369" xml:lang="en">oracle-cpujan2014-cve20140407(90369)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029610" xml:lang="en">1029610</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64913" xml:lang="en">64913</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2878" xml:lang="en">DSA-2878</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56490" xml:lang="en">56490</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102058" xml:lang="en">102058</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0408">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+          <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0408</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:09.907-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:27.127-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T23:47:23.170-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2089-1" xml:lang="en">USN-2089-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64910" xml:lang="en">64910</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101999" xml:lang="en">101999</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" xml:lang="en">openSUSE-SU-2014:0180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" xml:lang="en">openSUSE-SU-2014:0177</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" xml:lang="en">openSUSE-SU-2014:0174</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0410">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0410</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:09.953-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:12.543-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T23:49:19.720-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64915" xml:lang="en">64915</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102024" xml:lang="en">102024</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0411">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r27.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r28.2.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_55"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r28.2.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r27.7.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0411</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.017-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:12.623-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T23:55:06.930-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1053010" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1053010</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90357" xml:lang="en">oracle-cpujan2014-cve20140411(90357)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2124-1" xml:lang="en">USN-2124-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2089-1" xml:lang="en">USN-2089-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64918" xml:lang="en">64918</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56487" xml:lang="en">56487</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56486" xml:lang="en">56486</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56432" xml:lang="en">56432</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0136.html" xml:lang="en">RHSA-2014:0136</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0097.html" xml:lang="en">RHSA-2014:0097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0027.html" xml:lang="en">RHSA-2014:0027</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0026.html" xml:lang="en">RHSA-2014:0026</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102028" xml:lang="en">102028</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" xml:lang="en">openSUSE-SU-2014:0180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" xml:lang="en">openSUSE-SU-2014:0177</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" xml:lang="en">openSUSE-SU-2014:0174</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d533e96c7acc" xml:lang="en">http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d533e96c7acc</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0412">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23_bk"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.31:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.32-bzr"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.34:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.37:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.40:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.43:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.46:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.49:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.5a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.52:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.66"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.67"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.68"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.69"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.72"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.34"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.52:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.49:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.46:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.40:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.43:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.37:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.62</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.61</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.34:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.60</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.66</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.65</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.64</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.63</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.69</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23_bk</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.68</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.31:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.67</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.51</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.52</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.55</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.54</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.57</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.59</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.58</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.56</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.14</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.29</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.28</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.70</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.5a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.46</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.71</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.47</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.72</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.48</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.17</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.16</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.19</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.32-bzr</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.36</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.37</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.35</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23a</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.40</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.50</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.49</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.45</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.44</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.43</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.42</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.41</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.39</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.38</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.34</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.31</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.30</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.33</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.32</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0412</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.033-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:27.407-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T23:58:00.403-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90378" xml:lang="en">oracle-cpujan2014-cve20140412(90378)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64880" xml:lang="en">64880</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2848" xml:lang="en">DSA-2848</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2845" xml:lang="en">DSA-2845</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://ubuntu.com/usn/usn-2086-1" xml:lang="en">USN-2086-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56580" xml:lang="en">56580</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56541" xml:lang="en">56541</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56491" xml:lang="en">56491</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0189.html" xml:lang="en">RHSA-2014:0189</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0186.html" xml:lang="en">RHSA-2014:0186</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0173.html" xml:lang="en">RHSA-2014:0173</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0164.html" xml:lang="en">RHSA-2014:0164</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102067" xml:lang="en">102067</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0413">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:10.1.3.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:10.1.3.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0413</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:23.810-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T11:45:14.457-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T11:45:14.407-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0414">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:10.1.3.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:10.1.3.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0414</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:23.840-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T11:50:00.637-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T11:50:00.607-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via vectors related to HTTP Request Handling.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0415">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0415</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.063-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:12.793-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T23:59:22.250-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64899" xml:lang="en">64899</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102025" xml:lang="en">102025</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0418, and CVE-2014-0424.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0416">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_55"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0416</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.093-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:12.887-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T00:01:40.347-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1051912" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1051912</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90349" xml:lang="en">oracle-cpujan2014-cve20140416(90349)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2124-1" xml:lang="en">USN-2124-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2089-1" xml:lang="en">USN-2089-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64937" xml:lang="en">64937</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56486" xml:lang="en">56486</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56432" xml:lang="en">56432</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0136.html" xml:lang="en">RHSA-2014:0136</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0097.html" xml:lang="en">RHSA-2014:0097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0027.html" xml:lang="en">RHSA-2014:0027</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0026.html" xml:lang="en">RHSA-2014:0026</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102017" xml:lang="en">102017</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" xml:lang="en">openSUSE-SU-2014:0180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" xml:lang="en">openSUSE-SU-2014:0177</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" xml:lang="en">openSUSE-SU-2014:0174</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/abe1cb2d27cb" xml:lang="en">http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/abe1cb2d27cb</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0417">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_55"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:javafx:2.2.45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:javafx:2.2.45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0417</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.127-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:12.967-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T00:09:54.200-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64932" xml:lang="en">64932</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56486" xml:lang="en">56486</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56484" xml:lang="en">56484</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0136.html" xml:lang="en">RHSA-2014:0136</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102001" xml:lang="en">102001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0418">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0418</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.157-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:44:18.253-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T00:13:11.533-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90344" xml:lang="en">oracle-cpujan2014-cve20140418(90344)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64917" xml:lang="en">64917</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102012" xml:lang="en">102012</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0419">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:virtualization_secure_global_desktop:4.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:virtualization_secure_global_desktop:4.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:virtualization_secure_global_desktop:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:virtualization_secure_global_desktop:5.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:virtualization_secure_global_desktop:5.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:virtualization_secure_global_desktop:4.63</vuln:product>
+      <vuln:product>cpe:/a:oracle:virtualization_secure_global_desktop:5.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:virtualization_secure_global_desktop:4.71</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0419</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.187-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:44.910-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T15:10:41.143-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90367" xml:lang="en">oracle-cpujan2014-cve20140419(90367)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029610" xml:lang="en">1029610</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64902" xml:lang="en">64902</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102110" xml:lang="en">102110</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization SGD before 4.63 with December 2013 PSU, 4.71, 5.0 with December 2013 PSU, and 5.10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console and Workspace Web Applications.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0420">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0420</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.203-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:27.957-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>MULTIPLE_INSTANCES</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T00:26:24.333-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90388" xml:lang="en">oracle-cpujan2014-cve20140420(90388)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64888" xml:lang="en">64888</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2848" xml:lang="en">DSA-2848</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://ubuntu.com/usn/usn-2086-1" xml:lang="en">USN-2086-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56580" xml:lang="en">56580</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56491" xml:lang="en">56491</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0189.html" xml:lang="en">RHSA-2014:0189</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0186.html" xml:lang="en">RHSA-2014:0186</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0173.html" xml:lang="en">RHSA-2014:0173</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102077" xml:lang="en">102077</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0421">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:sun:sunos:5.10:-:sparc"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:sun:sunos:5.10:-:sparc</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0421</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:23.873-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:05:48.247-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:05:48.230-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0422">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_55"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0422</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.237-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:13.373-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T00:28:21.147-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1051528" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1051528</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2124-1" xml:lang="en">USN-2124-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2089-1" xml:lang="en">USN-2089-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64921" xml:lang="en">64921</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56486" xml:lang="en">56486</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56432" xml:lang="en">56432</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0136.html" xml:lang="en">RHSA-2014:0136</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0097.html" xml:lang="en">RHSA-2014:0097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0027.html" xml:lang="en">RHSA-2014:0027</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0026.html" xml:lang="en">RHSA-2014:0026</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101997" xml:lang="en">101997</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" xml:lang="en">openSUSE-SU-2014:0180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" xml:lang="en">openSUSE-SU-2014:0177</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" xml:lang="en">openSUSE-SU-2014:0174</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0423">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r27.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r28.2.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_55"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r28.2.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r27.7.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0423</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.267-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:13.467-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:11:55.190-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1053066" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1053066</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90340" xml:lang="en">oracle-cpujan2014-cve20140423(90340)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2124-1" xml:lang="en">USN-2124-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2089-1" xml:lang="en">USN-2089-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64914" xml:lang="en">64914</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56487" xml:lang="en">56487</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56486" xml:lang="en">56486</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56432" xml:lang="en">56432</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0136.html" xml:lang="en">RHSA-2014:0136</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0097.html" xml:lang="en">RHSA-2014:0097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0027.html" xml:lang="en">RHSA-2014:0027</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0026.html" xml:lang="en">RHSA-2014:0026</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" xml:lang="en">openSUSE-SU-2014:0180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" xml:lang="en">openSUSE-SU-2014:0177</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" xml:lang="en">openSUSE-SU-2014:0174</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5" xml:lang="en">http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0424">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0424</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.297-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:13.560-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:16:30.353-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64919" xml:lang="en">64919</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102004" xml:lang="en">102004</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0418.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0425">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:9.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0425</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.330-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:45.363-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:17:51.637-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64889" xml:lang="en">64889</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56479" xml:lang="en">56479</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102044" xml:lang="en">102044</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0426">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:10.1.3.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:10.1.3.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0426</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:23.903-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:13:36.887-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:13:36.840-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0413.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0427">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0427</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.360-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:45.443-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:19:16.340-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90383" xml:lang="en">oracle-cpujan2014-cve20140427(90383)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64868" xml:lang="en">64868</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56491" xml:lang="en">56491</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102072" xml:lang="en">102072</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0428">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_65"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_55"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_45"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_45"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_45</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_65</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_55</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_65</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0428</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.377-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:13.793-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:23:45.847-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1051519" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1051519</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2124-1" xml:lang="en">USN-2124-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2089-1" xml:lang="en">USN-2089-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029608" xml:lang="en">1029608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64935" xml:lang="en">64935</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56535" xml:lang="en">56535</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56486" xml:lang="en">56486</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56485" xml:lang="en">56485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56432" xml:lang="en">56432</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0136.html" xml:lang="en">RHSA-2014:0136</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0135.html" xml:lang="en">RHSA-2014:0135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0134.html" xml:lang="en">RHSA-2014:0134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0097.html" xml:lang="en">RHSA-2014:0097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0030.html" xml:lang="en">RHSA-2014:0030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0027.html" xml:lang="en">RHSA-2014:0027</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0026.html" xml:lang="en">RHSA-2014:0026</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101996" xml:lang="en">101996</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">SSRT101455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" xml:lang="en">HPSBUX02973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">HPSBUX02972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" xml:lang="en">SSRT101454</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" xml:lang="en">openSUSE-SU-2014:0180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" xml:lang="en">openSUSE-SU-2014:0177</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" xml:lang="en">openSUSE-SU-2014:0174</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" xml:lang="en">SUSE-SU-2014:0451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" xml:lang="en">SUSE-SU-2014:0266</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" xml:lang="en">SUSE-SU-2014:0246</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698" xml:lang="en">http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0429">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r27.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r28.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r27.8.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_61</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r28.3.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_61</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0429</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:23.920-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T11:48:30.523-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T11:48:25.757-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0430">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0430</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.407-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:45.613-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>MULTIPLE_INSTANCES</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:25:23.317-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90387" xml:lang="en">oracle-cpujan2014-cve20140430(90387)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64893" xml:lang="en">64893</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56491" xml:lang="en">56491</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102076" xml:lang="en">102076</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0431">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0431</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.437-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:45.707-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:26:51.883-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90384" xml:lang="en">oracle-cpujan2014-cve20140431(90384)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64897" xml:lang="en">64897</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56491" xml:lang="en">56491</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102073" xml:lang="en">102073</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0432">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0432</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:23.967-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:13:20.467-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:13:20.433-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0433">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0433</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.453-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:45.787-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:29:32.433-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90375" xml:lang="en">oracle-cpujan2014-cve20140433(90375)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64895" xml:lang="en">64895</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56491" xml:lang="en">56491</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0434">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.1.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.1.1.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0434</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.487-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:45.863-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:33:24.360-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029620" xml:lang="en">1029620</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64851" xml:lang="en">64851</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56472" xml:lang="en">56472</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102084" xml:lang="en">102084</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote attackers to affect integrity via unknown vectors related to Installation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0435">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.1.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0435</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.517-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:45.957-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:36:22.473-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029620" xml:lang="en">1029620</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64869" xml:lang="en">64869</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102086" xml:lang="en">102086</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect availability via unknown vectors related to Data, Domain &amp; Function Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0437">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23_bk"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.23a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.31:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.32-bzr"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.34:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.37:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.40:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.43:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.46:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.49:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.5a"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.52:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.65"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.66"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.67"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.68"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.69"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.1.72"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.34"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.52:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.49:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.46:sp1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.40:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.43:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.37:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.62</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.61</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.34:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.60</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.66</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.65</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.64</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.63</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.69</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23_bk</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.68</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.31:sp1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.67</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.51</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.52</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.55</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.54</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.57</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.59</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.58</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.56</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.14</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.29</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.28</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.70</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.5a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.46</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.71</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.47</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.1.72</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.48</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.17</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.16</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.19</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.32-bzr</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.36</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.37</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.35</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.23a</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.40</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.50</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.49</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.45</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.44</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.43</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.42</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.41</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.39</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.38</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.34</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.31</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.30</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.33</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.1.32</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0437</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.547-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:28.970-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:40:25.823-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90385" xml:lang="en">oracle-cpujan2014-cve20140437(90385)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64849" xml:lang="en">64849</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2848" xml:lang="en">DSA-2848</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2845" xml:lang="en">DSA-2845</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://ubuntu.com/usn/usn-2086-1" xml:lang="en">USN-2086-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56580" xml:lang="en">56580</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56541" xml:lang="en">56541</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56491" xml:lang="en">56491</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0189.html" xml:lang="en">RHSA-2014:0189</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0186.html" xml:lang="en">RHSA-2014:0186</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0173.html" xml:lang="en">RHSA-2014:0173</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0164.html" xml:lang="en">RHSA-2014:0164</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102074" xml:lang="en">102074</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0438">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0438</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.580-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:46.130-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:43:00.390-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64887" xml:lang="en">64887</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56478" xml:lang="en">56478</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102043" xml:lang="en">102043</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0439">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0439</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.593-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:46.207-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:46:06.177-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64884" xml:lang="en">64884</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56478" xml:lang="en">56478</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102042" xml:lang="en">102042</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Report Distribution.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0440">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0440</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.627-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:46.287-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:50:57.103-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64881" xml:lang="en">64881</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56478" xml:lang="en">56478</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102041" xml:lang="en">102041</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect availability via vectors related to PIA Core Technology.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0441">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0441</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.657-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:46.363-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T11:14:19.230-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64839" xml:lang="en">64839</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56478" xml:lang="en">56478</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102047" xml:lang="en">102047</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect availability via unknown vectors related to Integration Broker.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0442">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:sun:sunos:5.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:sun:sunos:5.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:sun:sunos:5.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:oracle:sunos:5.11.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:oracle:sunos:5.11.1</vuln:product>
+      <vuln:product>cpe:/o:sun:sunos:5.11</vuln:product>
+      <vuln:product>cpe:/o:sun:sunos:5.9</vuln:product>
+      <vuln:product>cpe:/o:sun:sunos:5.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0442</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:23.980-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:02:12.850-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:02:12.757-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0443">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0443</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.687-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:46.457-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T11:17:45.687-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64844" xml:lang="en">64844</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56478" xml:lang="en">56478</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102032" xml:lang="en">102032</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity via unknown vectors related to Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0444">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:20.1.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:20.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0444</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.720-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:46.550-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T11:20:13.377-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029620" xml:lang="en">1029620</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64883" xml:lang="en">64883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56473" xml:lang="en">56473</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102089" xml:lang="en">102089</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and CVE-2013-5871.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0445">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0445</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:10.737-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:46.647-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T11:21:23.440-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029623" xml:lang="en">1029623</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64867" xml:lang="en">64867</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64758" xml:lang="en">64758</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56478" xml:lang="en">56478</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102038" xml:lang="en">102038</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0381.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0446">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_61</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_61</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0446</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:24.027-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:22:03.403-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:22:03.343-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0447">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:sun:sunos:5.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:oracle:sunos:5.11.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:oracle:sunos:5.11.1</vuln:product>
+      <vuln:product>cpe:/o:sun:sunos:5.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0447</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:24.060-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:03:56.307-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:03:56.210-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0448">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0448</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:24.090-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:26:52.307-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:26:52.117-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0449">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0449</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:24.123-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:32:01.737-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:32:01.080-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0450">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.7.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.7.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.8.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0450</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T20:55:24.153-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:10:45.397-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:10:45.350-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers to affect confidentiality via unknown vectors related to People Connection.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0451">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_61</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_61</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0451</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:09.650-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:34:16.070-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:34:16.023-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0452">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0452</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:09.680-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:36:24.543-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:36:24.510-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0453">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r27.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r28.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r27.8.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_61</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r28.3.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_61</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0453</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:09.713-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:28:06.963-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:28:06.900-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0454">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0454</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:09.727-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:40:02.097-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:40:02.067-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0455">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0455</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:09.760-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:41:42.600-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:41:42.490-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0456">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0456</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:09.773-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:44:35.077-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:44:35.027-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0457">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r27.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r28.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r27.8.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_61</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r28.3.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_61</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0457</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:09.820-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:29:16.450-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:29:16.373-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0458">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0458</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:09.867-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:43:55.247-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:43:55.120-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0459">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0459</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:09.930-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:46:18.967-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:46:18.937-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0460">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r27.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r28.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r27.8.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_61</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r28.3.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_61</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0460</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:09.993-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:30:21.547-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:30:21.093-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0461">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0461</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.057-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:50:07.727-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:50:07.680-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0463">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0463</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.103-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:53:07.873-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:53:07.810-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0464">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0464</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.167-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:56:53.193-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:56:53.177-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0465">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:8.0:update2_patch5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:8.0:update2_patch5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0465</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.227-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:01:15.610-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:01:15.577-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0466">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gnu:a2ps:4.14"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gnu:a2ps:4.14</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0466</vuln:cve-id>
+    <vuln:published-datetime>2014-04-03T12:15:39.863-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-03T12:55:10.863-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-03T12:55:08.037-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2892" xml:lang="en">DSA-2892</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0467">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mutt:mutt:1.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.12</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.22</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.9</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.21</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.13</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.20</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.14</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.15</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.16</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.17</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.18</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.19</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.10</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5</vuln:product>
+      <vuln:product>cpe:/a:mutt:mutt:1.5.11</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0467</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T11:55:05.637-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:46:29.533-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T05:08:01.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2147-1" xml:lang="en">USN-2147-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mutt.org/doc/devel/ChangeLog" xml:lang="en">http://www.mutt.org/doc/devel/ChangeLog</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2874" xml:lang="en">DSA-2874</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0304.html" xml:lang="en">RHSA-2014:0304</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html" xml:lang="en">openSUSE-SU-2014:0436</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html" xml:lang="en">openSUSE-SU-2014:0434</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html" xml:lang="en">SUSE-SU-2014:0471</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0470">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:super_project:super:3.30.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:super_project:super:3.30.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0470</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:06.110-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T15:20:24.450-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T15:20:24.403-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:security-protection>ALLOWS_ADMIN_ACCESS</vuln:security-protection>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/28/6" xml:lang="en">[oss-security] 20140428 super unchecked setuid (CVE-2014-0470)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2917" xml:lang="en">DSA-2917</vuln:reference>
+    </vuln:references>
+    <vuln:summary>super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0471">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:10.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:12.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:13.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:14.04::lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.0</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.19</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.18</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.17</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.15</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.16</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.9</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.11</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.12</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.13</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.14</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.21</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.20</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.0</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.4.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.9</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.0</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.9</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.9</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.4.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.4.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.4.1</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:10.04:-:lts</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.21</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.20</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.23</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.22</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.11</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16.2</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:12.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.27</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.26</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.14</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.13</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.23</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.22</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.25</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.24</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.28</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.19</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.0.1</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:12.04:-:lts</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.20</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.21</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.15</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.17</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.18</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.25</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.24</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.16</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.15</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.1.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.14</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.1.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.13</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.12</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.11</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.0.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.0.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.13</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.12</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.11.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.18</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.17</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.19</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.18</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.11</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.12</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.14</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.15</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.16</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.17</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.28</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.29</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.19</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.26</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.27</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.6.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.0</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.11</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.7.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.0</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.12</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.24</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.23</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.7.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.25</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:14.04::lts</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.18.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.30</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.3.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.9</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.20</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.1</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:13.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.21</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.9</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.22</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.7</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0471</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:06.140-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T12:33:41.257-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T12:33:40.477-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2183-1" xml:lang="en">USN-2183-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2915" xml:lang="en">DSA-2915</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0472">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.7:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.7:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.7:beta1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:10.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:14.04::lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:12.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:13.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.10</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.9</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:10.04:-:lts</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.7</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.8</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.7:alpha1</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:12.04:-:lts</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.7:alpha2</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.2</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:14.04::lts</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.6</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.5</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.4</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.3</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.2</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:12.10</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.6</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.6.2</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:13.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0472</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:02.923-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T10:26:26.947-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T10:26:26.757-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.djangoproject.com/weblog/2014/apr/21/security/" xml:lang="en">https://www.djangoproject.com/weblog/2014/apr/21/security/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2169-1" xml:lang="en">USN-2169-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0473">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.7:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.7:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.7:beta1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:10.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:14.04::lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:12.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:13.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.10</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.9</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:10.04:-:lts</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.7</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.7:alpha1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.8</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:12.04:-:lts</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.7:alpha2</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.2</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:14.04::lts</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.6</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.5</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.4</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.3</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.2</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:12.10</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.6</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.6.2</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:13.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0473</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:03.127-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T10:40:37.877-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T10:40:37.440-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.djangoproject.com/weblog/2014/apr/21/security/" xml:lang="en">https://www.djangoproject.com/weblog/2014/apr/21/security/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2169-1" xml:lang="en">USN-2169-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0474">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:10.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:14.04::lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:12.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:13.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.4.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.7:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.7:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.7:beta1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:djangoproject:django:1.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.10</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.9</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:10.04:-:lts</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.7</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.8</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.7:alpha1</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:12.04:-:lts</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.7:alpha2</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.3</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:14.04::lts</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.6</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.5</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.4</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.3</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.2</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.4</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:12.10</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.6</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.5</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:djangoproject:django:1.6.2</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:13.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0474</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:03.237-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T10:50:28.630-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T10:50:25.160-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.djangoproject.com/weblog/2014/apr/21/security/" xml:lang="en">https://www.djangoproject.com/weblog/2014/apr/21/security/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2169-1" xml:lang="en">USN-2169-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0491">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.0.0.4080"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3650"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3690"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.599"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1860"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.597"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.3.0.3670"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.207"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.4880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.485"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.4080"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.408"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.327"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.48</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.599</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3690</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.55</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.485</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.63</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.62</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.170</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.110</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3650</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.146</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.271</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.117</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.252</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.149</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.3.0.3670</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.597</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.58</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.136</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.135</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.153</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.50</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.327</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.171</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.408</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.59</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.4880</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.268</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.287</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.180</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.34</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.167</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.278</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.207</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0491</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:13:03.993-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:19.127-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-17T09:02:25.707-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-02.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-02.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029602" xml:lang="en">1029602</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56636" xml:lang="en">56636</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56516" xml:lang="en">56516</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0028.html" xml:lang="en">RHSA-2014:0028</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00006.html" xml:lang="en">openSUSE-SU-2014:0128</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK &amp; Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0492">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.0.0.4080"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3650"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3690"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.599"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1860"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.327"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.597"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.3.0.3670"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.207"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.4880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.485"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.4080"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.408"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.48</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.599</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3690</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.55</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.485</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.63</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.62</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.170</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.110</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3650</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.146</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.271</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.117</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.252</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.149</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.3.0.3670</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.597</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.58</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.136</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.135</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.153</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.50</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.327</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.171</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.408</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.59</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.4880</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.268</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.287</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.180</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.34</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.167</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.278</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.207</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0492</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:13:04.023-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:19.203-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-17T09:07:23.057-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-02.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-02.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029602" xml:lang="en">1029602</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56636" xml:lang="en">56636</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56516" xml:lang="en">56516</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0028.html" xml:lang="en">RHSA-2014:0028</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00006.html" xml:lang="en">openSUSE-SU-2014:0128</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK &amp; Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0493">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.8"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.8"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.6</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.6</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0493</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:13:04.057-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:47.503-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-17T09:27:21.693-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029604" xml:lang="en">1029604</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/acrobat/apsb14-01.html" xml:lang="en">http://helpx.adobe.com/security/products/acrobat/apsb14-01.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0495.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0494">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:digital_editions:2.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:digital_editions:2.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0494</vuln:cve-id>
+    <vuln:published-datetime>2014-01-23T14:55:03.970-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:47.583-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-24T10:19:58.077-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90648" xml:lang="en">adobe-digital-cve20140494-code-exec(90648)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029680" xml:lang="en">1029680</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65091" xml:lang="en">65091</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56578" xml:lang="en">56578</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102364" xml:lang="en">102364</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html" xml:lang="en">http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0495">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.8"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.8"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.6</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.6</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0495</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:13:04.070-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:47.677-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-17T09:29:08.820-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029604" xml:lang="en">1029604</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/acrobat/apsb14-01.html" xml:lang="en">http://helpx.adobe.com/security/products/acrobat/apsb14-01.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0493.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0496">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:10.1.8"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:11.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat:10.1.8"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.6</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:10.1.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.6</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:10.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:acrobat:11.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0496</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:13:04.100-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:47.753-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-17T09:36:23.813-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029604" xml:lang="en">1029604</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/acrobat/apsb14-01.html" xml:lang="en">http://helpx.adobe.com/security/products/acrobat/apsb14-01.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0497">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.335"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.327"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.146</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.271</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.48</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.117</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.252</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.149</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.43</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.58</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.136</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.135</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.260</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.153</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.50</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.327</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.171</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.55</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.59</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.41</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.335</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.38</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.268</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.287</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.180</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.34</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.63</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.62</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.170</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.167</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.110</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.278</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0497</vuln:cve-id>
+    <vuln:published-datetime>2014-02-05T00:15:29.897-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:19.593-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-05T12:11:58.243-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-04.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-04.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0137.html" xml:lang="en">RHSA-2014:0137</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html" xml:lang="en">SUSE-SU-2014:0221</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html" xml:lang="en">openSUSE-SU-2014:0203</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html" xml:lang="en">openSUSE-SU-2014:0197</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0498">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.4990"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.8.4990"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.1.0.5790"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.0.7220"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.1.8210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3.9120"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3.9130"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.2.12610"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.3.13070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.5.0.16600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.5.1.17730"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6.0.19120"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6.0.19140"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.1948"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.19480"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.1953"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.19530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.1.19610"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.408"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.4080"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.485"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.4880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.207"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.3.0.3670"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.597"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:4.0.0.1390"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:4.0.0.1390"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.1430"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.599"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3690"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3650"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.0.0.4080"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.225"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.336"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.335"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.327"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.3.13070</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.48</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.2.12610</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.599</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3690</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.43</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.5.1.17730</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.5.0.16600</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.55</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6.0.19120</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.19480</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.485</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.1948</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3.9120</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.8.4990</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.63</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.62</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.170</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.1.8210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.110</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3650</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.146</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.271</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.1430</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.117</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:4.0.0.1390</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.252</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:4.0.0.1390</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6.0.19140</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.149</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.3.0.3670</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.597</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.58</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.136</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.135</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.19530</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.260</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.153</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.50</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.327</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3.9130</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.171</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.0.7220</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.408</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.59</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.41</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.4990</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.335</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.336</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.38</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.4880</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.268</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.287</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.180</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.1953</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.225</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.1.0.5790</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.34</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.167</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.1.19610</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.278</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.207</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0498</vuln:cve-id>
+    <vuln:published-datetime>2014-02-21T00:06:54.517-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:30.220-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-21T09:47:19.877-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-07.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-07.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0196.html" xml:lang="en">RHSA-2014:0196</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html" xml:lang="en">SUSE-SU-2014:0290</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html" xml:lang="en">openSUSE-SU-2014:0278</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html" xml:lang="en">openSUSE-SU-2014:0277</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK &amp; Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0499">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.4990"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.8.4990"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.1.0.5790"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.0.7220"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.1.8210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3.9120"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3.9130"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.2.12610"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.3.13070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.5.0.16600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.5.1.17730"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6.0.19120"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6.0.19140"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.1948"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.19480"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.1953"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.19530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.1.19610"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.408"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.4080"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.485"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.4880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.207"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.3.0.3670"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.597"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:4.0.0.1390"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.336"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.335"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.327"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.225"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:4.0.0.1390"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.1430"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.599"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3690"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3650"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.0.0.4080"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.3.13070</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.48</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.2.12610</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.599</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3690</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.43</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.5.1.17730</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.5.0.16600</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.55</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6.0.19120</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.19480</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.485</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.1948</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3.9120</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.8.4990</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.63</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.62</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.170</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.1.8210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.110</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3650</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.146</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.271</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.1430</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.117</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:4.0.0.1390</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.252</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:4.0.0.1390</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.149</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6.0.19140</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.3.0.3670</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.597</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.58</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.136</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.135</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.260</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.19530</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.153</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.50</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.327</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.171</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3.9130</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.0.7220</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.408</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.59</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.41</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.4990</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.335</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.336</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.38</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.268</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.4880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.287</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.180</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.1953</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.225</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.1.0.5790</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.34</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.167</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.278</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.1.19610</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.207</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0499</vuln:cve-id>
+    <vuln:published-datetime>2014-02-21T00:07:00.000-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:30.313-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-21T10:14:09.750-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-07.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-07.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0196.html" xml:lang="en">RHSA-2014:0196</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html" xml:lang="en">SUSE-SU-2014:0290</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html" xml:lang="en">openSUSE-SU-2014:0278</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html" xml:lang="en">openSUSE-SU-2014:0277</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK &amp; Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0500">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.7.148"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.6.147"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.4.144"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.3.133"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.2.122"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.0.112"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.8.638"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.7.637"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.6.636"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.5.635"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.4.634"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.3.633"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.1.629"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.0.626"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.9.620"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.9.615"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.8.612"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.7.609"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.6.606"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.2.602"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.10.620"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.1.601"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.0.596"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.0.595"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.0.3.471"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.0.0.456"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.6.636</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.10.620</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.7.148</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.5.635</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.2.122</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.0.596</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.0.595</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.0.3.471</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.6.606</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.9.615</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.3.133</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.1.601</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.0.0.456</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.4.634</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.3.633</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.8.638</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.6.147</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.2.602</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.4.144</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.1.629</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.7.637</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.0.626</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.7.609</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.0.112</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.9.620</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.8.612</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0500</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:41.313-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T12:25:11.727-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T11:15:21.057-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/shockwave/apsb14-06.html" xml:lang="en">http://helpx.adobe.com/security/products/shockwave/apsb14-06.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0501">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.7.148"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.6.147"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.4.144"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.3.133"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.2.122"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.0.112"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.8.638"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.7.637"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.6.636"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.5.635"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.4.634"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.3.633"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.1.629"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.6.0.626"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.9.620"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.9.615"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.8.612"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.7.609"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.6.606"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.2.602"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.10.620"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.1.601"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.0.596"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.5.0.595"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.0.3.471"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:11.0.0.456"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.6.636</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.10.620</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.7.148</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.5.635</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.2.122</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.0.596</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.0.595</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.0.3.471</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.6.606</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.9.615</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.3.133</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.1.601</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.0.0.456</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.4.634</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.3.633</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.8.638</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.6.147</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.2.602</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.4.144</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.1.629</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.7.637</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.6.0.626</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.7.609</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.0.112</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.9.620</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:11.5.8.612</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0501</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T23:50:41.343-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T12:24:49.680-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T11:16:47.060-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/shockwave/apsb14-06.html" xml:lang="en">http://helpx.adobe.com/security/products/shockwave/apsb14-06.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0502">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.225"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.336"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.335"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.327"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:4.0.0.1390"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.1430"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.599"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3690"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3650"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.0.0.4080"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.4990"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.8.4990"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.1.0.5790"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.0.7220"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.1.8210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3.9120"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3.9130"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.2.12610"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.3.13070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.5.0.16600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.5.1.17730"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6.0.19120"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6.0.19140"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.1948"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.19480"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.1953"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.19530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.1.19610"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.408"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.4080"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.485"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.4880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.207"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.3.0.3670"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.597"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:4.0.0.1390"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.3.13070</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.48</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.2.12610</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.599</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3690</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.43</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.5.1.17730</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.5.0.16600</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.55</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6.0.19120</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.19480</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.485</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.1948</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3.9120</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.8.4990</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.63</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.62</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.170</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.1.8210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.110</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3650</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.146</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.271</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.1430</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.117</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.252</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:4.0.0.1390</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:4.0.0.1390</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6.0.19140</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.149</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.3.0.3670</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.597</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.58</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.136</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.135</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.19530</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.260</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.153</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.50</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.327</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3.9130</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.171</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.0.7220</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.408</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.59</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.41</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.4990</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.335</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.336</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.38</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.4880</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.268</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.287</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.180</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.1953</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.225</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.1.0.5790</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.34</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.167</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.1.19610</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.278</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.207</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0502</vuln:cve-id>
+    <vuln:published-datetime>2014-02-21T00:07:00.017-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:30.657-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-21T10:29:34.563-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-07.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-07.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/" xml:lang="en">http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0196.html" xml:lang="en">RHSA-2014:0196</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html" xml:lang="en">SUSE-SU-2014:0290</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html" xml:lang="en">openSUSE-SU-2014:0278</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html" xml:lang="en">openSUSE-SU-2014:0277</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK &amp; Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0503">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.70"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.269"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.341"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.336"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.335"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.327"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.146</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.271</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.48</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.117</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.252</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.341</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.149</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.43</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.58</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.136</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.135</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.260</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.153</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.50</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.327</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.171</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.269</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.55</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.59</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.41</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.335</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.336</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.38</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.268</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.287</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.180</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.70</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.34</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.63</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.62</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.170</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.167</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.110</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.278</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0503</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:20.163-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:56:25.017-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T14:26:16.680-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0289.html" xml:lang="en">RHSA-2014:0289</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html" xml:lang="en">SUSE-SU-2014:0387</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html" xml:lang="en">openSUSE-SU-2014:0379</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-08.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-08.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0504">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.70"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.269"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.341"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.336"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.335"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.327"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.146</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.271</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.48</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.117</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.252</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.341</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.149</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.43</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.58</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.136</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.135</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.260</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.153</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.50</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.327</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.171</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.269</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.55</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.59</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.41</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.335</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.336</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.38</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.268</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.287</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.180</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.70</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.34</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.63</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.62</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.170</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.167</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.110</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.278</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0504</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T01:15:20.177-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:56:25.110-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T14:23:01.817-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0289.html" xml:lang="en">RHSA-2014:0289</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html" xml:lang="en">SUSE-SU-2014:0387</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html" xml:lang="en">openSUSE-SU-2014:0379</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-08.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-08.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0505">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.0.112"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.2.122"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.3.133"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.4.144"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.6.147"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.7.148"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:shockwave_player:12.0.9.149"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.6.147</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.7.148</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.9.149</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.3.133</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.2.122</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.4.144</vuln:product>
+      <vuln:product>cpe:/a:adobe:shockwave_player:12.0.0.112</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0505</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:05.600-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T13:07:42.850-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T13:07:42.807-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/shockwave/apsb14-10.html" xml:lang="en">http://helpx.adobe.com/security/products/shockwave/apsb14-10.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0506">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.77"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.77</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0506</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T06:55:04.357-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:46:32.797-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-27T10:23:38.027-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/443886338077495296" xml:lang="en">http://twitter.com/thezdi/statuses/443886338077495296</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-09.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-09.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK &amp; Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0507">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.4990"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.8.4990"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.1.0.5790"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.0.7220"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.1.8210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3.9120"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3.9130"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.2.12610"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.3.13070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.5.0.16600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.5.1.17730"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6.0.19120"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6.0.19140"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.1948"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.19480"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.1953"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.19530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.1.19610"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.408"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.4080"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.485"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.4880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.207"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.3.0.3670"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.597"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:4.0.0.1390"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.346"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.341"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.336"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.335"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.327"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:4.0.0.1628"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:4.0.0.1390"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.1430"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.599"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3690"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3650"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.0.0.4080"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.3.13070</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.48</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.2.12610</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.599</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:4.0.0.1628</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3690</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.43</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.5.1.17730</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.5.0.16600</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.55</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6.0.19120</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.19480</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.485</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.1948</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3.9120</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.8.4990</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.63</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.62</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.170</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.1.8210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.110</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3650</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.146</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.271</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.1430</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.117</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:4.0.0.1390</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.252</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:4.0.0.1390</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.341</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.149</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6.0.19140</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.3.0.3670</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.597</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.58</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.136</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.135</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.19530</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.260</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.153</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.50</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.327</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.171</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3.9130</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.0.7220</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.408</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.59</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.41</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.4990</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.335</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.336</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.38</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.4880</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.268</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.287</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.180</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.1953</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.1.0.5790</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.34</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.346</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.167</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.1.19610</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.278</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.207</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0507</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:06.353-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T20:17:23.330-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T20:17:22.187-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-09.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-09.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK &amp; Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0508">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.346"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.341"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.336"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.335"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.327"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:4.0.0.1628"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:4.0.0.1390"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.1430"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.599"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3690"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3650"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.0.0.4080"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.4990"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.8.4990"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.1.0.5790"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.0.7220"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.1.8210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3.9120"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3.9130"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.2.12610"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.3.13070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.5.0.16600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.5.1.17730"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6.0.19120"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6.0.19140"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.1948"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.19480"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.1953"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.19530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.1.19610"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.408"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.4080"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.485"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.4880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.207"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.3.0.3670"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.597"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:4.0.0.1390"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.3.13070</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.48</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.2.12610</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.599</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:4.0.0.1628</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3690</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.43</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.5.1.17730</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.5.0.16600</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.55</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6.0.19120</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.19480</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.485</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.1948</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3.9120</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.8.4990</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.63</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.62</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.170</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.1.8210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.110</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3650</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.146</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.271</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.1430</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.117</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:4.0.0.1390</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.252</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:4.0.0.1390</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6.0.19140</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.341</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.149</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.3.0.3670</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.597</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.58</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.136</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.135</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.19530</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.260</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.153</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.50</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.327</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3.9130</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.171</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.0.7220</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.408</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.59</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.41</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.4990</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.335</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.336</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.38</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.4880</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.268</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.287</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.180</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.1953</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.1.0.5790</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.34</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.346</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.167</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.1.19610</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.278</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.207</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0508</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:06.370-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T20:20:48.977-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T20:20:36.570-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-09.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-09.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK &amp; Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0509">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.4990"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.0.8.4990"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.1.0.5790"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.0.7220"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.1.8210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3.9120"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:1.5.3.9130"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.2.12610"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.3.13070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.5.0.16600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.5.1.17730"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6.0.19120"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.6.0.19140"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.1948"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.19480"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.1953"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.0.19530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:2.7.1.19610"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.408"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.0.0.4080"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.485"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.1.0.4880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.207"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.3.0.3670"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.597"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air:4.0.0.1390"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.346"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.341"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.336"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.335"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.327"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:4.0.0.1628"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:4.0.0.1390"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1380"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1210"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.9.0.1030"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.910"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.870"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.8.0.1430"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.2090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1860"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.7.0.1530"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.6090"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.6.0.599"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.890"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.880"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.600"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.5.0.1060"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2710"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.4.0.2540"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3690"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.3.0.3650"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.2.0.2070"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.1.0.488"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_air_sdk:3.0.0.4080"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.170"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.252"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.9.900.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.171"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.180"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.6.602.167"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.5.502.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.278"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.4.402.287"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.271"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.265"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.268"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.3.300.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.111.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.115.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.1.102.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0.1.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.3.13070</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.48</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.2.12610</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.599</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:4.0.0.1628</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.43</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3690</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.5.1.17730</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.5.0.16600</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1530</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.265</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.55</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6.0.19120</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.19480</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.485</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.2090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.1948</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3.9120</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.8.4990</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.63</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.62</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2540</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.170</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.1.8210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.110</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.488</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.8</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.3.0.3650</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.146</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.271</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.1430</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.117</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.252</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:4.0.0.1390</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:4.0.0.1390</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.54</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.149</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6.0.19140</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.341</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.3.0.3670</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1030</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.6.0.597</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.44</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.58</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.136</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.5.502.135</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.1060</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.9.900.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.260</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.152</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.19530</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.0.1.153</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.111.50</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.2070</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.327</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.171</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.3.9130</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5.0.7220</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.0.0.4080</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.7.0.1860</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.0.0.408</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.102.59</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.8.0.910</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.41</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.5</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0.4990</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.335</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.336</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.38</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.268</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.1.0.4880</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1210</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.6</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.6.0.6090</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.287</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.8.0.870</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.180</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.7</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.0.1953</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.1.0.5790</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.1.115.34</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.890</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.4.0.2710</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.9.0.1380</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.346</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air_sdk:3.5.0.600</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.6.602.167</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.3.300.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:1.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.4.402.278</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:2.7.1.19610</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_air:3.2.0.207</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0509</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:06.400-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T20:22:06.277-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T20:22:05.167-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-09.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-09.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK &amp; Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0510">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:12.0.0.77"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:flash_player:12.0.0.77</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0510</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T06:55:04.387-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:16.420-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-27T10:35:11.520-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66241" xml:lang="en">66241</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/444262022444621824" xml:lang="en">http://twitter.com/thezdi/statuses/444262022444621824</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0511">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0511</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T06:55:04.417-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-27T10:56:30.530-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-27T10:56:30.483-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/443827076580122624" xml:lang="en">http://twitter.com/thezdi/statuses/443827076580122624</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0512">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:acrobat_reader:11.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:acrobat_reader:11.0.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0512</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T06:55:04.450-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-27T11:04:03.953-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-27T11:04:03.907-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/443827076580122624" xml:lang="en">http://twitter.com/thezdi/statuses/443827076580122624</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0514">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_reader:11.1.3::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:adobe_reader:11.1.0::~~~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:adobe_reader:11.1.0::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:adobe:adobe_reader:11.1.3::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0514</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:14.743-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:03:54.260-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T09:53:16.463-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html" xml:lang="en">http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66798" xml:lang="en">66798</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531831/100/0/threaded" xml:lang="en">20140413 Adobe Reader for Android exposes insecure Javascript interfaces</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html" xml:lang="en">http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/192" xml:lang="en">20140413 Adobe Reader for Android exposes insecure Javascript interfaces</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0515">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:13.0.0.182"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.225"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.269"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.272"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:13.0.0.201"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.350"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.335"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.336"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.341"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.346"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:13.0.0.182"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.225"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.269"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.272"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.335</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.336</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.272</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:13.0.0.182</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.341</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.225</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.346</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.260</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.269</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:13.0.0.201</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.350</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0515</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.733-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T10:46:06.390-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T10:46:05.390-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-13.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-13.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0591">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.9.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.9.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.9.4:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.6:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.6:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.6:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.0:a1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.0:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.0:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.0:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.0:p4"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.1:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.1:b2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.1:b3"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.1:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.2:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.3:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.3:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.5:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.5:b2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.5:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.5:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.5:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.5:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.8.6:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.0:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.0:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.0a1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.0a2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.0a3"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.0b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.0b2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.0b3"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.1:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.1:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.1b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.2:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.2:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.2:p3"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.3:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.3:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.4:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.4:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.4b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.5:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.5:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.5:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.6:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.6:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r3"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r4"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r4-p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r5"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r5:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r5b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r6"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r6:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r6:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r6:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r7"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r7:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r7:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r9"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6-esv-r9:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.0:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.0a1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.0b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.1:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.1:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.1:p3"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.1b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.2-p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.2-p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.2-p3"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.2b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isc:bind:9.6.3b1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:isc:bind:9.6.2-p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.2-p2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.1:b2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.1:b3</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r4-p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.9.4</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.2-p3</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.1b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r6:rc2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r6:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.0a1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.0:beta</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.5:b2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.6:p2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.0:a1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.1:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.0:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.1:p3</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.3</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.1:p2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.4:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.0</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.6:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.7</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.5</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.6</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r5b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.4</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.0b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.0a2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r7:p2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.0a3</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.0a1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r7:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r5:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.1:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r9</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.0:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.3:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.0:p2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.2:p2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.4b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.1:p2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.2:p3</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r3</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r9:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.0:p2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.3:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.2:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.1:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.0:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.5:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.5:rc2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.3:b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.0:b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.1:b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.2:b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.5:b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.4:b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.5:b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.6:b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.9.4:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.3b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.5</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.4</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.3</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.3</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.2b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.6</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.0</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.0</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.9.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.9.4:rc2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r6:b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.0:p4</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.1b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.5:p2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.3:p2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.6:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.5:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r5</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r4</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.3:p1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r7</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6-esv-r6</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.0b1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.0b2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.7.0b3</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.5:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.6:rc2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.6:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.5:rc2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.2:rc2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.8.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.3:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:isc:bind:9.6.2:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0591</vuln:cve-id>
+    <vuln:published-datetime>2014-01-13T23:29:56.953-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:20.017-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-14T13:15:57.453-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kb.isc.org/article/AA-01085" xml:lang="en">https://kb.isc.org/article/AA-01085</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kb.isc.org/article/AA-01078" xml:lang="en">https://kb.isc.org/article/AA-01078</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1051717" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1051717</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2081-1" xml:lang="en">USN-2081-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SLACKWARE</vuln:source>
+      <vuln:reference href="http://www.slackware.com/security/viewer.php?l=slackware-security&amp;y=2014&amp;m=slackware-security.524465" xml:lang="en">SSA:2014-028-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029589" xml:lang="en">1029589</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64801" xml:lang="en">64801</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:002" xml:lang="en">MDVSA-2014:002</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FREEBSD</vuln:source>
+      <vuln:reference href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc" xml:lang="en">FreeBSD-SA-14:04</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56574" xml:lang="en">56574</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56522" xml:lang="en">56522</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56493" xml:lang="en">56493</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56442" xml:lang="en">56442</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56427" xml:lang="en">56427</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56425" xml:lang="en">56425</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0043.html" xml:lang="en">RHSA-2014:0043</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101973" xml:lang="en">101973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=138995561732658&amp;w=2" xml:lang="en">SSRT101420</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://marc.info/?l=bugtraq&amp;m=138995561732658&amp;w=2" xml:lang="en">HPSBUX02961</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00019.html" xml:lang="en">openSUSE-SU-2014:0202</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00016.html" xml:lang="en">openSUSE-SU-2014:0199</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126772.html" xml:lang="en">FEDORA-2014-0811</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126761.html" xml:lang="en">FEDORA-2014-0858</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0592">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:crowbar:barclamp:1.7"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:novell:suse_cloud:3.0"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:crowbar:barclamp:1.7</vuln:product>
+      <vuln:product>cpe:/a:novell:suse_cloud:3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0592</vuln:cve-id>
+    <vuln:published-datetime>2014-04-04T10:55:19.717-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T12:20:45.747-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-04T12:20:39.887-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00025.html" xml:lang="en">SUSE-SU-2014:0452</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/crowbar/barclamp-network/pull/269" xml:lang="en">https://github.com/crowbar/barclamp-network/pull/269</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.novell.com/show_bug.cgi?id=864183" xml:lang="en">https://bugzilla.novell.com/show_bug.cgi?id=864183</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66519" xml:lang="en">66519</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57509" xml:lang="en">57509</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0612">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x45"/>
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x46"/>
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x44"/>
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:11.4"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx650:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx550:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx240:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx220:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx210:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx110:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx100:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:juniper:srx220:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx100:-</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x44</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x46</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx240:-</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:11.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x45</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx650:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx110:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx210:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx550:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0612</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T11:09:06.273-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:46:35.330-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T09:23:32.577-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66759" xml:lang="en">66759</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://securitytracker.com/id?1030057" xml:lang="en">1030057</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57845" xml:lang="en">57845</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10620" xml:lang="en">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10620</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote attackers to cause a denial of service (new Dynamic VPN connection failures and CPU and disk consumption) via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0613">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x46"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x44"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x45"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1r"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:11.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:junos:12.3</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1r</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.2</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x44</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x46</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:11.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x45</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:10.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.2</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.1</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0613</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:04.157-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-15T13:11:02.323-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T13:10:59.573-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029586" xml:lang="en">1029586</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101861" xml:lang="en">101861</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10607" xml:lang="en">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10607</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2-S2, and 13.3 before 13.3R1, when xnm-ssl or xnm-clear-text is enabled, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0614">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:junos:13.2</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0614</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T11:09:06.303-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T09:30:14.717-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T09:30:14.687-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66762" xml:lang="en">66762</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://securitytracker.com/id?1030062" xml:lang="en">1030062</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57819" xml:lang="en">57819</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10618" xml:lang="en">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10618</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0615">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x46"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x44"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x45"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1r"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:11.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:junos:12.3</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1r</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.2</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x44</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x46</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:11.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x45</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:10.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.2</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.1</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0615</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:04.313-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-24T14:22:37.923-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T08:17:06.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029585" xml:lang="en">1029585</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64762" xml:lang="en">64762</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101862" xml:lang="en">101862</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10608" xml:lang="en">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10608</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0616">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x46"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x44"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x45"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1r"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:11.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:junos:12.3</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1r</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.2</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x44</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x46</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:11.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x45</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:10.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.2</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.1</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0616</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:04.343-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-24T14:21:16.560-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-24T14:21:13.873-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029582" xml:lang="en">1029582</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64766" xml:lang="en">64766</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101868" xml:lang="en">101868</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10609" xml:lang="en">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10609</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0617">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:10.4s"/>
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:10.4r"/>
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1r"/>
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:11.4"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx100:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx110:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx1400:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx210:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx220:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx240:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx3400:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx3600:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx550:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx5600:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx5800:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx650:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:junos:12.1r</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx220:-</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:10.4s</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:10.4r</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx1400:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx3600:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx5800:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx210:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx100:-</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:11.4</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx240:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx650:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx5600:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx110:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx3400:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx550:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0617</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:04.377-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-15T13:27:15.923-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T13:27:13.423-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029583" xml:lang="en">1029583</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64764" xml:lang="en">64764</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101863" xml:lang="en">101863</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10610" xml:lang="en">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10610</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0618">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1r"/>
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x44"/>
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x45"/>
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:11.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:juniper:junos:10.4"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx100:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx110:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx1400:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx210:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx220:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx240:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx3400:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx3600:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx550:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx5600:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx5800:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:juniper:srx650:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:junos:12.1r</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx220:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx1400:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx3600:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx5800:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx210:-</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x44</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx100:-</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x45</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:11.4</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx240:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx650:-</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:10.4</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx5600:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx110:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx3400:-</vuln:product>
+      <vuln:product>cpe:/h:juniper:srx550:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0618</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T23:44:42.617-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-17T00:20:32.577-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-13T10:53:28.973-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10611" xml:lang="en">https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10611</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90238" xml:lang="en">juniper-junos-srx-cve20140618-dos(90238)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029584" xml:lang="en">1029584</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64769" xml:lang="en">64769</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101864" xml:lang="en">101864</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0620">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:technicolor:tc7200:std6.01.12"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:technicolor:tc7200:std6.01.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0620</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T10:30:02.683-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-25T12:49:25.067-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-09T09:17:09.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/30668" xml:lang="en">30668</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0621">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:technicolor:tc7200:std6.01.12"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:technicolor:tc7200:std6.01.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0621</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T10:30:02.730-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T21:07:22.937-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-09T09:18:22.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/30667" xml:lang="en">30667</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0622">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_foundation_services:6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_foundation_services:6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_foundation_services:6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_foundation_services:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_foundation_services:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:documentum_foundation_services:6.6</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_foundation_services:6.7</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_foundation_services:7.1</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_foundation_services:7.0</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_foundation_services:6.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0622</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T17:55:03.357-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-07T12:35:32.203-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T12:35:32.110-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-02/0007.html" xml:lang="en">20140205 ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0623">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:rsa:authentication_manager:7.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:rsa:authentication_manager:7.1:sp4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:rsa:authentication_manager:7.1:-</vuln:product>
+      <vuln:product>cpe:/a:rsa:authentication_manager:7.1:sp4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0623</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T06:55:04.480-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-27T11:37:47.770-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-27T11:37:43.443-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0146.html" xml:lang="en">20140326 ESA-2014-015: RSA Authentication Manager Cross Frame Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" issue.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0624">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_data_loss_prevention:9.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_data_loss_prevention:9.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_data_loss_prevention:9.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:rsa_data_loss_prevention:9.6</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_data_loss_prevention:9.0</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_data_loss_prevention:9.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0624</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.177-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:17:23.473-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.7</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T12:41:47.500-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://seclists.org/bugtraq/2014/Mar/8" xml:lang="en">20140228 ESA-2014-003: RSA Data Loss Prevention Improper Session Management Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0625">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:6.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:6.0</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0625</vuln:cve-id>
+    <vuln:published-datetime>2014-02-17T19:55:05.143-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-18T14:43:45.623-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T14:43:45.577-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" xml:lang="en">20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0626">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:6.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:6.0</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0626</vuln:cve-id>
+    <vuln:published-datetime>2014-02-17T19:55:05.173-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-18T14:45:23.737-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T14:45:23.657-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" xml:lang="en">20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0627">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe_ssl-j:6.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:6.0</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe_ssl-j:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0627</vuln:cve-id>
+    <vuln:published-datetime>2014-02-17T19:55:05.207-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-18T14:46:21.660-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T14:46:21.597-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" xml:lang="en">20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0628">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:4.0.1::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:4.0.0::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:4.0.3::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:4.0.2::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:4.0.4::~~micro_edition_suite~~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:4.0.0::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:4.0.1::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:4.0.2::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:4.0.3::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:4.0.4::~~micro_edition_suite~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0628</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T09:25:38.210-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T11:13:51.850-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-25T11:13:48.447-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0130.html" xml:lang="en">20140324 ESA-2014-011: RSA BSAFE Micro Edition Suite Server Crash Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0629">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_taskspace:6.7:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_taskspace:6.7:sp2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:documentum_taskspace:6.7:sp2</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_taskspace:6.7:sp1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0629</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.193-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:16:34.033-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>8.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T07:45:19.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://seclists.org/bugtraq/2014/Mar/33" xml:lang="en">20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0630">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_taskspace:6.7:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_taskspace:6.7:sp2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:documentum_taskspace:6.7:sp2</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_taskspace:6.7:sp1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0630</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.223-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:14:46.673-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T12:46:37.337-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://seclists.org/bugtraq/2014/Mar/33" xml:lang="en">20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0632">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.2</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.1</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.0</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.2.1</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0632</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:28:17.997-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T10:10:48.903-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T10:10:48.840-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" xml:lang="en">20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0633">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.2</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.1</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.0</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.2.1</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0633</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:28:18.030-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T10:13:09.453-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.7</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T10:13:05.737-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" xml:lang="en">20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0634">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.2</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.1</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.0</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.2.1</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0634</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:28:18.060-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T10:14:43.753-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T10:14:43.707-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" xml:lang="en">20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0635">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:vplex_geosynchrony:5.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.2</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.1</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.0</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:5.2.1</vuln:product>
+      <vuln:product>cpe:/a:emc:vplex_geosynchrony:4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0635</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:28:18.077-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T10:16:06.773-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T10:15:53.477-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" xml:lang="en">20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0636">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:3.2.4::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:3.2.3::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:3.2.2::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:3.2.1::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:3.2.0::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:3.2.5::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:4.0.0::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:4.0.1::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:4.0.2::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:4.0.3::~~micro_edition_suite~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_bsafe:4.0.4::~~micro_edition_suite~~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:4.0.0::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:4.0.1::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:3.2.0::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:4.0.2::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:3.2.1::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:4.0.3::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:3.2.2::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:4.0.4::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:3.2.3::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:3.2.5::~~micro_edition_suite~~~</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_bsafe:3.2.4::~~micro_edition_suite~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0636</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T15:55:04.307-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T12:43:06.777-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T12:43:06.667-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0069.html" xml:lang="en">20140411 ESA-2014-019: RSA BSAFE Micro Edition Suite Certificate Chain Processing Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0637">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3_p3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:7.1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:7.0</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3_p3</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0637</vuln:cve-id>
+    <vuln:published-datetime>2014-04-04T11:09:05.337-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T12:34:39.997-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-04T12:34:39.917-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0007.html" xml:lang="en">20140401 ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0638">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3_p3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:7.1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:7.0</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3_p3</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_adaptive_authentication_on-premise:6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0638</vuln:cve-id>
+    <vuln:published-datetime>2014-04-04T11:09:38.057-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T12:37:35.080-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-04T12:37:34.423-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0007.html" xml:lang="en">20140401 ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0642">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_content_server:6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_content_server:6.5:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_content_server:6.5:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_content_server:6.5:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_content_server:6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_content_server:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_content_server:6.7:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_content_server:6.7:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_content_server:6.7:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_content_server:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:documentum_content_server:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:documentum_content_server:6.7:-</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_content_server:6.7:sp1</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_content_server:6.5:sp3</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_content_server:6.7:sp2</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_content_server:6.0</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_content_server:6.5:sp1</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_content_server:6.5:sp2</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_content_server:7.0</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_content_server:6.5</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_content_server:7.1</vuln:product>
+      <vuln:product>cpe:/a:emc:documentum_content_server:6.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0642</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:16.790-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:03:42.857-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:03:42.797-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/artika4biz/statuses/455358950116823040" xml:lang="en">http://twitter.com/artika4biz/statuses/455358950116823040</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html" xml:lang="en">20140411 ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0644">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:emc:cloud_tiering_appliance_software:10.0:-"/>
+          <cpe-lang:fact-ref name="cpe:/a:emc:cloud_tiering_appliance_software:10.0:sp1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:emc:cloud_tiering_appliance:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:emc:cloud_tiering_appliance:-</vuln:product>
+      <vuln:product>cpe:/a:emc:cloud_tiering_appliance_software:10.0:sp1</vuln:product>
+      <vuln:product>cpe:/a:emc:cloud_tiering_appliance_software:10.0:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0644</vuln:cve-id>
+    <vuln:published-datetime>2014-04-16T21:55:05.657-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-17T11:06:50.127-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-17T11:06:50.063-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gist.github.com/brandonprry/9895721" xml:lang="en">https://gist.github.com/brandonprry/9895721</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/426" xml:lang="en">20140331 EMC CTA v10.0 unauthenticated XXE with root perms</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html" xml:lang="en">20140416 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0645">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:emc:cloud_tiering_appliance_software:9.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:emc:cloud_tiering_appliance_software:10.0:sp1"/>
+          <cpe-lang:fact-ref name="cpe:/a:emc:cloud_tiering_appliance_software:10.0:-"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:emc:cloud_tiering_appliance:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:emc:file_management_appliance_software:7.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:emc:file_management_appliance:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:emc:cloud_tiering_appliance:-</vuln:product>
+      <vuln:product>cpe:/a:emc:file_management_appliance_software:7.0</vuln:product>
+      <vuln:product>cpe:/a:emc:cloud_tiering_appliance_software:10.0:sp1</vuln:product>
+      <vuln:product>cpe:/a:emc:cloud_tiering_appliance_software:10.0:-</vuln:product>
+      <vuln:product>cpe:/h:emc:file_management_appliance:-</vuln:product>
+      <vuln:product>cpe:/a:emc:cloud_tiering_appliance_software:9.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0645</vuln:cve-id>
+    <vuln:published-datetime>2014-04-16T21:55:05.690-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-17T11:10:45.367-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.7</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-17T11:10:45.273-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gist.github.com/brandonprry/9895721" xml:lang="en">https://gist.github.com/brandonprry/9895721</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/426" xml:lang="en">20140331 EMC CTA v10.0 unauthenticated XXE with root perms</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html" xml:lang="en">20140416 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0646">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_access_manager:6.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_access_manager:6.1:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_access_manager:6.2:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_access_manager:6.2:sp1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:rsa_access_manager:6.2:-</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_access_manager:6.2:sp1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_access_manager:6.1:sp4</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_access_manager:6.1:sp3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0646</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.697-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T09:49:06.440-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T09:49:06.363-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0191.html" xml:lang="en">20140430 ESA-2014-029: RSA Access Manager Sensitive Information Disclosure Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0647">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:starbucks:starbucks:2.6.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:starbucks:starbucks:2.6.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0647</vuln:cve-id>
+    <vuln:published-datetime>2014-01-27T19:55:03.957-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T17:03:17.877-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-28T11:54:07.187-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://itunes.apple.com/us/app/starbucks/id331177714?mt=8" xml:lang="en">https://itunes.apple.com/us/app/starbucks/id331177714?mt=8</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90412" xml:lang="en">starbucks-cve20140647-info-disclosure(90412)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.zdnet.com/the-starbucks-bug-not-as-awful-as-reported-7000025269/" xml:lang="en">http://www.zdnet.com/the-starbucks-bug-not-as-awful-as-reported-7000025269/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.zdnet.com/starbucks-fixes-ios-app-bugs-7000025323/" xml:lang="en">http://www.zdnet.com/starbucks-fixes-ios-app-bugs-7000025323/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64942" xml:lang="en">64942</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/530756/100/0/threaded" xml:lang="en">20140114 [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102514" xml:lang="en">102514</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Jan/64" xml:lang="en">20140113 [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Jan/123" xml:lang="en">20140117 Re: [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0648">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.2.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.2.0.26.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.2.0.26.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.2.0.26.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.2.0.26.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.8</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.9</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.2.0.26</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0648</vuln:cve-id>
+    <vuln:published-datetime>2014-01-16T14:55:04.637-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-23T23:38:00.120-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-17T11:20:03.047-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90431" xml:lang="en">cisco-acs-cve20140648-unauth-access(90431)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029634" xml:lang="en">1029634</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64962" xml:lang="en">64962</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32379" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32379</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs" xml:lang="en">20140115 Multiple Vulnerabilities in Cisco Secure Access Control System</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56213" xml:lang="en">56213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102117" xml:lang="en">102117</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0649">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.2.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.2.0.26.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.2.0.26.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.2.0.26.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.2.0.26.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.8</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.9</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.2.0.26</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0649</vuln:cve-id>
+    <vuln:published-datetime>2014-01-16T14:55:04.670-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-23T23:38:00.200-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-17T11:26:22.603-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90430" xml:lang="en">cisco-acs-cve20140649-priv-esc(90430)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029634" xml:lang="en">1029634</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64958" xml:lang="en">64958</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32378" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32378</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs" xml:lang="en">20140115 Multiple Vulnerabilities in Cisco Secure Access Control System</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56213" xml:lang="en">56213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102116" xml:lang="en">102116</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0650">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.4.0.46.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.3.0.40.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.1.0.44.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.2.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.2.0.26.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:5.2.0.26.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.2.0.26.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.2.0.26.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.8</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.4.0.46.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.9</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.2.0.26</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.1.0.44.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:5.3.0.40.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0650</vuln:cve-id>
+    <vuln:published-datetime>2014-01-16T14:55:04.700-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:15.533-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-17T11:28:46.247-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90432" xml:lang="en">cisco-acs-cve20140650-command-exec(90432)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029634" xml:lang="en">1029634</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64964" xml:lang="en">64964</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32380" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32380</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs" xml:lang="en">20140115 Multiple Vulnerabilities in Cisco Secure Access Control System</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56213" xml:lang="en">56213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102115" xml:lang="en">102115</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0651">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:context_directory_agent:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:context_directory_agent:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0651</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T16:55:06.223-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-17T00:20:32.983-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-09T13:14:43.650-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90166" xml:lang="en">cisco-cda-cve20140651-priv-esc(90166)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029573" xml:lang="en">1029573</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64706" xml:lang="en">64706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32364" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32364</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0651" xml:lang="en">20140107 Cisco Context Directory Agent Privilege Escalation Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56365" xml:lang="en">56365</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101809" xml:lang="en">101809</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0652">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:context_directory_agent:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:context_directory_agent:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0652</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T16:55:06.240-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-17T00:20:33.093-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-09T13:15:21.870-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90167" xml:lang="en">cisco-cda-cve20140652-xss(90167)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029572" xml:lang="en">1029572</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64703" xml:lang="en">64703</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32365" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32365</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0652" xml:lang="en">20140107 Cisco Context Directory Agent Mappings Page Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56365" xml:lang="en">56365</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101803" xml:lang="en">101803</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0653">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:cisco:adaptive_security_appliance"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:cisco:adaptive_security_appliance</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0653</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T16:55:06.270-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-17T00:20:33.200-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-09T14:32:30.300-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90165" xml:lang="en">cisco-asa-cve20140653-sec-bypass(90165)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029570" xml:lang="en">1029570</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64708" xml:lang="en">64708</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32363" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32363</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0653" xml:lang="en">20140107 Cisco Adaptive Security Appliance Identity Firewall NetBIOS Logout Probe Auth State Change Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56366" xml:lang="en">56366</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101834" xml:lang="en">101834</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0654">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:context_directory_agent:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:context_directory_agent:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0654</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T16:55:06.303-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-17T00:20:33.297-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-09T13:17:47.750-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90168" xml:lang="en">cisco-cda-cve20140654-sec-bypass(90168)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029574" xml:lang="en">1029574</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64709" xml:lang="en">64709</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32366" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32366</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0654" xml:lang="en">20140107 Cisco Context Directory Agent Replayed RADIUS Accounting Message Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56365" xml:lang="en">56365</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101802" xml:lang="en">101802</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0655">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:cisco:adaptive_security_appliance"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:cisco:adaptive_security_appliance</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0655</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T16:55:06.333-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-17T00:20:33.387-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-09T14:33:31.800-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90164" xml:lang="en">cisco-asa-cve20140655-sec-bypass(90164)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029575" xml:lang="en">1029575</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64700" xml:lang="en">64700</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32362" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32362</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0655" xml:lang="en">20140107 Cisco Adaptive Security Appliance RADIUS Change of Authorization Message Replay Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56366" xml:lang="en">56366</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101838" xml:lang="en">101838</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0656">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:context_directory_agent:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:context_directory_agent:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0656</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T16:55:06.380-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-17T00:20:33.483-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-09T13:16:36.607-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90169" xml:lang="en">cisco-cda-cve20140656-sec-bypass(90169)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029569" xml:lang="en">1029569</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64701" xml:lang="en">64701</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0656" xml:lang="en">20140107 Cisco Context Directory Agent Hidden Input Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101801" xml:lang="en">101801</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0657">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1%281b%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1%281c%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1%282%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1%282a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1%282b%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1%283a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1%283c%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1%283d%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1%283e%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.0%281a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.0%281b%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%281a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%281b%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%282%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%282%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%282%29su1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%283a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%283b%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%283b%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%284%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%284%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%284a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%284a%29su2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%285%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%285%29su2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:6.1%285%29su3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.0%281%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.0%281%29su1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.0%282%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.0%282a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.0%282a%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.0%282a%29su2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%282a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%282a%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%282b%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%282b%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%283a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%283a%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%283a%29su1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%283b%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%283b%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%283b%29su2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%285%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%285%29su1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%285a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%285b%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%285b%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%285b%29su1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%285b%29su2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%285b%29su3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%285b%29su4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%285b%29su5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:7.1%285b%29su6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.0%282%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.0%282a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.0%282b%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.0%282c%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.0%282c%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.0%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.0%283a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.0%283a%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.0%283a%29su2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.0%283a%29su3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.5%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.5%281%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.5%281%29su2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.5%281%29su3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.5%281%29su4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.5%281%29su5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.6%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.6%281a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.6%282%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.6%282a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.6%282a%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.6%282a%29su2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.6%282a%29su3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.6%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:8.6%284%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:9.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:9.1%281%29"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.6%282a%29su2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.6%282a%29su3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%283b%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.6%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1%282%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.6%282a%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%283a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.0%281b%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.0%281a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%285%29su1a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.0%282%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%283b%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.0%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%283b%29su2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%284a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%284%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.5%281%29su2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.5%281%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.6%282%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%281a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%284%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.5%281%29su5</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.6%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.5%281%29su3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.5%281%29su4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.0%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%285b%29su1a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:9.1%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.0%282a%29su2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%282b%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.0%282a%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.6%281a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%282a%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%282%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1%283d%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.0%281%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2b</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:9.0%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%285%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%285%29su2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%285%29su3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.6%284%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1%283e%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.0%282c%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%282b%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%282%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%282%29su1a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.0%283a%29su2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.0%283a%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.0%282a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.0%283a%29su3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1%283a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.0%282b%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1%281c%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%282a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1%282a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%285b%29su6</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1%282b%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1%281b%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%283a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%285a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.0%282c%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%285b%29su3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%285b%29su2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%285b%29su5</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%283a%29su1a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%285b%29su4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%285b%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%284a%29su2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.0%281%29su1a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%281b%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1%283c%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.0%283a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%283b%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%285b%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.0%282%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.5%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.0%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%283a%29su1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:5.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.6%282a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:6.1%283b%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:8.0%282a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:7.1%285%29su1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0657</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T16:55:06.410-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-17T00:20:33.577-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-09T14:44:49.190-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90120" xml:lang="en">cisco-ucm-cve20140657-sec-bypass(90120)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029571" xml:lang="en">1029571</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64690" xml:lang="en">64690</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32341" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32341</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657" xml:lang="en">20140107 Cisco Unified Communications Manager Role Bypass Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56368" xml:lang="en">56368</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101800" xml:lang="en">101800</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0658">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:unified_ip_phones_9900_series_firmware:-"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:unified_ip_phone_9951"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:unified_ip_phone_9971"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:cisco:unified_ip_phone_9951</vuln:product>
+      <vuln:product>cpe:/h:cisco:unified_ip_phone_9971</vuln:product>
+      <vuln:product>cpe:/o:cisco:unified_ip_phones_9900_series_firmware:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0658</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T11:47:06.037-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-17T00:20:33.670-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T13:05:09.983-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90236" xml:lang="en">cisco-unified-cve20140658-dos(90236)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029596" xml:lang="en">1029596</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64770" xml:lang="en">64770</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32402" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32402</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0658" xml:lang="en">20140110 Cisco 9900 Series IP Phone Crafted Header Unregister Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56384" xml:lang="en">56384</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101913" xml:lang="en">101913</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0659">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:rvs4000_firmware:2.0.3.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:rvs4000_firmware:1.3.3.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:rvs4000_firmware:1.3.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:rvs4000_firmware:2.0.2.7"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:rvs4000_firmware:2.0.0.3"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:rvs4000:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wrvs4400n_firmware:1.1.13"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wrvs4400n_firmware:1.1.03"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wrvs4400n_firmware:2.0.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wrvs4400n_firmware:2.0.1.3"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:wrvs4400n:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wap4410n_firmware:2.0.6.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wap4410n_firmware:2.0.4.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wap4410n_firmware:2.0.3.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wap4410n_firmware:2.0.2.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:wap4410n:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:rvs4000_firmware:1.3.3.5</vuln:product>
+      <vuln:product>cpe:/o:cisco:wap4410n_firmware:2.0.2.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:wap4410n_firmware:2.0.6.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:rvs4000_firmware:1.3.2.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wrvs4400n_firmware:1.1.13</vuln:product>
+      <vuln:product>cpe:/o:cisco:wrvs4400n_firmware:2.0.1.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:rvs4000_firmware:2.0.3.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:wap4410n_firmware:2.0.4.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:wrvs4400n:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:rvs4000:-</vuln:product>
+      <vuln:product>cpe:/o:cisco:wrvs4400n_firmware:1.1.03</vuln:product>
+      <vuln:product>cpe:/o:cisco:wap4410n_firmware:2.0.3.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:rvs4000_firmware:2.0.2.7</vuln:product>
+      <vuln:product>cpe:/h:cisco:wap4410n:-</vuln:product>
+      <vuln:product>cpe:/o:cisco:wrvs4400n_firmware:2.0.2.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:rvs4000_firmware:2.0.0.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0659</vuln:cve-id>
+    <vuln:published-datetime>2014-01-12T13:34:55.957-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-17T00:20:33.763-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-13T13:36:09.533-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/elvanderb/TCP-32764" xml:lang="en">https://github.com/elvanderb/TCP-32764</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90233" xml:lang="en">cisco-small-cve20140659-priv-esc(90233)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029580" xml:lang="en">1029580</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029579" xml:lang="en">1029579</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64776" xml:lang="en">64776</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32381" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32381</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd" xml:lang="en">20140110 Undocumented Test Interface in Cisco Small Business Devices</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56292" xml:lang="en">56292</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0660">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_isdn_gateway_software:2.1%281.43%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_isdn_gateway_software:2.1%281.49%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_isdn_gateway_software:2.1%281.56%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_isdn_gateway_software:2.1%281.79%29"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_isdn_gateway_software:2.1%281.43%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_isdn_gateway_software:2.1%281.56%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_isdn_gateway_software:2.1%281.49%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_isdn_gateway_software:2.1%281.79%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0660</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T16:55:02.823-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:16.437-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T12:26:09.173-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90622" xml:lang="en">cisco-isdn-cve20140660-dos(90622)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029657" xml:lang="en">1029657</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65072" xml:lang="en">65072</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32460" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32460</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-isdngw" xml:lang="en">20140122 Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56591" xml:lang="en">56591</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102361" xml:lang="en">102361</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a denial of service (D-channel call outage) via a crafted Q.931 STATUS message, aka Bug ID CSCui50360.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0661">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:6.1.0%2890%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:6.0.0.1%284%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:6.0.1%2850%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:6.0.2%2828%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:6.0.3%2833%29"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1100:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_tx9200"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_tx9000"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_tx1310_65"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_tx1300_47"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_500-32:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.9.6.1%283%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.9.6%282%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.9.5%287%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.9.4%2819%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.9.3%2844%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.9.2%2819%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.9.1%2868%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.9.0%2846%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.8.5%284%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.8.4%2813%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.8.3%284%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.8.2%2811%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.8.1%2834%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.8.0%2855%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.7.6%284%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.7.5%2842%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.5.10%283648%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.10.1%2843%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.10.0%28259%29"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.10.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:1.10.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_500-37:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1300-65:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_3210"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_3200"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_3010"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_3000"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:cisco:telepresence_system_500-37:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:6.0.1%2850%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.10.1%2843%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.7.5%2842%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.9.1%2868%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:6.0.3%2833%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.9.2%2819%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.10.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_tx1300_47</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.9.6.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.9.3%2844%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.8.0%2855%29</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_3200</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.9.6%282%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.8.3%284%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.9.4%2819%29</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_tx9000</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_3010</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_tx9200</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:6.1.0%2890%29</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.7.6%284%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.10.0%28259%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.9.5%287%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:6.0.2%2828%29</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_tx1310_65</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.8.1%2834%29</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_3000</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_500-32:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.9.0%2846%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.8.4%2813%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.8.2%2811%29</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_3210</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.8.5%284%29</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1100:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1300-65:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:1.5.10%283648%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:6.0.0.1%284%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0661</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T16:55:03.560-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:16.673-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>8.3</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T12:48:10.377-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90624" xml:lang="en">cisco-telepresence-cve20140661-command-exec(90624)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029656" xml:lang="en">1029656</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65071" xml:lang="en">65071</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts" xml:lang="en">20140122 Cisco TelePresence System Software Command Execution Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56533" xml:lang="en">56533</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102362" xml:lang="en">102362</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0662">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_video_communication_servers_software:x7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_video_communication_servers_software:x7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_video_communication_servers_software:x7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_video_communication_servers_software:x7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_video_communication_servers_software:x6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_video_communication_servers_software:x6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_video_communication_servers_software:x7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_video_communication_servers_software:x7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_video_communication_servers_software:x7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_video_communication_servers_software:x7.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_video_communication_servers_software:x6.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_video_communication_servers_software:x7.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_video_communication_servers_software:x6</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_video_communication_servers_software:x7.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_video_communication_servers_software:x7.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_video_communication_servers_software:x7.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_video_communication_servers_software:x7.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_video_communication_servers_software:x7.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_video_communication_servers_software:x7.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_video_communication_servers_software:x7.0.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0662</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T16:55:03.573-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:16.923-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T12:34:49.577-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90621" xml:lang="en">cisco-vcs-cve20140662-dos(90621)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029655" xml:lang="en">1029655</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65076" xml:lang="en">65076</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409" xml:lang="en">http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs" xml:lang="en">20140122 Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56592" xml:lang="en">56592</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102363" xml:lang="en">102363</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0663">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0663</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T11:47:06.067-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-17T00:20:33.873-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T13:08:20.660-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90232" xml:lang="en">cisco-acs-cve20140663-xss(90232)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029595" xml:lang="en">1029595</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64773" xml:lang="en">64773</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32403" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32403</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0663" xml:lang="en">20140110 Cisco Secure Access Control System Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56382" xml:lang="en">56382</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101914" xml:lang="en">101914</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0664">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unity_connection:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unity_connection:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0664</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T11:47:06.083-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T23:59:36.323-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T12:58:00.977-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90234" xml:lang="en">cisco-unity-cve20140664-dos(90234)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029593" xml:lang="en">1029593</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64772" xml:lang="en">64772</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0664" xml:lang="en">20140110 Cisco Unity Connection Internet Message Access Protocol Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56370" xml:lang="en">56370</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101915" xml:lang="en">101915</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0665">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:identity_services_engine_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:identity_services_engine_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0665</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:11:08.457-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-23T23:38:01.463-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-15T15:57:11.723-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90463" xml:lang="en">cisco-ise-cve2040665-unsuth-access(90463)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029624" xml:lang="en">1029624</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64939" xml:lang="en">64939</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32448" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665" xml:lang="en">20140115 Cisco ISE Unprivileged Support Bundle Download Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56439" xml:lang="en">56439</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102118" xml:lang="en">102118</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0666">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.2%28.1%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.2%28.0%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.2:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.1%28.5%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.1%28.4%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.1%28.3%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.1%28.2%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.1%28.1%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.1%28.0%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.1:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.0%28.5%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.0%28.4%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.0%28.3%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.0%28.2%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.0%28.1%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.0%28.0%29:-:~-~-~windows~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:jabber:9.0:-:~-~-~windows~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:jabber:9.1%28.3%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.1%28.2%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.2%28.0%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.1%28.0%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.1%28.1%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.0%28.3%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.2%28.1%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.1%28.5%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.0%28.2%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.0%28.1%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.0%28.4%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.0%28.5%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.0%28.0%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.1%28.4%29:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.0:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.1:-:~-~-~windows~~</vuln:product>
+      <vuln:product>cpe:/a:cisco:jabber:9.2:-:~-~-~windows~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0666</vuln:cve-id>
+    <vuln:published-datetime>2014-01-16T14:55:04.730-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-23T23:38:01.557-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-17T11:18:16.483-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90435" xml:lang="en">cisco-jabber-cve20140666-code-exec(90435)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029635" xml:lang="en">1029635</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64965" xml:lang="en">64965</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32451" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0666" xml:lang="en">20140115 Cisco Jabber for Windows Remote Code Execution Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56331" xml:lang="en">56331</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102122" xml:lang="en">102122</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0667">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0667</vuln:cve-id>
+    <vuln:published-datetime>2014-01-16T14:55:04.763-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-23T23:38:01.637-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-17T11:21:20.410-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90497" xml:lang="en">cisco-acs-cve20140667-info-disc(90497)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029641" xml:lang="en">1029641</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64983" xml:lang="en">64983</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32468" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32468</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0667" xml:lang="en">20140116 Cisco Secure ACS RMI Arbitrary File Read Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102168" xml:lang="en">102168</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0668">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0668</vuln:cve-id>
+    <vuln:published-datetime>2014-01-19T23:58:49.807-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:17.783-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-21T12:07:57.267-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90561" xml:lang="en">cisco-acs-cve20140668-xss(90561)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029654" xml:lang="en">1029654</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65016" xml:lang="en">65016</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32489" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32489</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0668" xml:lang="en">20140117 Cisco Secure ACS Portal Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56543" xml:lang="en">56543</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102256" xml:lang="en">102256</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0669">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:asr_5000_series_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:asr_5000_series_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0669</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T00:22:20.720-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:17.953-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-22T15:59:24.233-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90614" xml:lang="en">cisco-ggsn-cve20140669-sec-bypass(90614)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029666" xml:lang="en">1029666</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65052" xml:lang="en">65052</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32513" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32513</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0669" xml:lang="en">20140121 Cisco ASR 5000 Series Gateway GPRS Support Node Traffic Bypass Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56546" xml:lang="en">56546</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102318" xml:lang="en">102318</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0670">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:mediasense:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:mediasense:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0670</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T00:22:20.737-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:18.220-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-22T12:04:42.507-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90615" xml:lang="en">cisco-mediasense-cve20140670-xss(90615)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029667" xml:lang="en">1029667</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65053" xml:lang="en">65053</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32514" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32514</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670" xml:lang="en">20140121 Cisco MediaSense Search and Play Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56563" xml:lang="en">56563</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102319" xml:lang="en">102319</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0671">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:mediasense:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:mediasense:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0671</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T00:22:20.767-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:18.487-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-22T12:03:32.037-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90617" xml:lang="en">cisco-mediasense-cve20140671-open-redirect(90617)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029669" xml:lang="en">1029669</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65055" xml:lang="en">65055</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32517" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32517</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0671" xml:lang="en">20140121 Cisco MediaSense Open Redirection Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56544" xml:lang="en">56544</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102341" xml:lang="en">102341</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0672">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:mediasense:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:mediasense:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0672</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T00:22:20.783-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T23:59:36.947-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-22T11:50:59.487-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90616" xml:lang="en">cisco-mediasense-cve20140672-info-disc(90616)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029668" xml:lang="en">1029668</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65054" xml:lang="en">65054</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32516" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32516</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0672" xml:lang="en">20140121 Cisco MediaSense Search and Play Authorization Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56600" xml:lang="en">56600</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102342" xml:lang="en">102342</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0673">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:cisco:video_surveillance_indoor_fixed_dome_ip_hd_camera:5010"/>
+        <cpe-lang:fact-ref name="cpe:/h:cisco:video_surveillance_indoor_fixed_dome_ip_hd_camera:5011"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:cisco:video_surveillance_indoor_fixed_dome_ip_hd_camera:5010</vuln:product>
+      <vuln:product>cpe:/h:cisco:video_surveillance_indoor_fixed_dome_ip_hd_camera:5011</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0673</vuln:cve-id>
+    <vuln:published-datetime>2014-01-25T17:55:03.300-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T13:23:51.623-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T05:18:59.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90733" xml:lang="en">cisco-video-cve20140673-xss(90733)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029689" xml:lang="en">1029689</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65145" xml:lang="en">65145</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32568" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32568</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0673" xml:lang="en">20140124 Cisco Video Surveillance 5000 Series HD IP Dome Camera Multiple Cross-Site Scripting Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56552" xml:lang="en">56552</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102557" xml:lang="en">102557</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0674">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:video_surveillance_operations_manager:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:video_surveillance_operations_manager:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0674</vuln:cve-id>
+    <vuln:published-datetime>2014-01-23T23:38:09.667-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:19.080-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-24T11:40:37.560-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90651" xml:lang="en">cisco-vsom-cve20140674-unauth-access(90651)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029692" xml:lang="en">1029692</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65111" xml:lang="en">65111</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0674" xml:lang="en">20140123 Cisco Video Surveillance Operations Manager MySQL Database Insufficient Authentication Controls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56619" xml:lang="en">56619</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102409" xml:lang="en">102409</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0675">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_video_communication_server:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:cisco:telepresence_video_communication_server:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0675</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T23:41:16.097-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-30T00:17:30.627-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T12:31:22.587-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90650" xml:lang="en">cisco-telepresence-cve20140675-mitm(90650)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029682" xml:lang="en">1029682</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65101" xml:lang="en">65101</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32540" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32540</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675" xml:lang="en">20140122 Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56621" xml:lang="en">56621</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102377" xml:lang="en">102377</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0676">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:nx-os:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:nx-os:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0676</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T16:55:03.607-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:19.437-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T12:37:28.860-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90627" xml:lang="en">cisco-nxos-cve20140676-priv-esc(90627)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029690" xml:lang="en">1029690</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65083" xml:lang="en">65083</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32531" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32531</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676" xml:lang="en">20140122 Cisco NX-OS Software TACACS+ Command Authorization Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56597" xml:lang="en">56597</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102366" xml:lang="en">102366</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0677">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:nx-os:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:nx-os:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0677</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T16:55:03.637-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:19.627-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T12:38:54.863-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90623" xml:lang="en">cisco-nxos-cve20140677-dos(90623)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029691" xml:lang="en">1029691</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65074" xml:lang="en">65074</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32532" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32532</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0677" xml:lang="en">20140122 Cisco NX-OS Software Label Distribution Protocol Message Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56611" xml:lang="en">56611</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102368" xml:lang="en">102368</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0678">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:secure_access_control_system:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:secure_access_control_system:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0678</vuln:cve-id>
+    <vuln:published-datetime>2014-01-25T17:55:03.567-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:51.160-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T10:16:23.980-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90732" xml:lang="en">cisco-acs-cve20140678-unauth-access(90732)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029688" xml:lang="en">1029688</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65144" xml:lang="en">65144</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32567" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32567</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0678" xml:lang="en">20140124 Cisco Secure ACS Portal Session Management Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56540" xml:lang="en">56540</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102558" xml:lang="en">102558</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0679">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_infrastructure:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_infrastructure:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_infrastructure:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_infrastructure:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_infrastructure:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_infrastructure:2.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:prime_infrastructure:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_infrastructure:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_infrastructure:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_infrastructure:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_infrastructure:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_infrastructure:2.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0679</vuln:cve-id>
+    <vuln:published-datetime>2014-02-27T15:55:05.130-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-28T10:56:55.753-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T10:56:55.613-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi" xml:lang="en">20140226 Cisco Prime Infrastructure Command Execution Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0680">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:cisco:identity_services_engine:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:cisco:identity_services_engine:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0680</vuln:cve-id>
+    <vuln:published-datetime>2014-01-29T13:34:05.310-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:51.240-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-29T14:23:47.250-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32617" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32617</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0680" xml:lang="en">20140128 Cisco Identity Services Engine HTTP Control Interface for NAC Web Agent Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56672" xml:lang="en">56672</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102588" xml:lang="en">102588</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0681">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:identity_services_engine_software:1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:identity_services_engine_software:1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0681</vuln:cve-id>
+    <vuln:published-datetime>2014-01-29T13:34:05.340-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:51.333-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-29T14:25:16.267-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65183" xml:lang="en">65183</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32609" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32609</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681" xml:lang="en">20140128 Cisco Identity Services Engine Reports Output Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56714" xml:lang="en">56714</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102589" xml:lang="en">102589</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0682">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:webex_meetings_server:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:webex_meetings_server:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0682</vuln:cve-id>
+    <vuln:published-datetime>2014-01-29T13:34:05.373-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:51.410-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-29T14:27:16.583-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65198" xml:lang="en">65198</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0682" xml:lang="en">20140128 Cisco WebEx Meetings Server Unauthorized Meeting Actions Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102590" xml:lang="en">102590</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0683">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:rv110w_firmware:1.2.0.9"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:rv110w:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:rv215w_firmware:1.1.0.5"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:rv215w:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cvr100w_firmware:1.0.1.19"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:cvr100w:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:rv215w_firmware:1.1.0.5</vuln:product>
+      <vuln:product>cpe:/h:cisco:rv215w:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:rv110w:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:cvr100w:-</vuln:product>
+      <vuln:product>cpe:/o:cisco:cvr100w_firmware:1.0.1.19</vuln:product>
+      <vuln:product>cpe:/o:cisco:rv110w_firmware:1.2.0.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0683</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.287-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:14:22.000-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T13:00:04.700-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd" xml:lang="en">20140305 Cisco Small Business Router Password Disclosure Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0686">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:9.1%282.10000.28%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:9.1%282%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:9.1%281%29"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:9.1%282.10000.28%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:9.1%282%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:9.1%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0686</vuln:cve-id>
+    <vuln:published-datetime>2014-02-04T00:39:08.480-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T20:33:06.417-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-03T17:11:26.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32683" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32683</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686" xml:lang="en">20140131 Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0694">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:cloud_portal:9.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:cloud_portal:9.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:cloud_portal:9.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:cloud_portal:9.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:cloud_portal:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:cloud_portal:9.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:cloud_portal:9.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:cloud_portal:9.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:cloud_portal:9.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:cisco:cloud_portal:9.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:cisco:cloud_portal:9.1:sp3</vuln:product>
+      <vuln:product>cpe:/a:cisco:cloud_portal:9.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:cloud_portal:9.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:cloud_portal:9.4.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:cloud_portal:9.3.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:cloud_portal:9.3.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0694</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:05.723-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T13:56:47.767-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T13:56:47.690-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33336" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33336</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0694" xml:lang="en">20140312 Cisco Intelligent Automation for Cloud Cryptographic Implementation Issues</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0701">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.4.100.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.4.100.60"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2.103.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2.110.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.3.101.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.0.220.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.0.235.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:wireless_lan_controller:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.3.101.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.4.100.60</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2.110.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.0.235.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.4.100.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2.103.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.0.220.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0701</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.317-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:50:55.837-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T03:12:44.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" xml:lang="en">20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0703">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.4.100.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.4.100.60"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:wireless_lan_controller"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.4.100.60</vuln:product>
+      <vuln:product>cpe:/h:cisco:wireless_lan_controller</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.4.100.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0703</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.333-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:12:52.263-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T13:19:14.680-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" xml:lang="en">20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0704">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.0.108"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.0.155.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.0.155.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.0.179.11"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.0.179.8"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.0.196"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.0.206.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.0.217.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.0.219.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.1.171.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.1.181.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.1.185.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.1m"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.2.112.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.2.117.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.2.130.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.2.173.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.2.174.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.2.176.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.2.182.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.2.61.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.2.99.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:4.2m"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:5.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:5.0.148.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:5.0.148.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:5.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:5.1.151.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:5.1.152.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:5.1.160.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:5.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:5.2.157.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:5.2.169.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:6.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:6.0.182.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:6.0.188.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:6.0.196.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:6.0.199.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:6.0.199.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.0.220.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.0.235.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.0.98.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.1.91.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2.103.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2.110.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.3.101.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:wireless_lan_controller"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.2.174.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.0.98.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:5.1.151.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:5.0.148.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.1.171.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:5.0.148.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.3.101.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:6.0.182.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.2.173.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.2.176.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.0.155.5</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:5.1.152.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.2.61.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.0.179.8</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.1.181.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.1.185.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:5.2.157.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.0.108</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:6.0.199.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.2.99.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.2m</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.0.155.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.2.182.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.0.219.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:6.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:6.0.188.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.0.179.11</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2.110.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:wireless_lan_controller</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.1.91.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.0.217.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:5.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.2.130.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.0.196</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.1m</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.0.235.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:6.0.199.4</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.0.220.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.2.112.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.0.206.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:5.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:5.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:4.2.117.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2.103.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:5.1.160.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:5.2.169.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:6.0.196.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0704</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.367-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:12:10.827-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T13:23:11.203-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" xml:lang="en">20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an IGMPv3 message, aka Bug ID CSCuh33240.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0705">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2.103.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2.110.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.3.101.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.4.100.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.4.100.60"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:wireless_lan_controller"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.3.101.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.4.100.60</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2.110.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:wireless_lan_controller</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.4.100.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2.103.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0705</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.380-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:08:17.977-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T13:37:58.303-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" xml:lang="en">20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0706">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2.103.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2.110.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.3.101.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.4.100.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.4.100.60"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:wireless_lan_controller"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.3.101.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.4.100.60</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2.110.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:wireless_lan_controller</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.4.100.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2.103.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0706</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.413-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:03:15.967-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T13:45:49.500-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" xml:lang="en">20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0707">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2.103.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.2.110.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.3.101.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.4.100.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:wireless_lan_controller_software:7.4.100.60"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:wireless_lan_controller"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.3.101.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.4.100.60</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2.110.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:wireless_lan_controller</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.4.100.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:wireless_lan_controller_software:7.2.103.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0707</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.427-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:02:48.077-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T13:53:34.027-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" xml:lang="en">20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0708">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:webex_meeting_center"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:webex_meeting_center</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0708</vuln:cve-id>
+    <vuln:published-datetime>2014-03-20T21:04:02.903-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:48:13.077-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T10:00:19.893-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0708" xml:lang="en">20140318 Cisco WebEx Business Suite HTTP GET Parameters Include Sensitive Information</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0709">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ucs_director:4.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ucs_director:4.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ucs_director:4.0.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:ucs_director:4.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:ucs_director:4.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:ucs_director:4.0.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0709</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.500-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:34.657-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T10:24:04.240-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd" xml:lang="en">20140219 Cisco UCS Director Default Credentials Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0710">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%2810%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%2811%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%2812%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%2813%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%2814%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%2815%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%2816%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%2817%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%2818%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%2819%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%282%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%2820%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%2821%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%284%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%286%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%287%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%288%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.1%289%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2810%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2811%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2812%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2813%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2814%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2815%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2816%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2817%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2818%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2819%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%282%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2820%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2821%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2822%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2823%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2824%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2825%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2826%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%2827%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%284%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%286%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%287%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%288%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:3.2%289%29"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%2810%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%2811%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%2812%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%2813%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%2814%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%2815%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%282%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%284%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%286%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%287%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.0%288%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%2810%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%2811%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%2812%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%2813%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%2814%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%282%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%284%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%286%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%287%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%288%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:firewall_services_module_software:4.1%289%29"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2823%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%282%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%2813%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%288%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%2814%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%287%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%2810%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%2810%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%2812%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2824%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2810%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%2817%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2819%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2815%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%284%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%2815%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%289%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2826%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%284%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%286%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%2813%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2813%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%286%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%288%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%2814%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2820%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%282%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%289%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%2810%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%2811%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%2818%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%288%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2816%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2825%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%286%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%289%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2821%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%282%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%2820%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%287%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%286%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%2815%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%2819%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%2813%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%2821%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2817%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%282%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%2812%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%284%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%2811%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%287%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%284%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2812%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%288%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2822%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%2811%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%2816%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%287%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2818%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2811%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%2812%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:4.0%2814%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2827%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:firewall_services_module_software:3.2%2814%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0710</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.530-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T11:55:46.107-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T11:55:45.467-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-fwsm" xml:lang="en">20140219 Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (device reload) via certain matching traffic, aka Bug ID CSCuj16824.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0718">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.2%281%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%281%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%282%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%283%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%284%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%286%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%287%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%288%29e4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%282%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%286%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.2%281%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%288%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%284%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%283%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%281%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%287%29e4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0718</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.547-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:34.830-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T12:08:09.157-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips" xml:lang="en">20140219 Multiple Vulnerabilities in Cisco IPS Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0719">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.2%281%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%281%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%282%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%283%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%284%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%286%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%287%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%288%29e4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%282%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%286%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.2%281%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%288%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%284%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%283%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%281%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%287%29e4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0719</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.577-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:34.907-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T12:35:44.527-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips" xml:lang="en">20140219 Multiple Vulnerabilities in Cisco IPS Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0720">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.2%281%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%281%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%282%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%283%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%284%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%286%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%287%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:ips_sensor_software:7.1%288%29e4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%282%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%286%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.2%281%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%288%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%284%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%283%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%281%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:ips_sensor_software:7.1%287%29e4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0720</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.593-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:34.987-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T12:39:40.567-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips" xml:lang="en">20140219 Multiple Vulnerabilities in Cisco IPS Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0721">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:cisco:unified_sip_phone_3905:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:cisco:unified_sip_phone_3905:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0721</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.627-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:35.080-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T12:41:30.927-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-phone" xml:lang="en">20140219 Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0722">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0722</vuln:cve-id>
+    <vuln:published-datetime>2014-02-13T00:24:51.450-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T09:08:56.980-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-13T09:08:56.933-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722" xml:lang="en">20140211 Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0723">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0723</vuln:cve-id>
+    <vuln:published-datetime>2014-02-13T00:24:51.497-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T09:09:56.623-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-13T09:09:47.373-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0723" xml:lang="en">20140211 Cisco Unified Communications Manager IPMA Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0724">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0724</vuln:cve-id>
+    <vuln:published-datetime>2014-02-13T00:24:51.527-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T12:13:31.060-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-13T12:13:27.670-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32825" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32825</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724" xml:lang="en">20140211 Cisco Unified Communications Manager Arbitrary File Read Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0725">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0725</vuln:cve-id>
+    <vuln:published-datetime>2014-02-13T00:24:51.557-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T09:11:25.343-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-13T09:11:25.313-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725" xml:lang="en">20140212 Cisco Unified Communications Manager WAR File Availability Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0726">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0726</vuln:cve-id>
+    <vuln:published-datetime>2014-02-13T00:24:51.573-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T12:16:13.597-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-13T12:16:13.473-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32843" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32843</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726" xml:lang="en">20140212 Cisco Unified Communications Manager IPMA Blind SQL Injection Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0727">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0727</vuln:cve-id>
+    <vuln:published-datetime>2014-02-13T00:24:51.607-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T09:13:20.003-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-13T09:13:19.677-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0727" xml:lang="en">20140212 Cisco Unified Communications Manager CMIVR Blind SQL Injection Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0728">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0728</vuln:cve-id>
+    <vuln:published-datetime>2014-02-13T00:24:51.637-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T12:16:50.037-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-13T12:16:49.990-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32834" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32834</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728" xml:lang="en">20140211 Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0729">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0729</vuln:cve-id>
+    <vuln:published-datetime>2014-02-13T00:24:51.667-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-13T09:14:39.197-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-13T09:14:39.163-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0729" xml:lang="en">20140211 Cisco Unified Communications Manager Enterprise Mobility Application Blind SQL Injection Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0730">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_computing_system_central_software:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_computing_system_central_software:1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_computing_system_central_software:1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_computing_system_central_software:1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0730</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.640-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T12:53:40.070-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T12:53:39.913-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32910" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32910</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0730" xml:lang="en">20140218 Cisco Unified Computing System Central Software Privilege Escalation Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0731">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2b</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0731</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.670-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:35.877-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T13:08:09.763-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32915" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32915</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0731" xml:lang="en">20140218 Cisco Unified Communications Manager Java Class File Availability Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0732">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2b</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0732</vuln:cve-id>
+    <vuln:published-datetime>2014-02-20T00:18:04.140-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-20T19:26:40.500-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-20T05:50:11.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32913" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32913</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732" xml:lang="en">20140218 Cisco Unified Communications Manager Real Time Monitoring Tool Information Disclosure Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0733">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2b</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0733</vuln:cve-id>
+    <vuln:published-datetime>2014-02-20T10:27:09.437-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-20T18:52:25.500-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-20T13:51:25.780-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32914" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32914</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733" xml:lang="en">20140218 Cisco Unified Communications Manager Enterprise License Manager Information Disclosure Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0734">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2b</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0734</vuln:cve-id>
+    <vuln:published-datetime>2014-02-20T00:18:04.203-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-20T19:25:07.140-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-20T05:52:49.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32916" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32916</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0734" xml:lang="en">20140218 Cisco Unified Communications Manager CAPF Unauthenticated Blind SQL Injection Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0735">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2b</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0735</vuln:cve-id>
+    <vuln:published-datetime>2014-02-20T00:18:04.233-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-20T19:22:06.967-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-20T10:54:07.110-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32912" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32912</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735" xml:lang="en">20140218 Cisco Unified Communications Manager IPMA Reflected Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0736">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2b</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0736</vuln:cve-id>
+    <vuln:published-datetime>2014-02-20T00:18:04.267-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-20T19:13:56.517-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-20T11:07:18.670-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32911" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32911</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736" xml:lang="en">20140218 Cisco Unified Communications Manager CAR Page CSRF Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0737">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:cisco:unified_ip_phone_7960g"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:cisco:unified_ip_phone_7960g</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0737</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.703-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:36.423-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T12:59:28.923-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32957" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32957</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0737" xml:lang="en">20140220 Cisco Third-Generation IP Phone CTL Trust Chain Enforcement Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0738">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0738</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.717-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:36.503-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T13:01:32.017-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32956" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32956</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0738" xml:lang="en">20140220 Cisco Adaptive Security Appliance Phone Proxy CTL Authentication Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0739">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0739</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.750-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:36.580-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T13:03:40.177-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=32955" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=32955</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0739" xml:lang="en">20140220 Cisco Adaptive Security Appliance Phone Proxy sec_db Race Condition Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0740">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2b</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0740</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.290-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T15:15:17.973-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T06:19:07.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33049" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33049</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740" xml:lang="en">20140225 Cisco Unified Communications Manager OS Administration CSRF Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0741">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2b</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0741</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.320-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T15:14:22.027-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T11:20:33.913-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33046" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33046</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741" xml:lang="en">20140225 Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0742">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2b</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0742</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.350-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T15:44:43.350-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T11:21:23.037-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33045" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33045</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742" xml:lang="en">20140225 Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0743">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2b</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0743</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.367-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T15:12:02.823-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T11:23:49.917-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33044" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33044</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743" xml:lang="en">20140225 Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0745">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_contact_center_express_editor_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_contact_center_express_editor_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0745</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.397-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T17:49:21.407-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T06:25:31.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0745" xml:lang="en">20140225 Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0746">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_contact_center_express_editor_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_contact_center_express_editor_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0746</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.430-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T17:49:02.983-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T06:49:09.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746" xml:lang="en">20140225 Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0747">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:10.0%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.2.3sr2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager:4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2b</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29sr2a</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr4</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr1</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:3.3%285%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:4.1%283%29sr3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager:10.0%281%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0747</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.447-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T15:12:50.057-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T11:22:41.820-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33048" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33048</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747" xml:lang="en">20140225 Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0750">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_hmi%252fscada_cimplicity:8.2:sim24"/>
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:4.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.2</vuln:product>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.1</vuln:product>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.0</vuln:product>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-</vuln:product>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:4.01</vuln:product>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_hmi%252fscada_cimplicity:8.2:sim24</vuln:product>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:7.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0750</vuln:cve-id>
+    <vuln:published-datetime>2014-01-25T17:55:04.550-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:26.797-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T10:23:10.100-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65124" xml:lang="en">65124</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.ge-ip.com/support/index?page=kbchannel&amp;id=KB15939" xml:lang="en">http://support.ge-ip.com/support/index?page=kbchannel&amp;id=KB15939</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0751">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_hmi%252fscada_cimplicity:8.2:sim24"/>
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:4.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.2</vuln:product>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.1</vuln:product>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.0</vuln:product>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-</vuln:product>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:4.01</vuln:product>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_hmi%252fscada_cimplicity:8.2:sim24</vuln:product>
+      <vuln:product>cpe:/a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:7.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0751</vuln:cve-id>
+    <vuln:published-datetime>2014-01-25T17:55:04.583-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:26.877-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T10:27:15.557-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65117" xml:lang="en">65117</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.ge-ip.com/support/index?page=kbchannel&amp;id=KB15940" xml:lang="en">http://support.ge-ip.com/support/index?page=kbchannel&amp;id=KB15940</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0752">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4360"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.00"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.72"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.71.4200"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.60.4061"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.6.4000.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.5.3900.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.5.3900.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.71.4200</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.6.4000.0</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.5.3900.5</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.60.4061</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4360</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.71</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.72</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.00</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.5.3900.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0752</vuln:cve-id>
+    <vuln:published-datetime>2014-01-09T13:07:26.597-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-10T09:56:26.270-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T09:56:26.160-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-008-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-008-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.integraxor.com/blog/category/security/vulnerability-note/" xml:lang="en">http://www.integraxor.com/blog/category/security/vulnerability-note/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0753">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.5.3900.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.5.3900.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.6.4000.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.60.4061"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.71.4200"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:3.72"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.00"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4360"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4369"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4380"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4369</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.71.4200</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.6.4000.0</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.60.4061</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.5.3900.5</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4360</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.71</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.72</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.00</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:3.5.3900.10</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4380</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0753</vuln:cve-id>
+    <vuln:published-datetime>2014-01-20T20:55:03.620-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-22T11:45:57.620-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-22T11:45:57.543-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/" xml:lang="en">http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0755">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:rockwellautomation:rslogix_5000_design_and_configuration_software:7.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:rockwellautomation:rslogix_5000_design_and_configuration_software:20.01"/>
+          <cpe-lang:fact-ref name="cpe:/a:rockwellautomation:rslogix_5000_design_and_configuration_software:21.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:rockwellautomation:rslogix_5000_design_and_configuration_software:18.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:rockwellautomation:logix_5000_controller:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:rockwellautomation:rslogix_5000_design_and_configuration_software:7.0</vuln:product>
+      <vuln:product>cpe:/a:rockwellautomation:rslogix_5000_design_and_configuration_software:21.0</vuln:product>
+      <vuln:product>cpe:/a:rockwellautomation:rslogix_5000_design_and_configuration_software:18.0</vuln:product>
+      <vuln:product>cpe:/a:rockwellautomation:rslogix_5000_design_and_configuration_software:20.01</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0755</vuln:cve-id>
+    <vuln:published-datetime>2014-02-05T00:15:29.930-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:27.110-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-05T12:37:20.797-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90981" xml:lang="en">rslogix-cve20140755-info-disc(90981)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65337" xml:lang="en">65337</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102858" xml:lang="en">102858</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0757">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:3s-software:codesys_runtime_toolkit:2.4.7.43"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:3s-software:codesys_runtime_toolkit:2.4.7.43</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0757</vuln:cve-id>
+    <vuln:published-datetime>2014-01-31T01:15:53.073-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:27.203-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-31T13:54:09.890-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56713" xml:lang="en">56713</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0758">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:iconics:genesis32:8.05"/>
+        <cpe-lang:fact-ref name="cpe:/a:iconics:genesis32:8.04"/>
+        <cpe-lang:fact-ref name="cpe:/a:iconics:genesis32:8.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:iconics:genesis32:8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:iconics:genesis32:8.0</vuln:product>
+      <vuln:product>cpe:/a:iconics:genesis32:8.05</vuln:product>
+      <vuln:product>cpe:/a:iconics:genesis32:8.04</vuln:product>
+      <vuln:product>cpe:/a:iconics:genesis32:8.02</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0758</vuln:cve-id>
+    <vuln:published-datetime>2014-02-23T23:48:10.193-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T14:45:33.177-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T14:45:31.190-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0759">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:floating_license_manager:1.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:floating_license_manager:1.4.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:schneider-electric:floating_license_manager:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:floating_license_manager:1.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0759</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T01:18:54.260-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-28T12:16:12.043-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T12:16:11.967-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01" xml:lang="en">http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0760">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:3s-software:codesys_runtime_system:-"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:festo:cecx-x-c1_modular_master_controller:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:softmotion3d:softmotion:-"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:festo:cecx-x-m1_modular_controller:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:softmotion3d:softmotion:-</vuln:product>
+      <vuln:product>cpe:/h:festo:cecx-x-c1_modular_master_controller:-</vuln:product>
+      <vuln:product>cpe:/a:3s-software:codesys_runtime_system:-</vuln:product>
+      <vuln:product>cpe:/h:festo:cecx-x-m1_modular_controller:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0760</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T01:12:07.693-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:56:18.937-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T09:56:18.873-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0763">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.1</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:6.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0763</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.440-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:27:16.287-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:27:16.227-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0764">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.1</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:6.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0764</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.470-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:28:25.463-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:28:25.417-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0765">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.1</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:6.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0765</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.503-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:29:25.650-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:29:25.603-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0766">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.1</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:6.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0766</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.533-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:35:51.447-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:35:51.400-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName2 argument.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0767">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.1</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:6.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0767</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.567-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:37:09.870-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:36:52.900-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode argument.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0768">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.1</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:6.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0768</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.597-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:38:18.043-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:38:17.857-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode2 argument.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0769">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:softmotion3d:softmotion:-"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:festo:cecx-x-m1_modular_controller:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:3s-software:codesys_runtime_system:-"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:festo:cecx-x-c1_modular_master_controller:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:softmotion3d:softmotion:-</vuln:product>
+      <vuln:product>cpe:/h:festo:cecx-x-c1_modular_master_controller:-</vuln:product>
+      <vuln:product>cpe:/a:3s-software:codesys_runtime_system:-</vuln:product>
+      <vuln:product>cpe:/h:festo:cecx-x-m1_modular_controller:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0769</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T01:12:07.753-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:58:09.157-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T09:58:09.110-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0770">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.1</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:6.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0770</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.627-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:40:36.627-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:40:36.563-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long UserName parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0771">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.1</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:6.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0771</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.643-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:42:25.053-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:42:15.443-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0772">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.1</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:6.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0772</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.673-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:44:26.243-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:44:26.180-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0773">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:advantech:advantech_webaccess:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.1</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:7.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:6.0</vuln:product>
+      <vuln:product>cpe:/a:advantech:advantech_webaccess:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0773</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.707-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:56:26.973-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:56:23.520-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0774">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:opc_factory_server:3.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:ofs_test_client_tlxcdlfofs33:3.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:ofs_test_client_tlxcdltofs33:3.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:ofs_test_client_tlxcdluofs33:3.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:ofs_test_client_tlxcdstofs33:3.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:ofs_test_client_tlxcdsuofs33:3.35"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:schneider-electric:opc_factory_server:3.35</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:ofs_test_client_tlxcdluofs33:3.35</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:ofs_test_client_tlxcdsuofs33:3.35</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:ofs_test_client_tlxcdltofs33:3.35</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:ofs_test_client_tlxcdlfofs33:3.35</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:ofs_test_client_tlxcdstofs33:3.35</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0774</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T01:18:54.277-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-28T12:59:27.513-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T12:59:27.450-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01" xml:lang="en">http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0777">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ioserver:opc_drivers:1.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:ioserver:ioserver_opc_server:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ioserver:ioserver_opc_server:-</vuln:product>
+      <vuln:product>cpe:/a:ioserver:opc_drivers:1.0.20</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0777</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T12:55:03.457-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T12:19:34.417-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T12:19:30.477-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-100-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-100-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0778">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:progea:movicon:11.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:progea:movicon:11.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0778</vuln:cve-id>
+    <vuln:published-datetime>2014-04-19T15:55:07.200-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T14:50:53.030-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T14:50:52.983-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-105-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-105-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0779">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:scada_expert_clearscada:2013:r2"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:scada_expert_clearscada:2013:r1"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:scada_expert_clearscada:2013:r1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:scada_expert_clearscada:2013:r1.1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:scada_expert_clearscada:2013:r1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:clearscada:2010:r2"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:clearscada:2010:r2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:clearscada:2010:r3"/>
+        <cpe-lang:fact-ref name="cpe:/a:schneider-electric:clearscada:2010:r3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:schneider-electric:scada_expert_clearscada:2013:r2</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:clearscada:2010:r3</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:scada_expert_clearscada:2013:r1.1a</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:clearscada:2010:r2</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:scada_expert_clearscada:2013:r1.2</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:scada_expert_clearscada:2013:r1.1</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:clearscada:2010:r2.1</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:clearscada:2010:r3.1</vuln:product>
+      <vuln:product>cpe:/a:schneider-electric:scada_expert_clearscada:2013:r1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0779</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:05.803-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T13:37:49.707-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T13:37:49.613-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01" xml:lang="en">http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0780">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:indusoft:web_studio:7.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:indusoft:web_studio:7.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:indusoft:web_studio:7.1:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:indusoft:web_studio:7.1:-</vuln:product>
+      <vuln:product>cpe:/a:indusoft:web_studio:7.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:indusoft:web_studio:7.1:sp1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0780</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T01:12:07.787-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T11:48:51.573-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T11:48:51.433-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0781">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.09.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.09"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.08.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.08.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.08"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.07"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.06"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.05"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.04"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.01"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.02</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.03</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.01</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.04</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.05</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.06</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.07</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.08</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.08.70</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.09</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.08.50</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.09.50</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0781</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:05.817-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:51:04.050-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:51:03.973-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0783">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.09.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.09"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.08.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.08.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.08"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.07"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.06"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.05"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.04"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.01"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.02</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.03</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.01</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.04</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.05</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.06</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.07</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.08</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.08.70</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.09</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.08.50</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.09.50</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0783</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:05.850-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:52:26.427-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:52:26.367-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0784">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.09.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.09"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.08.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.08.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.08"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.07"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.06"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.05"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.04"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:yokogawa:centum_cs_3000:r3.01"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.02</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.03</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.01</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.04</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.05</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.06</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.07</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.08</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.08.70</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.09</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.08.50</vuln:product>
+      <vuln:product>cpe:/a:yokogawa:centum_cs_3000:r3.09.50</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0784</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:05.863-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:54:45.087-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>8.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:54:44.930-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0786">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4369"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4380"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4390"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4360"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4340"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4369</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4390</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4360</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4340</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4380</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0786</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T21:56:10.490-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T12:18:09.443-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T12:18:09.240-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.integraxor.com/blog/category/security/vulnerability-note/" xml:lang="en">http://www.integraxor.com/blog/category/security/vulnerability-note/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0787">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:wellintech:kingscada:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wellintech:kingscada:3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:wellintech:kingscada:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:wellintech:kingscada:3.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0787</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.737-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T13:59:36.133-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T13:59:36.057-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-098-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-098-02</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0789">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:schneider-electric:opc_factory_server_tlxcdstofs:3.35"/>
+        <cpe-lang:fact-ref name="cpe:/h:schneider-electric:opc_factory_server_tlxcdltofs:3.35"/>
+        <cpe-lang:fact-ref name="cpe:/h:schneider-electric:opc_factory_server_tlxcdlfofs:3.35"/>
+        <cpe-lang:fact-ref name="cpe:/h:schneider-electric:opc_factory_server_tlxcdluofs:3.35"/>
+        <cpe-lang:fact-ref name="cpe:/h:schneider-electric:opc_factory_server_tlxcdsuofs:3.35"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:schneider-electric:opc_factory_server_tlxcdsuofs:3.35</vuln:product>
+      <vuln:product>cpe:/h:schneider-electric:opc_factory_server_tlxcdstofs:3.35</vuln:product>
+      <vuln:product>cpe:/h:schneider-electric:opc_factory_server_tlxcdltofs:3.35</vuln:product>
+      <vuln:product>cpe:/h:schneider-electric:opc_factory_server_tlxcdlfofs:3.35</vuln:product>
+      <vuln:product>cpe:/h:schneider-electric:opc_factory_server_tlxcdluofs:3.35</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0789</vuln:cve-id>
+    <vuln:published-datetime>2014-04-04T11:09:45.917-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T13:52:48.090-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-04T13:52:43.417-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-093-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-093-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml" xml:lang="en">http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0791">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:freerdp_project:freerdp:1.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:freerdp_project:freerdp:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freerdp_project:freerdp:1.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:freerdp_project:freerdp:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:freerdp_project:freerdp:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:freerdp_project:freerdp:1.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0791</vuln:cve-id>
+    <vuln:published-datetime>2014-01-03T13:54:13.257-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-06T21:38:52.107-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-06T21:38:52.027-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e" xml:lang="en">https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/FreeRDP/FreeRDP/pull/1649" xml:lang="en">https://github.com/FreeRDP/FreeRDP/pull/1649</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=998941" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=998941</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/01/03/4" xml:lang="en">[oss-security] 20140103 Re: CVE for freerdp int overflow?</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/01/02/5" xml:lang="en">[oss-security] 20140102 CVE for freerdp int overflow?</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0792">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.7.0:04"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.7.0:05"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.7.0:06"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.0.4:1"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sonatype:nexus:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.0</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.0.4:1</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:1.0</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.7.0</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.0</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.4</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.7.0:06</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.1</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.7.0:05</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.2</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.7.0:04</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.2</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0792</vuln:cve-id>
+    <vuln:published-datetime>2014-01-17T15:55:04.000-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-21T09:14:59.440-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-21T09:14:47.817-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability" xml:lang="en">https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.sonatype.org/advisories/archive/2014-01-13-Nexus" xml:lang="en">http://www.sonatype.org/advisories/archive/2014-01-13-Nexus</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist" xml:lang="en">https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0793">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:stackideas:komento:1.7.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:stackideas:komento:1.7.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:stackideas:komento:1.7.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:joomla:joomla%21"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:stackideas:komento:1.7.2</vuln:product>
+      <vuln:product>cpe:/a:stackideas:komento:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:stackideas:komento:1.7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0793</vuln:cve-id>
+    <vuln:published-datetime>2014-01-30T13:55:03.503-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T13:15:05.407-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-30T20:50:28.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23194" xml:lang="en">https://www.htbridge.com/advisory/HTB23194</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/530873/100/0/threaded" xml:lang="en">20140123 Cross-Site Scripting (XSS) in Komento Joomla Extension</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31174" xml:lang="en">31174</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://stackideas.com/downloads/changelog/komento" xml:lang="en">http://stackideas.com/downloads/changelog/komento</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0794">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:joomla:com_jvcomment:3.0.2"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:joomla:joomla%21"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:joomla:com_jvcomment:3.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0794</vuln:cve-id>
+    <vuln:published-datetime>2014-01-26T15:55:06.657-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T17:04:57.927-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T03:30:46.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23195" xml:lang="en">https://www.htbridge.com/advisory/HTB23195</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90532" xml:lang="en">joomla-jvcomment-unspecified-sql-injection(90532)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64661" xml:lang="en">64661</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/530872/100/0/threaded" xml:lang="en">20140123 SQL Injection in JV Comment Joomla Extension</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/101960" xml:lang="en">101960</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31175" xml:lang="en">31175</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://extensions.joomla.org/extensions/contacts-and-feedback/articles-comments/23394" xml:lang="en">http://extensions.joomla.org/extensions/contacts-and-feedback/articles-comments/23394</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in JV Comment (com_jvcomment) 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the id parameter in a comment.like action.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0802">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:aokitaka:zip_with_pass:4.5.7:-:~-~-~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:aokitaka:zip_with_pass_pro:6.3.8:-:~-~-~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:aokitaka:zip_with_pass_pro:6.3.7:-:~-~-~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:aokitaka:zip_with_pass_pro:6.3.5:-:~-~-~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:aokitaka:zip_with_pass_pro:6.3.4:-:~-~-~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:aokitaka:zip_with_pass_pro:6.3.0:-:~-~-~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:aokitaka:zip_with_pass_pro:6.2.2:-:~-~-~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:aokitaka:zip_with_pass_pro:6.2.1:-:~-~-~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:aokitaka:zip_with_pass_pro:6.3.0:-:~-~-~android~~</vuln:product>
+      <vuln:product>cpe:/a:aokitaka:zip_with_pass_pro:6.3.5:-:~-~-~android~~</vuln:product>
+      <vuln:product>cpe:/a:aokitaka:zip_with_pass_pro:6.3.4:-:~-~-~android~~</vuln:product>
+      <vuln:product>cpe:/a:aokitaka:zip_with_pass_pro:6.3.7:-:~-~-~android~~</vuln:product>
+      <vuln:product>cpe:/a:aokitaka:zip_with_pass_pro:6.2.2:-:~-~-~android~~</vuln:product>
+      <vuln:product>cpe:/a:aokitaka:zip_with_pass_pro:6.2.1:-:~-~-~android~~</vuln:product>
+      <vuln:product>cpe:/a:aokitaka:zip_with_pass_pro:6.3.8:-:~-~-~android~~</vuln:product>
+      <vuln:product>cpe:/a:aokitaka:zip_with_pass:4.5.7:-:~-~-~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0802</vuln:cve-id>
+    <vuln:published-datetime>2014-01-12T13:34:56.000-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-13T14:07:31.053-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-13T14:07:27.397-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000001" xml:lang="en">JVNDB-2014-000001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN88313872/index.html" xml:lang="en">JVN#88313872</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0803">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:yuichiro_okuyama:tetra_filer:1.5.1:-:~-~-~android~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:yuichiro_okuyama:tetra_filer_free:1.5.1:-:~-~-~android~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:yuichiro_okuyama:tetra_filer_free:2.3.1:-:~-~-~android~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:yuichiro_okuyama:tetra_filer:2.3.1:-:~-~-~android~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.3"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:yuichiro_okuyama:tetra_filer_free:1.5.1:-:~-~-~android~~</vuln:product>
+      <vuln:product>cpe:/a:yuichiro_okuyama:tetra_filer:1.5.1:-:~-~-~android~~</vuln:product>
+      <vuln:product>cpe:/a:yuichiro_okuyama:tetra_filer:2.3.1:-:~-~-~android~~</vuln:product>
+      <vuln:product>cpe:/a:yuichiro_okuyama:tetra_filer_free:2.3.1:-:~-~-~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0803</vuln:cve-id>
+    <vuln:published-datetime>2014-01-12T13:34:56.033-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-13T14:47:08.617-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-13T14:47:08.507-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free" xml:lang="en">https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app" xml:lang="en">https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000002" xml:lang="en">JVNDB-2014-000002</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN51285738/index.html" xml:lang="en">JVN#51285738</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0804">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cgene:security_file_manager:1.0.6:-:~-~pro~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:cgene:security_file_manager:1.0.6:-:~-~trial~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cgene:security_file_manager:1.0.6:-:~-~trial~android~~</vuln:product>
+      <vuln:product>cpe:/a:cgene:security_file_manager:1.0.6:-:~-~pro~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0804</vuln:cve-id>
+    <vuln:published-datetime>2014-01-12T13:34:56.063-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-13T15:05:50.797-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-13T15:05:50.733-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.pro" xml:lang="en">https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.pro</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.free" xml:lang="en">https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.free</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000003" xml:lang="en">JVNDB-2014-000003</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN44392991/index.html" xml:lang="en">JVN#44392991</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0805">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:skyarts:neofiler:5.4.3:-:~-~-~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:skyarts:neofiler:5.4.3:-:~-~free~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:skyarts:neofiler:2.4.2:-:~-~lite~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:skyarts:neofiler:2.4.2:-:~-~lite~android~~</vuln:product>
+      <vuln:product>cpe:/a:skyarts:neofiler:5.4.3:-:~-~free~android~~</vuln:product>
+      <vuln:product>cpe:/a:skyarts:neofiler:5.4.3:-:~-~-~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0805</vuln:cve-id>
+    <vuln:published-datetime>2014-01-12T13:34:56.547-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-13T23:49:19.543-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-13T23:49:19.417-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerlite" xml:lang="en">https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerlite</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerfree" xml:lang="en">https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerfree</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=com.skyarts.android.neofiler" xml:lang="en">https://play.google.com/store/apps/details?id=com.skyarts.android.neofiler</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.skyarts.com/products/android/neofiler/index.html" xml:lang="en">http://www.skyarts.com/products/android/neofiler/index.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000004" xml:lang="en">JVNDB-2014-000004</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN85716574/index.html" xml:lang="en">JVN#85716574</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free application 5.4.3 and earlier, and NeoFiler Lite application 2.4.2 and earlier for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0806">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.10:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.10:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.11:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.12:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.12:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.12.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.12.1:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.0.0:alpha"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.0.0:alpha:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.0.0:beta_update1"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.0.0:beta_update1:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.0.0:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.0.0:rc:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.1.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.2.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.3.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.4.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.5.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.5.1:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.6.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.7.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:1.7.1:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.0.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.0.1:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.0.2:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.0.3:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.0.4:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.1.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.10.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.2.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.2.1:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.2.2:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.2.3:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.3.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.4.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.4.1:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.5.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.5.1:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.6.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.7.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.8.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.9.0:-:black"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:fenrir-inc:sleipnir_mobile:2.9.1:-:black"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.3.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.0.4:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.12.1:-</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.0.3:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.0.2:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.0.0:rc:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.10.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.7.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.12.1:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.6.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.0.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.0.1:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.1.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.9.1:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.7.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.5.1:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.5.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.0.0:rc</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.11:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.8.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.12:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.10.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.10:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.4.1:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.2.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.4.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.0.0:alpha:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.2.1:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.2.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.2.3:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.2.2:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.0.0:alpha</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.1.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.3.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.7.1:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.7.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.6.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.4.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.9.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.5.1:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.5.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.8.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.0.0:beta_update1</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.6.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.10:-</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.11:-</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.7.0:-:black</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:2.12:-</vuln:product>
+      <vuln:product>cpe:/a:fenrir-inc:sleipnir_mobile:1.0.0:beta_update1:black</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0806</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T16:55:03.653-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-23T12:56:48.870-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T12:56:47.840-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000007" xml:lang="en">JVNDB-2014-000007</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN81637882/index.html" xml:lang="en">JVN#81637882</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0807">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.4.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.12.0</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.4.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.5</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.4</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.3</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.2</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.12.2</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.1</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.0:beta</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0807</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T16:55:03.683-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-23T13:10:13.500-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T13:10:12.843-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.ec-cube.net/info/weakness/weakness.php?id=56" xml:lang="en">http://www.ec-cube.net/info/weakness/weakness.php?id=56</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005" xml:lang="en">JVNDB-2014-000005</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN17849447/index.html" xml:lang="en">JVN#17849447</vuln:reference>
+    </vuln:references>
+    <vuln:summary>data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0808">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:lockon:ec-cube:2.12.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.12.0</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.1</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.5</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.4</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.0:beta</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.3</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.0</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.12.2</vuln:product>
+      <vuln:product>cpe:/a:lockon:ec-cube:2.11.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0808</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T16:55:03.717-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-23T13:03:07.020-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T13:03:06.943-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.ec-cube.net/info/weakness/weakness.php?id=57" xml:lang="en">http://www.ec-cube.net/info/weakness/weakness.php?id=57</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006" xml:lang="en">JVNDB-2014-000006</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN51770585/index.html" xml:lang="en">JVN#51770585</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The lfCheckError function in data/class/pages/shopping/LC_Page_Shopping_Multiple.php in LOCKON EC-CUBE 2.11.0 through 2.12.2 allows remote attackers to obtain sensitive shipping information via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0809">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gapless_player:simzip:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gapless_player:simzip:1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gapless_player:simzip:1.1</vuln:product>
+      <vuln:product>cpe:/a:gapless_player:simzip:1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0809</vuln:cve-id>
+    <vuln:published-datetime>2014-01-24T10:08:00.827-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:28.813-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-24T18:05:15.553-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=com.acidzazz.simzip" xml:lang="en">https://play.google.com/store/apps/details?id=com.acidzazz.simzip</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90980" xml:lang="en">simple-zip-cve20140809-dir-traversal(90980)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008" xml:lang="en">JVNDB-2014-000008</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN49384502/index.html" xml:lang="en">JVN#49384502</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the Gapless Player SimZip (aka Simple Zip Viewer) application before 1.2.1 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0810">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:justsystems:sanshiro:2007"/>
+        <cpe-lang:fact-ref name="cpe:/a:justsystems:sanshiro:2008"/>
+        <cpe-lang:fact-ref name="cpe:/a:justsystems:sanshiro:2009"/>
+        <cpe-lang:fact-ref name="cpe:/a:justsystems:sanshiro:2010"/>
+        <cpe-lang:fact-ref name="cpe:/a:justsystems:sanshiro:viewer"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:justsystems:sanshiro:2010</vuln:product>
+      <vuln:product>cpe:/a:justsystems:sanshiro:viewer</vuln:product>
+      <vuln:product>cpe:/a:justsystems:sanshiro:2007</vuln:product>
+      <vuln:product>cpe:/a:justsystems:sanshiro:2008</vuln:product>
+      <vuln:product>cpe:/a:justsystems:sanshiro:2009</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0810</vuln:cve-id>
+    <vuln:published-datetime>2014-01-29T00:37:02.857-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-29T13:39:45.720-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-29T13:39:45.610-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.justsystems.com/jp/info/js14001.html" xml:lang="en">http://www.justsystems.com/jp/info/js14001.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000011" xml:lang="en">JVNDB-2014-000011</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN28011378/index.html" xml:lang="en">JVN#28011378</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 before update 6, and 2010 before update 6, and Sanshiro Viewer before 2.0.2.0, allows remote attackers to execute arbitrary code via a crafted document.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0811">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:blackboard:vista%2fce:8.0:sp6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:blackboard:vista%2fce:8.0:sp6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0811</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.780-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T13:32:13.250-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T13:32:13.217-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000012" xml:lang="en">JVNDB-2014-000012</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN24730765/index.html" xml:lang="en">JVN#24730765</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0812">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:kent-web:joyful_note:2.8"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:kent-web:joyful_note:2.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0812</vuln:cve-id>
+    <vuln:published-datetime>2014-02-01T10:55:04.557-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-03T11:46:21.317-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-03T11:45:50.377-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kent-web.com/bbs/joyful.html" xml:lang="en">http://www.kent-web.com/bbs/joyful.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000013" xml:lang="en">JVNDB-2014-000013</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN30718178/index.html" xml:lang="en">JVN#30718178</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0813">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.0.1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.4a"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.5a"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.5b"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.9:pl1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.0a"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.0a</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4:alpha1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4:alpha2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:alpha2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:alpha1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.11</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.10</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.9:pl1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.12</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.13</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.11</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.17</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.10</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.12</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.11</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.8.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.8.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.8.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.4a</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.8.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.10</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.14</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:rc2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.15</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:rc4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.16</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:rc5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.18</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:rc3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.14</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.10</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.11</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.12</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.13</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.0.1a</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.17</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.16</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.15</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.8.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.5b</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.5a</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0813</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T11:55:13.843-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:29.047-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:52:02.657-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.phpmyfaq.de/advisory_2014-02-04.php" xml:lang="en">http://www.phpmyfaq.de/advisory_2014-02-04.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90963" xml:lang="en">phpmyfaq-cve20140813-csrf(90963)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65368" xml:lang="en">65368</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56006" xml:lang="en">56006</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102939" xml:lang="en">102939</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016" xml:lang="en">JVNDB-2014-000016</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN50943964/index.html" xml:lang="en">JVN#50943964</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0814">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.0.1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.4a"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.5a"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.2.5b"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.3.9:pl1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.0a"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:1.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyfaq:phpmyfaq:2.7.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.0a</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4:alpha1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4:alpha2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:alpha2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:alpha1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.11</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.10</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.9:pl1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.12</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.13</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.11</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.17</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.10</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.12</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.11</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.8.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.8.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.8.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.4a</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.8.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.10</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.14</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:rc2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.15</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:rc4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.16</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:rc5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.18</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:rc3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.3.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.6.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.14</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.10</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.11</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.12</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.13</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.0.1a</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.17</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.16</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.15</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.8.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.5b</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.2.5a</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyfaq:phpmyfaq:1.4.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0814</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T11:55:13.857-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:29.127-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:53:03.407-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.phpmyfaq.de/advisory_2014-02-04.php" xml:lang="en">http://www.phpmyfaq.de/advisory_2014-02-04.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65368" xml:lang="en">65368</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56006" xml:lang="en">56006</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102940" xml:lang="en">102940</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015" xml:lang="en">JVNDB-2014-000015</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN30050348/index.html" xml:lang="en">JVN#30050348</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0815">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:15.00:next"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.10:beta"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.02"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.01"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.00:beta"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.60:beta"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.52.1100"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.50:beta"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.10:beta"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.01"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.00:beta"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.60:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.60:alpha"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.53:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.53:b"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.52:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.52:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.50:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.50:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.20:alpha"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.10:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.01"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.00:beta3"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.00:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.00:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.00:alpha"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:1.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:17.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:16.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:15.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.15"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:opera:opera_browser:11.64</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.65</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.66</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.67</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.02</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.01</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.60:beta1</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:16.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.10</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.11</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.61</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.60</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.62</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.11</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.01</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.10</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.13</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.12</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.00:beta2</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.00:beta</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.00:beta3</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.00:beta1</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.01</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.00:alpha</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:1.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.61</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:15.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.62</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.60:alpha</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.60</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:15.00:next</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.10:beta</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.52:beta2</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:17.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.52:beta1</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.50:beta</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.53:beta1</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.50:beta2</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.14</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.15</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.52.1100</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.00:beta</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.53:b</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.63</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.10:beta</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.50</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.51</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.60:beta</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.50:beta1</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.20:alpha</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.10</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.11</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.52</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.51</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.50</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.53</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.52</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.54</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0815</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T17:55:03.403-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:29.360-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T12:53:39.153-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91090" xml:lang="en">opera-android-cve20140815-info-disc(91090)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65391" xml:lang="en">65391</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000014" xml:lang="en">JVNDB-2014-000014</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN23256725/index.html" xml:lang="en">JVN#23256725</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/" xml:lang="en">http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0816">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:norman:security_suite:10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:norman:security_suite:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:norman:security_suite:8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:norman:security_suite:8.0</vuln:product>
+      <vuln:product>cpe:/a:norman:security_suite:10.1</vuln:product>
+      <vuln:product>cpe:/a:norman:security_suite:10.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0816</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.477-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T11:38:13.297-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T11:38:10.203-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026" xml:lang="en">JVNDB-2014-000026</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN02017463/index.html" xml:lang="en">JVN#02017463</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN02017463/995510/index.html" xml:lang="en">http://jvn.jp/en/jp/JVN02017463/995510/index.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0817">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp6</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5:sp4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0817</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.507-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T12:08:54.437-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T12:08:53.360-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.cybozu.com/ja-jp/article/7992" xml:lang="en">https://support.cybozu.com/ja-jp/article/7992</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021" xml:lang="en">JVNDB-2014-000021</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN24035499/index.html" xml:lang="en">JVN#24035499</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://cs.cybozu.co.jp/information/gr20140225up03.php" xml:lang="en">http://cs.cybozu.co.jp/information/gr20140225up03.php</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0818">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2005"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2005:::english"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2006"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2007:::english"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2010"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2011"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2012"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2013"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:autodesk:autocad:2010</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2005:::english</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2007:::english</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2006</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2005</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2013</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2012</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2011</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0818</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.797-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:40.300-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T13:26:15.040-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000019" xml:lang="en">JVNDB-2014-000019</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN33382534/index.html" xml:lang="en">JVN#33382534</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0819">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2005"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2005:::english"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2006"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2007:::english"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2010"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2011"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2012"/>
+        <cpe-lang:fact-ref name="cpe:/a:autodesk:autocad:2013"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:autodesk:autocad:2010</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2005:::english</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2007:::english</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2006</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2005</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2013</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2012</vuln:product>
+      <vuln:product>cpe:/a:autodesk:autocad:2011</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0819</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.827-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T13:29:08.230-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T13:29:08.167-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000020" xml:lang="en">JVNDB-2014-000020</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN43254599/index.html" xml:lang="en">JVN#43254599</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0820">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp6</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5:sp4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1:sp3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0820</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.540-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T14:52:45.260-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T12:08:46.877-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.cybozu.com/ja-jp/article/7994" xml:lang="en">https://support.cybozu.com/ja-jp/article/7994</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023" xml:lang="en">JVNDB-2014-000023</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN26393529/index.html" xml:lang="en">JVN#26393529</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://cs.cybozu.co.jp/information/gr20140225up05.php" xml:lang="en">http://cs.cybozu.co.jp/information/gr20140225up05.php</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0821">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0:sp6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5:sp5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp6</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5:sp4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0821</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.570-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T15:43:51.553-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T07:10:38.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.cybozu.com/ja-jp/article/7993" xml:lang="en">https://support.cybozu.com/ja-jp/article/7993</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024" xml:lang="en">JVNDB-2014-000024</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN71045461/index.html" xml:lang="en">JVN#71045461</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://cs.cybozu.co.jp/information/gr20140225up04.php" xml:lang="en">http://cs.cybozu.co.jp/information/gr20140225up04.php</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0822">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino_server:8.5.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino_server:8.5.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino_server:8.5.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino_server:8.5.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino_server:8.5.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino_server:8.5.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino_server:9.0.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:lotus_domino_server:8.5.3.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino_server:8.5.3.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino_server:8.5.3.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino_server:8.5.3.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino_server:8.5.3.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino_server:8.5.3.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino_server:9.0.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0822</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T18:55:04.007-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-07T13:49:56.720-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T13:49:56.657-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90235" xml:lang="en">ibm-domino-cve20140822-dos(90235)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21663023" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21663023</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0823">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0823</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.713-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T09:54:20.187-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T09:54:20.043-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90498" xml:lang="en">ibm-was-cve20140823-viewfiles(90498)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI05324" xml:lang="en">PI05324</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0827">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:optim_workload_replay:1.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:optim_workload_replay:1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0827</vuln:cve-id>
+    <vuln:published-datetime>2014-04-05T00:01:37.560-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-07T10:46:45.923-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-07T10:46:45.877-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90503" xml:lang="en">ibm-infosphere-cve20140827-xss(90503)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21669093" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21669093</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0828">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:8.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:8.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:7.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:7.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:7.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:6.1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:6.1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:6.1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:6.1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:6.1.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:6.1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:6.1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:6.1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:6.1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:6.1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:6.1.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:websphere_portal:8.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:6.1.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:6.1.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:8.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:6.1.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:7.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:7.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:7.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:6.1.5.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:6.1.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:6.1.5.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:6.1.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:6.1.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:6.1.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:6.1.5.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:6.1.0.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0828</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T23:58:16.997-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-02T11:53:35.773-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T11:53:06.773-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90566" xml:lang="en">ibm-wsportal-cve20140828-wcm-xss(90566)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21667016" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21667016</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734" xml:lang="en">PI10734</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0829">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.0.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.0.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:7.1.2.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_clearcase:8.0.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.1.11</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.1.10</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.2.12</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.1.9</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.2.11</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.2.10</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.1.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.1.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.1.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.2.9</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.2.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.1.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.1.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.1.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.1.9</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.2.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.2.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.2.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.2.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.2.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.1.2.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:8.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_clearcase:7.0.0.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0829</vuln:cve-id>
+    <vuln:published-datetime>2014-03-21T06:55:05.127-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:46:45.717-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T11:33:14.393-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?&amp;uid=swg21662086" xml:lang="en">http://www-01.ibm.com/support/docview.wss?&amp;uid=swg21662086</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90568" xml:lang="en">ibm-clearcase-cve20140829-bo(90568)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0830">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.1.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.1.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0830</vuln:cve-id>
+    <vuln:published-datetime>2014-02-01T10:55:04.573-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-03T11:52:34.357-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-03T11:52:34.297-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90584" xml:lang="en">ibm-ftm-cve20140830-trav(90584)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21662714" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21662714</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0831">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.0.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.0.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0831</vuln:cve-id>
+    <vuln:published-datetime>2014-02-01T10:55:04.607-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-03T11:54:13.423-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-03T11:54:13.297-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90585" xml:lang="en">ibm-ftm-cve20140831-csrf(90585)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21662714" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21662714</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0832">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.0.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.0.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0832</vuln:cve-id>
+    <vuln:published-datetime>2014-02-01T10:55:04.620-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-03T11:55:22.253-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-03T11:54:58.047-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90586" xml:lang="en">ibm-ftm-cve20140832-xss(90586)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21662714" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21662714</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0833">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:financial_transaction_manager:2.0.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:financial_transaction_manager:2.0.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0833</vuln:cve-id>
+    <vuln:published-datetime>2014-02-01T10:55:04.653-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-03T11:58:26.523-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-03T11:58:26.477-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90612" xml:lang="en">ibm-ftm-cve20140833-auth(90612)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21662714" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21662714</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0834">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.5.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:general_parallel_file_system:3.4.0.27"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.22</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.21</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.20</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.26</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.25</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.24</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.23</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.19</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.18</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.17</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.16</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.12</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.13</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.9</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.14</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.15</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.15</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.16</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.10</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.11</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:general_parallel_file_system:3.4.0.27</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0834</vuln:cve-id>
+    <vuln:published-datetime>2014-02-04T00:39:08.527-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:53.597-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-04T13:50:33.717-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90647" xml:lang="en">ibm-gpfs-cve20140834-dos(90647)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65297" xml:lang="en">65297</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1IV54381" xml:lang="en">IV54381</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1IV52863" xml:lang="en">IV52863</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=isg3T1020542" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=isg3T1020542</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102765" xml:lang="en">102765</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0835">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0835</vuln:cve-id>
+    <vuln:published-datetime>2014-01-30T00:17:46.220-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-11T23:50:28.547-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-30T18:08:17.863-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90678" xml:lang="en">ibm-qradar-cve20140835-csrf(90678)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65127" xml:lang="en">65127</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21663066" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21663066</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html" xml:lang="en">http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56653" xml:lang="en">56653</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Jan/166" xml:lang="en">20140124 ADV: IBM QRadar SIEM</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102554" xml:lang="en">102554</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0836">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0836</vuln:cve-id>
+    <vuln:published-datetime>2014-01-30T00:17:46.267-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-11T23:50:28.627-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-30T18:09:00.707-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90679" xml:lang="en">ibm-qradar-cve20140836-xss(90679)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65127" xml:lang="en">65127</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21663066" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21663066</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56653" xml:lang="en">56653</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Jan/166" xml:lang="en">20140124 ADV: IBM QRadar SIEM</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102555" xml:lang="en">102555</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0837">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0837</vuln:cve-id>
+    <vuln:published-datetime>2014-01-30T00:17:46.313-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-11T23:50:28.703-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-30T18:15:48.030-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90680" xml:lang="en">ibm-qradar-cve20140837-mitm(90680)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65127" xml:lang="en">65127</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21663066" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21663066</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56653" xml:lang="en">56653</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Jan/166" xml:lang="en">20140124 ADV: IBM QRadar SIEM</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102552" xml:lang="en">102552</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0838">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0838</vuln:cve-id>
+    <vuln:published-datetime>2014-01-30T00:17:46.377-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:51:53.957-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-30T18:17:23.703-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90681" xml:lang="en">ibm-qradar-cve20140838-command-exec(90681)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65127" xml:lang="en">65127</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21663066" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21663066</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102553" xml:lang="en">102553</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0839">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.6.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.6.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0839</vuln:cve-id>
+    <vuln:published-datetime>2014-02-25T20:29:36.577-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-26T10:49:55.883-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-26T05:44:47.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21665005" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21665005</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90696" xml:lang="en">ibm-focalpoint-cve20140839-sec-bypass(90696)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0840">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.6.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.6.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0840</vuln:cve-id>
+    <vuln:published-datetime>2014-02-25T20:29:36.657-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-26T10:52:05.903-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-26T10:49:12.663-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21665005" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21665005</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90698" xml:lang="en">ibm-focalpoint-cve20140840-xss(90698)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0842">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.6.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.6.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0842</vuln:cve-id>
+    <vuln:published-datetime>2014-02-25T20:29:36.717-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-26T11:07:11.923-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-26T10:53:51.310-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21665005" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21665005</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90706" xml:lang="en">ibm-focalpoint-cve20140842-default-pw(90706)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0843">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.6.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.6.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0843</vuln:cve-id>
+    <vuln:published-datetime>2014-02-25T20:29:36.780-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-26T11:00:47.947-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-26T10:58:33.130-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21665005" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21665005</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90714" xml:lang="en">ibm-focalpoint-cve20140843-file-upload(90714)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0844">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0844</vuln:cve-id>
+    <vuln:published-datetime>2014-03-04T17:55:03.303-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T10:42:11.510-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-05T10:42:00.637-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90718" xml:lang="en">ibm-rrc-cve20140844-retrieval(90718)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21664412" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21664412</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0845">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0845</vuln:cve-id>
+    <vuln:published-datetime>2014-03-04T17:55:03.320-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T10:53:37.857-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-05T10:53:34.717-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90719" xml:lang="en">ibm-rrc-cve20140845-redirect(90719)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21664412" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21664412</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0846">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_doors_next_generation:4.0.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:4.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_requirements_composer:3.0.1.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_doors_next_generation:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_requirements_composer:3.0.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0846</vuln:cve-id>
+    <vuln:published-datetime>2014-03-04T17:55:03.337-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T10:54:53.280-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-05T10:54:53.170-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90720" xml:lang="en">ibm-rrc-cve20140846-xss(90720)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21664412" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21664412</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0848">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:netezza_performance_portal:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:netezza_performance_portal:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:netezza_performance_portal:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:netezza_performance_portal:2.0.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:netezza_performance_portal:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:netezza_performance_portal:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:netezza_performance_portal:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:netezza_performance_portal:2.0.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0848</vuln:cve-id>
+    <vuln:published-datetime>2014-03-26T06:55:05.193-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T13:50:53.127-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T13:50:36.127-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90723" xml:lang="en">ibm-netezza-cve20140848-weak-sec(90723)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21665278" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21665278</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0850">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:infosphere_master_data_management_reference_data_management_hub:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:infosphere_master_data_management_reference_data_management_hub:10.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:infosphere_master_data_management_reference_data_management_hub:10.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:infosphere_master_data_management_reference_data_management_hub:11.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0850</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.163-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-17T14:19:30.150-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T14:19:24.117-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90751" xml:lang="en">ibm-mdm-rdm-cve20140850-xss(90751)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21666119" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21666119</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub 10.1 and 11.0 before 11.0.0.0-MDM-IF008 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0853">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.5.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_focal_point:6.6.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.6.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_focal_point:6.4.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0853</vuln:cve-id>
+    <vuln:published-datetime>2014-02-25T20:29:36.843-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-26T11:11:00.743-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-26T11:03:47.403-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21665005" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21665005</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90754" xml:lang="en">ibm-focalpoint-cve20140853-xss(90754)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0854">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:cognos_business_intelligence:10.2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:cognos_business_intelligence:10.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:cognos_business_intelligence:10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:cognos_business_intelligence:10.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:cognos_business_intelligence:10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:cognos_business_intelligence:8.4.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:cognos_business_intelligence:10.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:cognos_business_intelligence:10.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:cognos_business_intelligence:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:cognos_business_intelligence:10.2.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:cognos_business_intelligence:10.2.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:cognos_business_intelligence:10.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0854</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.860-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:42.173-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T13:40:18.403-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90794" xml:lang="en">ibm-cognos-cve20140854-xxe(90794)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21662856" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21662856</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0855">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:connections_portlets:4.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:connections_portlets:4.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:connections_portlets:4.5.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:8.0.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:7.0.0.2"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:connections_portlets:4.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:connections_portlets:4.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:connections_portlets:4.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0855</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T08:10:30.623-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-14T11:57:25.503-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-14T11:57:22.037-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90802" xml:lang="en">ibm-websphere-cve20140855-xss(90802)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21663921" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21663921</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0857">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0857</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.713-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T09:57:31.300-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T09:57:30.973-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90863" xml:lang="en">ibm-was-cve20140857-info-disc(90863)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI07808" xml:lang="en">PI07808</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0858">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:content_navigator:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:content_navigator:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:content_navigator:2.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:content_navigator:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:content_navigator:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:content_navigator:2.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0858</vuln:cve-id>
+    <vuln:published-datetime>2014-02-27T15:55:06.927-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-28T11:40:13.397-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T11:40:13.333-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90864" xml:lang="en">ibm-navigator-cve20140858-xss(90864)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21665358" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21665358</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0859">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.27</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.29</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.31</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.25</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.24</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.21</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0859</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.730-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:01:30.323-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T10:01:29.917-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90879" xml:lang="en">ibm-was-cve20140859-retry(90879)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI08892" xml:lang="en">PI08892</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0861">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:cognos_business_intelligence:10.2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:cognos_business_intelligence:10.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:cognos_business_intelligence:10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:cognos_business_intelligence:10.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:cognos_business_intelligence:10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:cognos_business_intelligence:8.4.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:cognos_business_intelligence:10.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:cognos_business_intelligence:10.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:cognos_business_intelligence:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:cognos_business_intelligence:10.2.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:cognos_business_intelligence:10.2.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:cognos_business_intelligence:10.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0861</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T16:55:09.877-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:42.360-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T13:38:09.963-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21662856" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21662856</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is not properly handled during use of the Back button.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0862">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0862</vuln:cve-id>
+    <vuln:published-datetime>2014-03-01T23:57:25.777-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T11:54:19.397-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T11:54:19.317-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90895" xml:lang="en">ibm-rationalclm-cve20140862-rce(90895)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21664566" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21664566</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0873">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:infosphere_master_data_management_server:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:infosphere_master_data_management_server:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:infosphere_master_data_management_server:10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:infosphere_master_data_management_server:9.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:infosphere_master_data_management_server:8.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:infosphere_master_data_management_server:8.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:infosphere_master_data_management_server:10.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:infosphere_master_data_management_server:10.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:infosphere_master_data_management_server:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:infosphere_master_data_management_server:9.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0873</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.193-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-27T17:50:37.103-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T15:15:16.497-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90994" xml:lang="en">ibm-infosphere-cve20140873-csrf(90994)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21666462" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21666462</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0874">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:content_navigator:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:content_navigator:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:content_navigator:2.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:content_navigator:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:content_navigator:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:content_navigator:2.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0874</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T01:18:54.353-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-28T13:00:50.923-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T13:00:50.733-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91002" xml:lang="en">ibm-cn-cve20140874-xss(91002)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21665362" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21665362</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0879">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:datacap_taskmaster_capture:8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:datacap_taskmaster_capture:8.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:datacap_taskmaster_capture:8.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:datacap_taskmaster_capture:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0879</vuln:cve-id>
+    <vuln:published-datetime>2014-03-21T06:55:05.143-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:45:18.727-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T08:44:17.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21666888" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21666888</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91115" xml:lang="en">ibm-taskmaster-cve20140879-code-exec(91115)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0880">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:7.2.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:7.2.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:7.1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:7.1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:7.1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.4.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.4.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.4.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.4.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.4.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.4.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.3.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.3.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.3.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.3.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.3.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.3.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.4.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.4.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.4.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.4.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.4.1.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:7.1.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:7.1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:7.1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:7.1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:7.2.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v7000_software:6.3.0.7"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:ibm:storwize_v7000:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:7.2.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:7.2.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:7.1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:7.1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:7.1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:6.4.1.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:6.4.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:6.4.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:6.4.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:6.4.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:6.4.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:7.1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:7.1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:7.1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:flex_system_v7000_software:7.2.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:ibm:flex_system_v7000:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:7.2.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:7.2.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:7.2.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:7.1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:7.1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:7.1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:7.1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:7.1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:7.1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:7.1.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:6.4.1.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:6.4.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:6.4.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:6.4.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:6.4.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:6.4.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:6.4.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3700_software:6.4.1.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:ibm:storwize_v3700:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:7.2.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:7.2.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:7.1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:7.1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:7.1.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:6.4.1.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:6.4.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:6.4.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:6.4.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:6.4.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:6.4.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:6.4.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:6.4.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:7.1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:7.1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:7.1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v3500_software:7.2.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:ibm:storwize_v3500:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:7.1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:7.1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:7.1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:7.2.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:7.2.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.4.1.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.4.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.4.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.4.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.4.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.3.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.3.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.3.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.3.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.2.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.2.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.2.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.2.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.1.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.1.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.1.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.1.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.1.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.2.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.2.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.2.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.3.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.3.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.3.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.4.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.4.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.4.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.4.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.4.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:6.4.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:7.2.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:7.1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:7.1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:7.1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:san_volume_controller_software:7.1.0.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:ibm:san_volume_controller:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v5000_software:7.2.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v5000_software:7.1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v5000_software:7.1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v5000_software:7.1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v5000_software:7.1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v5000_software:7.1.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v5000_software:7.1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v5000_software:7.2.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:storwize_v5000_software:7.2.0.2"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:ibm:storwize_v5000:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.3.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:7.2.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:7.2.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v5000_software:7.2.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.2.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.1.0.10</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:7.2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:7.2.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:7.1.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:7.2.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:7.2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:7.1.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.3.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:7.1.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.3.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:7.1.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.3.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.3.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:6.4.1.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.3.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.3.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.3.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v5000_software:7.2.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v5000_software:7.2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:7.1.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:7.1.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:7.1.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.1.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.1.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.1.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:7.1.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:7.1.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.4.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.4.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.4.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:7.1.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:7.1.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.4.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.4.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.4.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.4.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:7.2.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.4.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.4.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:6.4.1.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:6.4.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:6.4.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:6.4.1.3</vuln:product>
+      <vuln:product>cpe:/h:ibm:storwize_v7000:-</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:6.4.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:6.4.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:6.4.1.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:6.4.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:7.1.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:7.1.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:6.4.1.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:6.4.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:7.1.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:7.1.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:7.1.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:6.4.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:7.1.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:7.1.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:7.2.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:7.1.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:7.1.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:7.1.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:7.1.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:7.2.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:6.4.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.4.1.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:7.1.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:7.1.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:7.1.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:7.1.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.4.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:7.1.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.4.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.4.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.4.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.4.1.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.4.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.2.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.2.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.2.0.2</vuln:product>
+      <vuln:product>cpe:/h:ibm:flex_system_v7000:-</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.2.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.2.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:7.1.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:6.4.1.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:7.1.0.1</vuln:product>
+      <vuln:product>cpe:/h:ibm:storwize_v3500:-</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v5000_software:7.1.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v5000_software:7.1.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v5000_software:7.1.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v5000_software:7.1.0.5</vuln:product>
+      <vuln:product>cpe:/h:ibm:storwize_v3700:-</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v5000_software:7.1.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v5000_software:7.1.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:7.1.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:7.1.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:6.4.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:6.4.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:6.4.1.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.4.1.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:7.2.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3500_software:7.2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.3.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.3.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.3.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.3.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.4.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.4.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.3.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.3.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.4.1.3</vuln:product>
+      <vuln:product>cpe:/h:ibm:storwize_v5000:-</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.4.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:6.3.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.4.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:7.2.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:7.1.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v7000_software:7.1.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.4.1.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:7.2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.1.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.1.0.7</vuln:product>
+      <vuln:product>cpe:/h:ibm:san_volume_controller:-</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.1.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.1.0.9</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.1.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.1.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.1.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:6.4.1.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:san_volume_controller_software:6.3.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:7.2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:6.4.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:flex_system_v7000_software:7.2.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:6.4.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:6.4.1.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:storwize_v3700_software:6.4.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0880</vuln:cve-id>
+    <vuln:published-datetime>2014-03-28T21:55:07.047-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T13:06:08.423-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:06:06.203-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91145" xml:lang="en">ibm-storwize-cve20140880-cli(91145)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004570" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004570</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrative IP address.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0884">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_protector_for_mail_security:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_protector_for_mail_security:2.8.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:lotus_protector_for_mail_security:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_protector_for_mail_security:2.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0884</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T16:55:07.170-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T12:00:48.157-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T12:00:40.047-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91170" xml:lang="en">ibm-lpms-cve20140884-xss(91170)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21668124" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21668124</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0885">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_protector_for_mail_security:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_protector_for_mail_security:2.8.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:lotus_protector_for_mail_security:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_protector_for_mail_security:2.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0885</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T16:55:07.293-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T12:10:14.957-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T12:09:28.813-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91171" xml:lang="en">ibm-lpms-cve20140885-csrf(91171)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21668124" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21668124</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0886">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_protector_for_mail_security:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_protector_for_mail_security:2.8.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:lotus_protector_for_mail_security:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_protector_for_mail_security:2.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0886</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T16:55:07.450-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T12:34:34.490-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T12:11:58.320-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91172" xml:lang="en">ibm-lpms-cve20140886-command(91172)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21668124" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21668124</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0887">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_protector_for_mail_security:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_protector_for_mail_security:2.8.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:lotus_protector_for_mail_security:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_protector_for_mail_security:2.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0887</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T16:55:07.590-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T12:33:21.097-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T12:12:44.070-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91173" xml:lang="en">ibm-lpms-cve20140887-command-root(91173)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21668124" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21668124</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0890">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:sametime:8.5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:sametime:8.5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:sametime:8.5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:sametime:8.5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:sametime:8.5.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:sametime:9.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:sametime:9.0.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:sametime:8.5.2.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:sametime:8.5.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:sametime:9.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:sametime:8.5.1.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:sametime:9.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:sametime:8.5.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:sametime:8.5.2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0890</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.460-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T13:55:56.940-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>1.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T08:56:51.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91282" xml:lang="en">ibm-lotus-cve20148090-info-disc(91282)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21665658" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21665658</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0892">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:9.0.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:9.0.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.2.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.3.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.3.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.3.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.3.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_domino:8.5.3.6"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.3.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.3.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.3.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.3.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:8.5.3.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:9.0.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:lotus_notes:9.0.0.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.3.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.2.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.2.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.2.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.3.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.2.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.2.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.3.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.3.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.3.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.3.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.2.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.2.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.2.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.2.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.3.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:9.0.1.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.3.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.3.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.3.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.3.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:9.0.1.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.1.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.1.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:9.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:9.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.3.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.3.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.1.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.1.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_notes:8.5.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:lotus_domino:8.5.1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0892</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T15:55:05.173-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T13:45:47.737-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T13:45:46.847-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/350089" xml:lang="en">VU#350089</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91286" xml:lang="en">ibm-notes-cve20140892-linux32-rce(91286)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21670264" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21670264</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0895">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:spss_samplepower:3.0.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:spss_samplepower:3.0.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0895</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.227-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-17T14:21:28.213-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T14:21:28.183-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91314" xml:lang="en">ibm-spss-cve20140895-code-exec(91314)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21666790" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21666790</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI09800" xml:lang="en">PI09800</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3SAMPC-WIN32-FP001-IF02 allows remote attackers to execute arbitrary code via a crafted ComboList property value.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0896">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0896</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.747-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:14:42.947-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T10:14:42.897-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91326" xml:lang="en">ibm-was-cve20140896-info-disc(91326)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI10134" xml:lang="en">PI10134</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0899">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:ibm:aix:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:ibm:aix:7.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:ibm:aix:7.1.2</vuln:product>
+      <vuln:product>cpe:/o:ibm:aix:7.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0899</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:01:09.607-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-11T10:57:10.420-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T10:57:10.390-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91396" xml:lang="en">ibm-aix-wpar-ftpd(91396)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www.ibm.com/support/docview.wss?uid=isg1IV51421" xml:lang="en">IV51421</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www.ibm.com/support/docview.wss?uid=isg1IV51420" xml:lang="en">IV51420</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://aix.software.ibm.com/aix/efixes/security/wparcre_advisory.asc" xml:lang="en">http://aix.software.ibm.com/aix/efixes/security/wparcre_advisory.asc</vuln:reference>
+    </vuln:references>
+    <vuln:summary>ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0901">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:8.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_portal:8.0.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:websphere_portal:8.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_portal:8.0.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0901</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T23:58:17.043-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-02T11:55:00.730-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T11:55:00.357-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91398" xml:lang="en">ibm-wsportal-cve20140901-sr-xss(91398)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21667016" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21667016</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI12659" xml:lang="en">PI12659</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0904">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:security_appscan:8.0:-:standard"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:security_appscan:8.6:-:standard"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:security_appscan:8.8:-:standard"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:security_appscan:8.7:-:standard"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:security_appscan:8.5:-:standard"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:security_appscan:7.9:-:standard"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:security_appscan:8.6:-:standard</vuln:product>
+      <vuln:product>cpe:/a:ibm:security_appscan:8.8:-:standard</vuln:product>
+      <vuln:product>cpe:/a:ibm:security_appscan:8.7:-:standard</vuln:product>
+      <vuln:product>cpe:/a:ibm:security_appscan:8.0:-:standard</vuln:product>
+      <vuln:product>cpe:/a:ibm:security_appscan:8.5:-:standard</vuln:product>
+      <vuln:product>cpe:/a:ibm:security_appscan:7.9:-:standard</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0904</vuln:cve-id>
+    <vuln:published-datetime>2014-03-26T06:55:05.207-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T14:03:18.013-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T14:03:17.873-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91536" xml:lang="en">ibm-appscan-cve20140904-code-exec(91536)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21666775" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21666775</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0908">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:business_process_manager:8.0.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:business_process_manager:7.5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:business_process_manager:8.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:business_process_manager:8.5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:business_process_manager:8.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:business_process_manager:8.0.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:business_process_manager:8.0.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:business_process_manager:7.5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:business_process_manager:7.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:business_process_manager:7.5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:business_process_manager:7.5.1.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:business_process_manager:8.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:business_process_manager:8.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:business_process_manager:8.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:business_process_manager:7.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:business_process_manager:8.0.1.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:business_process_manager:7.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:business_process_manager:7.5.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:business_process_manager:7.5.1.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:business_process_manager:8.0.1.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:business_process_manager:8.0.1.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:business_process_manager:7.5.1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0908</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T19:55:04.730-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T15:21:12.270-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T15:21:12.160-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91870" xml:lang="en">ibm-bpm-cve20140908-priv-escalation(91870)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21669330" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21669330</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1JR49505" xml:lang="en">JR49505</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0920">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:spss_analytic_server:1.0.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:spss_analytic_server:1.0.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:spss_analytic_server:1.0.1.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:spss_analytic_server:1.0.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0920</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T19:55:24.357-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T15:15:37.397-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T15:15:37.367-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92073" xml:lang="en">ibm-spssas-cve20140920-plaintext-pw(92073)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21669506" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21669506</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI13527" xml:lang="en">PI13527</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0921">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:messagesight_jms_client:1.1.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:messagesight_jms_client:1.0.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:messagesight_jms_client:1.0.0.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:ibm:messagesight:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:messagesight_jms_client:1.1.0.0</vuln:product>
+      <vuln:product>cpe:/h:ibm:messagesight:-</vuln:product>
+      <vuln:product>cpe:/a:ibm:messagesight_jms_client:1.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:messagesight_jms_client:1.0.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0921</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.023-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:30:14.037-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:29:58.757-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92074" xml:lang="en">ibm-messagesight-cve20140921-dos(92074)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21670278" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21670278</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1IC98583" xml:lang="en">IC98583</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0922">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:messagesight_jms_client:1.1.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:messagesight_jms_client:1.0.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:messagesight_jms_client:1.0.0.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:ibm:messagesight:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:messagesight_jms_client:1.1.0.0</vuln:product>
+      <vuln:product>cpe:/h:ibm:messagesight:-</vuln:product>
+      <vuln:product>cpe:/a:ibm:messagesight_jms_client:1.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:messagesight_jms_client:1.0.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0922</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.057-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:33:22.310-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:33:21.373-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92075" xml:lang="en">ibm-messagesight-cve20140922-dos(92075)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21670278" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21670278</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1IC98692" xml:lang="en">IC98692</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0923">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:messagesight_jms_client:1.1.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:messagesight_jms_client:1.0.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:messagesight_jms_client:1.0.0.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:ibm:messagesight:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:messagesight_jms_client:1.1.0.0</vuln:product>
+      <vuln:product>cpe:/h:ibm:messagesight:-</vuln:product>
+      <vuln:product>cpe:/a:ibm:messagesight_jms_client:1.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:messagesight_jms_client:1.0.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0923</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.087-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:33:41.607-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:33:40.733-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92076" xml:lang="en">ibm-messagesight-cve20140923-dos(92076)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21670278" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21670278</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1IT00582" xml:lang="en">IT00582</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0924">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ibm:messagesight_jms_client:1.1.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:messagesight_jms_client:1.0.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ibm:messagesight_jms_client:1.0.0.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:ibm:messagesight:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:messagesight_jms_client:1.1.0.0</vuln:product>
+      <vuln:product>cpe:/h:ibm:messagesight:-</vuln:product>
+      <vuln:product>cpe:/a:ibm:messagesight_jms_client:1.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:messagesight_jms_client:1.0.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0924</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.117-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:33:43.763-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:33:43.717-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92077" xml:lang="en">ibm-messagesight-cve20140924-sec-bypass(92077)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21670278" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21670278</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1IT00583" xml:lang="en">IT00583</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a password are correct, which makes it easier for remote authenticated users to bypass intended access restrictions by leveraging knowledge of a password substring.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0932">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:sterling_order_management:8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:sterling_selling_and_fulfillment_foundation:9.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:sterling_order_management:8.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0932</vuln:cve-id>
+    <vuln:published-datetime>2014-04-21T18:55:08.303-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T10:55:56.307-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-22T10:55:56.197-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92264" xml:lang="en">ibm-sterlingom-cve20140932-xss(92264)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21670912" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21670912</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1IT00419" xml:lang="en">IT00419</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0941">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:tivoli_netcool%2fomnibus:7.4.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:tivoli_netcool%2fomnibus:7.4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0941</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.760-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:25:37.247-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T10:25:37.233-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92400" xml:lang="en">ibm-netcoolomnibus-cve20140941-xss(92400)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21671686" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21671686</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0942.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0942">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:tivoli_netcool%2fomnibus:7.4.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:tivoli_netcool%2fomnibus:7.4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0942</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.777-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:28:48.147-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T10:28:46.083-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92401" xml:lang="en">ibm-netcoolomnibus-cve20140942-xss(92401)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21671686" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21671686</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0941.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0977">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.04"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.031"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:sixapart:movabletype:5.0:rc2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.2.6</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.2.7</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.2.2</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.2.3</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:6.0</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.031</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.2</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.15</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.04</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.03</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.12</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.02</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.11</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.01</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.14</vuln:product>
+      <vuln:product>cpe:/a:sixapart:movabletype:5.13</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0977</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T12:55:03.113-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:30.517-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T16:39:37.883-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90095" xml:lang="en">movabletype-richtexteditor-xss(90095)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029588" xml:lang="en">1029588</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64657" xml:lang="en">64657</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2841" xml:lang="en">DSA-2841</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56405" xml:lang="en">56405</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56295" xml:lang="en">56295</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/36" xml:lang="en">[oss-security] 20140107 Re: CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/24" xml:lang="en">[oss-security] 20140106 CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html" xml:lang="en">http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304" xml:lang="en">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0978">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:graphviz:graphviz:2.34.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:graphviz:graphviz:2.34.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0978</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T12:55:03.237-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:30.593-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T13:39:40.947-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a" xml:lang="en">https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1049165" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1049165</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugs.gentoo.org/show_bug.cgi?id=497274" xml:lang="en">https://bugs.gentoo.org/show_bug.cgi?id=497274</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90085" xml:lang="en">graphviz-yyerror-bo(90085)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64674" xml:lang="en">64674</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:024" xml:lang="en">MDVSA-2014:024</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2843" xml:lang="en">DSA-2843</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56244" xml:lang="en">56244</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/55666" xml:lang="en">55666</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/38" xml:lang="en">[oss-security] 20140107 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/28" xml:lang="en">[oss-security] 20140107 CVE Request: graphviz: stack-based buffer overflow in yyerror()</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0979">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:12.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.1.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:novell:opensuse:12.3</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.3.1</vuln:product>
+      <vuln:product>cpe:/o:novell:opensuse:12.2</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.1.2</vuln:product>
+      <vuln:product>cpe:/o:novell:opensuse:13.1</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.7.0</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:lightdm_gtk%2b_greeter_project:lightdm_gtk%2b_greeter:1.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0979</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T20:55:04.460-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:30.670-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T13:43:35.513-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.novell.com/show_bug.cgi?id=857303" xml:lang="en">https://bugzilla.novell.com/show_bug.cgi?id=857303</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449" xml:lang="en">https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64679" xml:lang="en">64679</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/07/15" xml:lang="en">[oss-security] 20140107 Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56423" xml:lang="en">56423</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56211" xml:lang="en">56211</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html" xml:lang="en">openSUSE-SU-2014:0071</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128150.html" xml:lang="en">FEDORA-2014-1648</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128117.html" xml:lang="en">FEDORA-2014-1647</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0980">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:poster_software:publish_it:3.6d"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:poster_software:publish_it:3.6d</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0980</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T12:55:06.793-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:30.767-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T05:46:35.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90989" xml:lang="en">publishit-cve20140980-bo(90989)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65366" xml:lang="en">65366</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/530943/100/0/threaded" xml:lang="en">20140205 CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31461" xml:lang="en">31461</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.coresecurity.com/advisories/publish-it-buffer-overflow-vulnerability" xml:lang="en">http://www.coresecurity.com/advisories/publish-it-buffer-overflow-vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56618" xml:lang="en">56618</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Feb/34" xml:lang="en">20140205 CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125089" xml:lang="en">http://packetstormsecurity.com/files/125089</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102911" xml:lang="en">102911</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0981">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.18</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0981</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:35.570-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:39.873-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:54:34.427-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.virtualbox.org/changeset/50437/vbox" xml:lang="en">https://www.virtualbox.org/changeset/50437/vbox</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531418/100/0/threaded" xml:lang="en">20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32208" xml:lang="en">32208</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities" xml:lang="en">http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57384" xml:lang="en">57384</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/95" xml:lang="en">20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption.  NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0982">
+    <vuln:cve-id>CVE-2014-0982</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:35.587-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T10:58:35.663-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0981. Reason: This issue was MERGED into CVE-2014-0981 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-0981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0983">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.2.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.3.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.2.18</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0983</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:35.663-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:39.997-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T14:04:55.150-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.virtualbox.org/changeset/50441/vbox" xml:lang="en">https://www.virtualbox.org/changeset/50441/vbox</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531418/100/0/threaded" xml:lang="en">20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32208" xml:lang="en">32208</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities" xml:lang="en">http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57384" xml:lang="en">57384</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/95" xml:lang="en">20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0984">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:router:721:117"/>
+        <cpe-lang:fact-ref name="cpe:/a:sap:router:720:411"/>
+        <cpe-lang:fact-ref name="cpe:/a:sap:router:710:029"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:router:720:411</vuln:product>
+      <vuln:product>cpe:/a:sap:router:721:117</vuln:product>
+      <vuln:product>cpe:/a:sap:router:710:029</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0984</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:08.857-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:40.263-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-18T11:46:12.347-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1986895" xml:lang="en">https://service.sap.com/sap/support/notes/1986895</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531854/100/0/threaded" xml:lang="en">20140416 [CORE-2014-0003] - SAP Router Password Timing Attack</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32919" xml:lang="en">32919</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.coresecurity.com/advisories/sap-router-password-timing-attack" xml:lang="en">http://www.coresecurity.com/advisories/sap-router-password-timing-attack</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtrain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1201">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:lorex_technology:edge_lh310_firmware:7-35-28-1b26e"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:lorextechnology:edge:lh310"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:lorex_technology:edge3_lh340_firmware:11.19.85_1fe3a"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:lorextechnology:edge3:lh340"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:lorex_technology:edge2_lh330_firmware:11.17.38-33_1d97a"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:lorextechnology:edge2:lh330"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:lorex_technology:edge%2b_lh320_firmware:7-35-28-1b26e"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:lorextechnology:edge%2b:lh320"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:lorextechnology:edge3:lh340</vuln:product>
+      <vuln:product>cpe:/h:lorextechnology:edge2:lh330</vuln:product>
+      <vuln:product>cpe:/a:lorex_technology:edge_lh310_firmware:7-35-28-1b26e</vuln:product>
+      <vuln:product>cpe:/h:lorextechnology:edge%2b:lh320</vuln:product>
+      <vuln:product>cpe:/a:lorex_technology:edge3_lh340_firmware:11.19.85_1fe3a</vuln:product>
+      <vuln:product>cpe:/a:lorex_technology:edge%2b_lh320_firmware:7-35-28-1b26e</vuln:product>
+      <vuln:product>cpe:/a:lorex_technology:edge2_lh330_firmware:11.17.38-33_1d97a</vuln:product>
+      <vuln:product>cpe:/h:lorextechnology:edge:lh310</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1201</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:18.297-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T13:06:51.477-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T10:59:23.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html" xml:lang="en">https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt" xml:lang="en">https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90223" xml:lang="en">lorex-cve20141201-bo(90223)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/530739/100/0/threaded" xml:lang="en">20140110 [CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101903" xml:lang="en">101903</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1202">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:eviware:soapui:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:eviware:soapui:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:eviware:soapui:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:eviware:soapui:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:eviware:soapui:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:eviware:soapui:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:smartbear:soapui:4.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:smartbear:soapui:4.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:smartbear:soapui:4.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:smartbear:soapui:4.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:smartbear:soapui:4.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:smartbear:soapui:4.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:smartbear:soapui:4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:smartbear:soapui:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:smartbear:soapui:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:smartbear:soapui:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:smartbear:soapui:4.0:beta1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:eviware:soapui:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:smartbear:soapui:4.0</vuln:product>
+      <vuln:product>cpe:/a:eviware:soapui:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:eviware:soapui:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:smartbear:soapui:4.6.2</vuln:product>
+      <vuln:product>cpe:/a:smartbear:soapui:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:smartbear:soapui:4.6.3</vuln:product>
+      <vuln:product>cpe:/a:smartbear:soapui:4.5</vuln:product>
+      <vuln:product>cpe:/a:smartbear:soapui:4.5.1</vuln:product>
+      <vuln:product>cpe:/a:smartbear:soapui:4.5.2</vuln:product>
+      <vuln:product>cpe:/a:eviware:soapui:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:smartbear:soapui:4.6.0</vuln:product>
+      <vuln:product>cpe:/a:smartbear:soapui:4.6.1</vuln:product>
+      <vuln:product>cpe:/a:smartbear:soapui:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:smartbear:soapui:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:eviware:soapui:3.5</vuln:product>
+      <vuln:product>cpe:/a:eviware:soapui:3.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1202</vuln:cve-id>
+    <vuln:published-datetime>2014-01-24T20:55:05.973-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-27T23:57:33.627-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T09:54:51.780-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt" xml:lang="en">https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.youtube.com/watch?v=3lCLE64rsc0" xml:lang="en">http://www.youtube.com/watch?v=3lCLE64rsc0</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/30908" xml:lang="en">30908</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html" xml:lang="en">http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html" xml:lang="en">http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1204">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tableau_software:tableau_server:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tableau_software:tableau_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tableau_software:tableau_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:tableau_software:tableau_server:8.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:tableau_software:tableau_server:8.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:tableau_software:tableau_server:8.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:tableau_software:tableau_server:8.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:tableau_software:tableau_server:8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tableau_software:tableau_server:8.1.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:tableau_software:tableau_server:8.0</vuln:product>
+      <vuln:product>cpe:/a:tableau_software:tableau_server:8.1</vuln:product>
+      <vuln:product>cpe:/a:tableau_software:tableau_server:8.0.6</vuln:product>
+      <vuln:product>cpe:/a:tableau_software:tableau_server:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:tableau_software:tableau_server:8.1.1</vuln:product>
+      <vuln:product>cpe:/a:tableau_software:tableau_server:8.0.5</vuln:product>
+      <vuln:product>cpe:/a:tableau_software:tableau_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:tableau_software:tableau_server:8.0.4</vuln:product>
+      <vuln:product>cpe:/a:tableau_software:tableau_server:8.0.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1204</vuln:cve-id>
+    <vuln:published-datetime>2014-01-31T10:07:36.467-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:31.217-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-03T13:59:48.293-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.trustwave.com/spiderlabs/advisories/TWSL2014-003.txt" xml:lang="en">https://www.trustwave.com/spiderlabs/advisories/TWSL2014-003.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90730" xml:lang="en">tableau-server-cve20141204-sql-injection(90730)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tableausoftware.com/support/releases/812" xml:lang="en">http://www.tableausoftware.com/support/releases/812</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tableausoftware.com/support/releases/8.0.7" xml:lang="en">http://www.tableausoftware.com/support/releases/8.0.7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029706" xml:lang="en">1029706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65171" xml:lang="en">65171</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31578" xml:lang="en">31578</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56620" xml:lang="en">56620</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102568" xml:lang="en">102568</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.  NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1206">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.3.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1206</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:18.580-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:31.483-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T12:36:39.920-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64774" xml:lang="en">64774</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531105/100/0/threaded" xml:lang="en">20140214 [SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf" xml:lang="en">http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31738" xml:lang="en">31738</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wiki.openwebanalytics.com/index.php?title=1.5.5" xml:lang="en">http://wiki.openwebanalytics.com/index.php?title=1.5.5</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56350" xml:lang="en">56350</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1207">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:5.0:1"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:5.0:2"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.0:1"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.0:2"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.0:3"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.0:4"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.1:1"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.1:2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esx:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esx:4.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:vmware:esxi:5.0:1</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.0</vuln:product>
+      <vuln:product>cpe:/o:vmware:esx:4.0</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.1</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:5.1</vuln:product>
+      <vuln:product>cpe:/o:vmware:esx:4.1</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.0:4</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:5.0:2</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.1:1</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:5.0</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.0:1</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.1:2</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.0:2</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.0:3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1207</vuln:cve-id>
+    <vuln:published-datetime>2014-01-17T16:55:19.660-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-30T00:17:35.717-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-21T11:14:23.040-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90559" xml:lang="en">vmware-esx-cve20141207-dos(90559)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.vmware.com/security/advisories/VMSA-2014-0001.html" xml:lang="en">http://www.vmware.com/security/advisories/VMSA-2014-0001.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029643" xml:lang="en">1029643</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64995" xml:lang="en">64995</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56499" xml:lang="en">56499</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102196" xml:lang="en">102196</vuln:reference>
+    </vuln:references>
+    <vuln:summary>VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1208">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:5.0:1"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:5.0:2"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.0:1"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.0:2"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.0:3"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.0:4"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.1:1"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esxi:4.1:2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:vmware:fusion:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:vmware:player:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:vmware:workstation:9.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esx:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:vmware:esx:4.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:vmware:esxi:5.0:1</vuln:product>
+      <vuln:product>cpe:/a:vmware:workstation:9.0</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.0</vuln:product>
+      <vuln:product>cpe:/o:vmware:esx:4.0</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.1</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:5.1</vuln:product>
+      <vuln:product>cpe:/o:vmware:esx:4.1</vuln:product>
+      <vuln:product>cpe:/a:vmware:player:5.0</vuln:product>
+      <vuln:product>cpe:/a:vmware:fusion:5.0</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.0:4</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:5.0:2</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.1:1</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:5.0</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.0:1</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.1:2</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.0:2</vuln:product>
+      <vuln:product>cpe:/o:vmware:esxi:4.0:3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1208</vuln:cve-id>
+    <vuln:published-datetime>2014-01-17T16:55:19.690-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-30T00:17:35.813-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.3</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-21T11:20:43.127-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90558" xml:lang="en">vmware-esx-cve20141208-dos(90558)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.vmware.com/security/advisories/VMSA-2014-0001.html" xml:lang="en">http://www.vmware.com/security/advisories/VMSA-2014-0001.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029644" xml:lang="en">1029644</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029643" xml:lang="en">1029643</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64994" xml:lang="en">64994</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56499" xml:lang="en">56499</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102197" xml:lang="en">102197</vuln:reference>
+    </vuln:references>
+    <vuln:summary>VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1209">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:vmware:vsphere_client:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:vmware:vsphere_client:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:vmware:vsphere_client:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:vmware:vsphere_client:5.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:vmware:vsphere_client:5.0</vuln:product>
+      <vuln:product>cpe:/a:vmware:vsphere_client:5.1</vuln:product>
+      <vuln:product>cpe:/a:vmware:vsphere_client:4.1</vuln:product>
+      <vuln:product>cpe:/a:vmware:vsphere_client:4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1209</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T15:55:04.493-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T12:51:35.073-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T12:51:34.870-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.vmware.com/security/advisories/VMSA-2014-0003.html" xml:lang="en">http://www.vmware.com/security/advisories/VMSA-2014-0003.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1210">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:vmware:vsphere_client:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:vmware:vsphere_client:5.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:vmware:vsphere_client:5.0</vuln:product>
+      <vuln:product>cpe:/a:vmware:vsphere_client:5.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1210</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T15:55:04.510-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T12:58:12.650-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T12:58:10.150-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.vmware.com/security/advisories/VMSA-2014-0003.html" xml:lang="en">http://www.vmware.com/security/advisories/VMSA-2014-0003.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1211">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:vmware:vcloud_director:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:vmware:vcloud_director:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:vmware:vcloud_director:5.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:vmware:vcloud_director:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:vmware:vcloud_director:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:vmware:vcloud_director:5.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1211</vuln:cve-id>
+    <vuln:published-datetime>2014-01-17T16:55:19.707-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-30T00:17:35.890-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-21T18:39:26.130-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90560" xml:lang="en">vmware-vcloud-cve20141211-csrf(90560)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.vmware.com/security/advisories/VMSA-2014-0001.html" xml:lang="en">http://www.vmware.com/security/advisories/VMSA-2014-0001.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029645" xml:lang="en">1029645</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64993" xml:lang="en">64993</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102198" xml:lang="en">102198</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1213">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sophos:sophos_anti-virus:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:sophos:scanning_engine:3.48"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sophos:sophos_anti-virus:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:sophos:scanning_engine:3.48</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1213</vuln:cve-id>
+    <vuln:published-datetime>2014-02-10T18:55:05.057-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-11T15:40:48.087-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-11T15:40:48.037-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.sophos.com/en-us/support/knowledgebase/2300/7200/1031/120401.aspx" xml:lang="en">http://www.sophos.com/en-us/support/knowledgebase/2300/7200/1031/120401.aspx</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65286" xml:lang="en">65286</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/530915/100/0/threaded" xml:lang="en">20140131 CVE-2014-1213 - Denial of Service in Sophos Anti Virus</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1213/" xml:lang="en">http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1213/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Feb/1" xml:lang="en">20140131 CVE-2014-1213 - Denial of Service in Sophos Anti Virus</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125024/Sophos-Anti-Virus-Denial-Of-Service.html" xml:lang="en">http://packetstormsecurity.com/files/125024/Sophos-Anti-Virus-Denial-Of-Service.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102762" xml:lang="en">102762</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service (resource consumption, CPU consumption, and eventual crash) or spoof "ready for update" messages by performing certain operations on mutexes or events including (1) DataUpdateRequest, (2) MmfMutexSAV-****, (3) MmfMutexSAV-Info, (4) ReadyForUpdateSAV-****, (5) ReadyForUpdateSAV-Info, (6) SAV-****, (7) SAV-Info, (8) StateChange, (9) SuspendedSAV-****, (10) SuspendedSAV-Info, (11) UpdateComplete, (12) UpdateMutex, (13) UpdateRequest, or (14) SophosALMonSessionInstance, as demonstrated by triggering a ReadyForUpdateSAV event and modifying the UpdateComplete, UpdateMutex, and UpdateRequest objects.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1216">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:fitnesse:fitnesse_wiki:20131110"/>
+        <cpe-lang:fact-ref name="cpe:/a:fitnesse:fitnesse_wiki:20140201"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:fitnesse:fitnesse_wiki:20140201</vuln:product>
+      <vuln:product>cpe:/a:fitnesse:fitnesse_wiki:20131110</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1216</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T09:06:28.227-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T12:24:55.520-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-22T12:24:55.473-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1216/" xml:lang="en">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1216/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32568" xml:lang="en">32568</vuln:reference>
+    </vuln:references>
+    <vuln:summary>FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1217">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:4.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:2.94"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:2.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:2.81"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.7</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:2.94</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:2.91</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:2.81</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.71</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:4.3.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.3</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.8.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.4</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:5.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:4.9.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.6</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.7.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1217</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:06.440-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T08:09:11.557-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T08:09:11.210-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/" xml:lang="en">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67043" xml:lang="en">67043</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531911/100/0/threaded" xml:lang="en">20140423 CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/259" xml:lang="en">20140423 CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1219">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ca:2e_web_option:r8.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ca:2e_web_option:r8.1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1219</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T08:10:48.623-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:31.983-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-14T12:55:53.843-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65537" xml:lang="en">65537</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/" xml:lang="en">http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1223">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:telligent:evolution:6.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:telligent:evolution:7.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:telligent:evolution:7.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:telligent:evolution:7.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:telligent:evolution:7.5.0.32466"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:telligent:evolution:7.5.0</vuln:product>
+      <vuln:product>cpe:/a:telligent:evolution:6.1.19</vuln:product>
+      <vuln:product>cpe:/a:telligent:evolution:7.6.7</vuln:product>
+      <vuln:product>cpe:/a:telligent:evolution:7.5.0.32466</vuln:product>
+      <vuln:product>cpe:/a:telligent:evolution:7.1.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1223</vuln:cve-id>
+    <vuln:published-datetime>2014-02-27T10:55:15.453-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-28T10:17:32.570-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T10:17:32.507-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1223" xml:lang="en">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1223</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531223/100/0/threaded" xml:lang="en">20140221 CVE-2014-1223 - Cross-site Scripting in Telligent Evolution</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56779" xml:lang="en">56779</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.  NOTE: some of these details are obtained from third party information.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1232">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:foliovision:foliopress_wysiwyg:2.6.8.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:foliovision:foliopress_wysiwyg:2.6.8.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:foliovision:foliopress_wysiwyg:2.6.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:foliovision:foliopress_wysiwyg:2.6.8.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:foliovision:foliopress_wysiwyg:2.6.8.3"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:foliovision:foliopress_wysiwyg:2.6.8.4</vuln:product>
+      <vuln:product>cpe:/a:foliovision:foliopress_wysiwyg:2.6.8.1</vuln:product>
+      <vuln:product>cpe:/a:foliovision:foliopress_wysiwyg:2.6.8.2</vuln:product>
+      <vuln:product>cpe:/a:foliovision:foliopress_wysiwyg:2.6.8.3</vuln:product>
+      <vuln:product>cpe:/a:foliovision:foliopress_wysiwyg:2.6.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1232</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T10:30:02.747-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-13T23:29:52.533-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-09T14:51:45.117-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wordpress.org/plugins/foliopress-wysiwyg/changelog" xml:lang="en">http://wordpress.org/plugins/foliopress-wysiwyg/changelog</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90102" xml:lang="en">foliopress-unspecified-xss(90102)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56261" xml:lang="en">56261</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1233">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tobias_maier:paratrooper-pingdom:1.0.0:-:~-~-~ruby~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:tobias_maier:paratrooper-pingdom:1.0.0:-:~-~-~ruby~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1233</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T07:02:51.747-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-10T12:53:31.767-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T12:53:31.673-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html" xml:lang="en">http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/01/08/1" xml:lang="en">[oss-security] 20140107 paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1234">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paratrooper-newrelic_project:paratrooper-newrelic:1.0.1:-:~-~-~ruby~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paratrooper-newrelic_project:paratrooper-newrelic:1.0.1:-:~-~-~ruby~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1234</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T07:02:51.777-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-10T12:57:30.427-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T12:57:30.397-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.vapid.dhs.org/advisories/paratrooper-newrelic-api.html" xml:lang="en">http://www.vapid.dhs.org/advisories/paratrooper-newrelic-api.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/01/08/2" xml:lang="en">[oss-security] 20140107 Paratrooper-newrelic 1.0.1 Ruby Gem exposes API key</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1236">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:graphviz:graphviz:2.34.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:graphviz:graphviz:2.34.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1236</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T10:55:06.307-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:44.267-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T13:24:55.023-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff" xml:lang="en">https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1050872" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1050872</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64737" xml:lang="en">64737</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:024" xml:lang="en">MDVSA-2014:024</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2843" xml:lang="en">DSA-2843</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56244" xml:lang="en">56244</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/55666" xml:lang="en">55666</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/54" xml:lang="en">[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/51" xml:lang="en">[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/46" xml:lang="en">[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1237">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.2.3::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.2.2::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.2.1::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.1.2::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.1.1::~~pro~~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.1.2::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.1.1::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.2.1::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.2.2::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.2.3::~~pro~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1237</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T12:55:06.827-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:33.390-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T10:53:15.270-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90969" xml:lang="en">idoit-cve20141237-xss(90969)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65353" xml:lang="en">65353</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=136" xml:lang="en">http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=136</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.csnc.ch/misc/files/advisories/CVE-2014-1237_i-doit_Cross-site_Scripting_-_XSS.txt" xml:lang="en">http://www.csnc.ch/misc/files/advisories/CVE-2014-1237_i-doit_Cross-site_Scripting_-_XSS.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56834" xml:lang="en">56834</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56802" xml:lang="en">56802</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Feb/26" xml:lang="en">20140205 CVE-2014-1237 (XSS in i-doit Pro)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125062" xml:lang="en">http://packetstormsecurity.com/files/125062</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102910" xml:lang="en">102910</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1242">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:itunes:11.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:itunes:11.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:itunes:11.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:itunes:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:itunes:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:itunes:11.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:itunes:11.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:itunes:11.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:itunes:11.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:itunes:11.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:itunes:11.0</vuln:product>
+      <vuln:product>cpe:/a:apple:itunes:11.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:itunes:11.1.3</vuln:product>
+      <vuln:product>cpe:/a:apple:itunes:11.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:itunes:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:itunes:11.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:itunes:11.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:itunes:11.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:itunes:11.1</vuln:product>
+      <vuln:product>cpe:/a:apple:itunes:11.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1242</vuln:cve-id>
+    <vuln:published-datetime>2014-01-23T14:55:04.097-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-30T00:17:36.593-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-24T10:25:23.850-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90653" xml:lang="en">apple-itunes-cve20141242-mitm(90653)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029671" xml:lang="en">1029671</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65088" xml:lang="en">65088</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6001" xml:lang="en">http://support.apple.com/kb/HT6001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102410" xml:lang="en">102410</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1243">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.60.92.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.62.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.64.17.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.65.17.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.66.71.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.67.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.68.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.69.80.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.70.80.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.71.80.42"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.69.80.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1.70</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.67.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.65.17.80</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.60.92.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.70.80.34</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.64.17.73</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.62.14.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.68.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.7</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.8</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.71.80.42</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.66.71.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1243</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.617-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T08:47:06.060-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T08:47:04.810-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6151" xml:lang="en">http://support.apple.com/kb/HT6151</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1244">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.60.92.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.62.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.64.17.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.65.17.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.66.71.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.67.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.68.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.69.80.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.70.80.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.71.80.42"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.69.80.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1.70</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.67.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.65.17.80</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.60.92.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.70.80.34</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.64.17.73</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.62.14.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.68.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.7</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.8</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.71.80.42</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.66.71.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1244</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.647-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T13:40:00.047-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T12:17:49.763-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6151" xml:lang="en">http://support.apple.com/kb/HT6151</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1245">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.60.92.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.62.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.64.17.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.65.17.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.66.71.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.67.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.68.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.69.80.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.70.80.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.71.80.42"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.69.80.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1.70</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.67.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.65.17.80</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.60.92.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.70.80.34</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.64.17.73</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.62.14.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.68.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.7</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.8</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.71.80.42</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.66.71.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1245</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.663-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T13:40:43.907-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T12:17:14.997-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6151" xml:lang="en">http://support.apple.com/kb/HT6151</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1246">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.60.92.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.62.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.64.17.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.65.17.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.66.71.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.67.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.68.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.69.80.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.70.80.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.71.80.42"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.69.80.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1.70</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.67.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.65.17.80</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.60.92.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.70.80.34</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.64.17.73</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.62.14.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.68.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.7</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.8</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.71.80.42</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.66.71.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1246</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.680-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T12:13:57.537-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T12:13:56.163-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6151" xml:lang="en">http://support.apple.com/kb/HT6151</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1247">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.60.92.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.62.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.64.17.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.65.17.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.66.71.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.67.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.68.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.69.80.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.70.80.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.71.80.42"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.69.80.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1.70</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.67.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.65.17.80</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.60.92.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.70.80.34</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.64.17.73</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.62.14.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.68.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.7</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.8</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.71.80.42</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.66.71.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1247</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.710-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T13:37:59.343-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T12:23:12.413-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6151" xml:lang="en">http://support.apple.com/kb/HT6151</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1248">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.60.92.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.62.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.64.17.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.65.17.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.66.71.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.67.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.68.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.69.80.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.70.80.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.71.80.42"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.69.80.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1.70</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.67.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.65.17.80</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.60.92.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.70.80.34</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.64.17.73</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.62.14.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.68.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.7</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.8</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.71.80.42</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.66.71.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1248</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.727-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T13:39:30.513-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T12:20:11.843-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6151" xml:lang="en">http://support.apple.com/kb/HT6151</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1249">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.60.92.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.62.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.64.17.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.65.17.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.66.71.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.67.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.68.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.69.80.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.70.80.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.71.80.42"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.69.80.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1.70</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.67.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.65.17.80</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.60.92.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.70.80.34</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.64.17.73</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.62.14.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.68.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.7</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.8</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.71.80.42</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.66.71.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1249</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.757-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T13:38:27.717-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T12:22:24.973-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6151" xml:lang="en">http://support.apple.com/kb/HT6151</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1250">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.60.92.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.62.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.64.17.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.65.17.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.66.71.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.67.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.68.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.69.80.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.70.80.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.71.80.42"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.69.80.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1.70</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.67.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.65.17.80</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.60.92.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.70.80.34</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.64.17.73</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.62.14.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.68.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.7</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.8</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.71.80.42</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.66.71.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1250</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.773-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T13:37:40.170-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T12:24:36.287-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6151" xml:lang="en">http://support.apple.com/kb/HT6151</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1251">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.3.1.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.60.92.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.62.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.64.17.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.65.17.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.66.71.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.67.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.68.75.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.69.80.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.70.80.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:quicktime:7.71.80.42"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.69.80.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1.70</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.5.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.67.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.6</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.5</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.65.17.80</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.4</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.7.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.60.92.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.70.80.34</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.64.17.73</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.62.14.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.68.75.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.7</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.9</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.3</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.6.8</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.71.80.42</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.4.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.66.71.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.1</vuln:product>
+      <vuln:product>cpe:/a:apple:quicktime:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1251</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.807-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T15:44:20.697-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T12:32:50.583-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6151" xml:lang="en">http://support.apple.com/kb/HT6151</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1252">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:pages:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:pages:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:pages:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:pages:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:pages:2.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:pages:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:pages:5.0</vuln:product>
+      <vuln:product>cpe:/a:apple:pages:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:pages:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:pages:2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1252</vuln:cve-id>
+    <vuln:published-datetime>2014-01-24T10:08:00.933-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T23:59:53.040-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-24T18:12:07.563-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90672" xml:lang="en">apple-pages-cve20141252-code-exec(90672)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029683" xml:lang="en">1029683</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65113" xml:lang="en">65113</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6117" xml:lang="en">http://support.apple.com/kb/HT6117</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56630" xml:lang="en">56630</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56615" xml:lang="en">56615</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102460" xml:lang="en">102460</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1253">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:boot_camp:5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:boot_camp:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1253</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T08:10:48.780-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-14T12:42:06.047-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.7</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-14T12:42:05.140-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6126" xml:lang="en">http://support.apple.com/kb/HT6126</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://seclists.org/bugtraq/2014/Feb/47" xml:lang="en">APPLE-SA-2014-02-11-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1254">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1254</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.820-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T08:50:25.627-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T08:50:25.203-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1255">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1255</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.850-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T14:36:56.437-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T14:36:53.953-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1256">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1256</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.867-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T14:38:01.080-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T14:38:00.003-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1257">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1257</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.897-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T08:55:11.227-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T08:55:10.900-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1258">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1258</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.913-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T12:59:28.967-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T12:59:28.730-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1259">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1259</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.947-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T13:37:01.217-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T13:03:41.940-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1260">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1260</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.977-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T13:36:00.850-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T13:08:42.197-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1261">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1261</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:03.993-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T13:07:51.040-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T13:07:50.977-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1262">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1262</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:04.023-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T14:36:02.000-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T14:35:56.157-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1263">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1263</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:04.070-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:51.077-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T13:22:07.953-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73" xml:lang="en">https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/okoeroo/statuses/437272014043496449" xml:lang="en">http://twitter.com/okoeroo/statuses/437272014043496449</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/agl__/statuses/437029812046422016" xml:lang="en">http://twitter.com/agl__/statuses/437029812046422016</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57968" xml:lang="en">57968</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57966" xml:lang="en">57966</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57836" xml:lang="en">57836</vuln:reference>
+    </vuln:references>
+    <vuln:summary>curl in Apple OS X 10.9.x before 10.9.2 does not verify X.509 certificates from HTTPS servers that are accessed using a numerical IP address, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1264">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1264</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:04.100-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T13:32:44.690-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.3</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T08:32:41.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1265">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1265</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:04.133-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T16:39:23.210-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T08:45:31.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1266">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:6.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:6.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:6.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:6.1.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:6.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:6.1.5</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:6.1.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:6.1.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:6.1.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1266</vuln:cve-id>
+    <vuln:published-datetime>2014-02-22T12:05:21.767-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:46.533-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T09:32:40.820-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.imperialviolet.org/2014/02/22/applebug.html" xml:lang="en">https://www.imperialviolet.org/2014/02/22/applebug.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html" xml:lang="en">https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html" xml:lang="en">https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://news.ycombinator.com/item?id=7281378" xml:lang="en">https://news.ycombinator.com/item?id=7281378</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6150" xml:lang="en">http://support.apple.com/kb/HT6150</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6148" xml:lang="en">http://support.apple.com/kb/HT6148</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6147" xml:lang="en">http://support.apple.com/kb/HT6147</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6146" xml:lang="en">http://support.apple.com/kb/HT6146</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://it.slashdot.org/comments.pl?sid=4821073&amp;cid=46310187" xml:lang="en">http://it.slashdot.org/comments.pl?sid=4821073&amp;cid=46310187</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1267">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1267</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:05.897-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T10:47:34.160-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T10:47:32.350-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1268">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:webkit"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:webkit</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1268</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:04.163-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T10:35:04.610-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T10:35:01.877-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6145" xml:lang="en">http://support.apple.com/kb/HT6145</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1269">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:webkit"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:webkit</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1269</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:04.180-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:45:09.677-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T13:41:20.293-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6145" xml:lang="en">http://support.apple.com/kb/HT6145</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1270">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:webkit"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:webkit</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1270</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:04.210-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:45:09.753-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T13:49:45.040-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6145" xml:lang="en">http://support.apple.com/kb/HT6145</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1271">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1271</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:05.910-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:01:10.243-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:01:10.167-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1272">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1272</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:05.943-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T10:56:21.567-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.3</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T10:56:19.267-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-59"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1273">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1273</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:05.957-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:10:34.570-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:10:34.490-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1274">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1274</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:05.990-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:03:16.777-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:03:10.230-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1275">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1275</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.007-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:17:27.627-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:17:23.457-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1276">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1276</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.037-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:20:59.397-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:20:59.350-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1277">
+    <vuln:cve-id>CVE-2014-1277</vuln:cve-id>
+    <vuln:published-datetime>2014-03-13T06:55:03.427-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-13T06:55:03.503-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-3948.  Reason: This candidate is a duplicate of CVE-2013-3948.  Notes: All CVE users should reference CVE-2013-3948 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1278">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1278</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.053-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:46:04.873-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:46:01.560-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1279">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1279</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.083-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:47:33.750-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:47:33.657-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1280">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1280</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.100-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:52:21.803-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:52:21.740-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1281">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1281</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.113-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:50:03.097-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>1.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:50:03.050-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1282">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1282</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.147-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:55:37.650-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:55:37.510-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1284">
+    <vuln:cve-id>CVE-2014-1284</vuln:cve-id>
+    <vuln:published-datetime>2014-03-13T06:55:03.520-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-13T06:55:03.597-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-2019.  Reason: This candidate is a duplicate of CVE-2014-2019.  Notes: All CVE users should reference CVE-2014-2019 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1285">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1285</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.160-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T11:57:36.093-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T11:57:36.013-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1286">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1286</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.193-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T12:06:50.450-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T12:06:50.403-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1287">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1287</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.207-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T12:11:54.723-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T12:11:54.660-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:summary>USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1289">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1289</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.240-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T23:59:56.353-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T12:15:49.057-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1290">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1290</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.270-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T23:59:58.307-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T12:24:15.913-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1291">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1291</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.287-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T23:59:58.387-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T12:28:29.247-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1292">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1292</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.317-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T23:59:58.480-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T12:29:33.390-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1293">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1293</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.333-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-05T00:00:07.557-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T12:34:17.600-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1294.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1294">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1294</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.363-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-05T00:00:07.637-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T12:35:45.197-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6163" xml:lang="en">http://support.apple.com/kb/HT6163</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1293.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1295">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1295</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T07:52:59.383-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T13:34:57.227-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T13:34:53.537-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://secure-resumption.com/" xml:lang="en">https://secure-resumption.com/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" xml:lang="en">APPLE-SA-2014-04-22-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1296">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x_server:10.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.7.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x_server:10.7.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.7.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1296</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T07:52:59.400-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T13:36:27.820-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T13:36:27.557-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" xml:lang="en">APPLE-SA-2014-04-22-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1297">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1297</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:06.870-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-02T13:07:49.410-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T13:07:45.410-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1298">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1298</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:06.900-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:56.543-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T13:13:26.203-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1299">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1299</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:06.917-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:56.763-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T13:17:28.617-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1300">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1300</vuln:cve-id>
+    <vuln:published-datetime>2014-03-26T10:55:05.740-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:56.997-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T14:42:34.170-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/443796547872903168" xml:lang="en">http://twitter.com/thezdi/statuses/443796547872903168</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1301">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1301</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:06.947-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-02T14:12:48.837-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T14:12:48.760-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1302">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1302</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:06.963-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:57.420-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T14:13:47.403-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1303">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1303</vuln:cve-id>
+    <vuln:published-datetime>2014-03-26T10:55:05.773-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:57.637-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T14:48:23.590-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/444157530139136000" xml:lang="en">http://twitter.com/thezdi/statuses/444157530139136000</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1304">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1304</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:06.993-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:57.840-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T14:26:17.083-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1305">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1305</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:07.027-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:58.060-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T14:40:02.987-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1307">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1307</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:07.040-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:58.277-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T14:44:05.807-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1308">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1308</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:07.073-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:58.497-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T14:45:37.637-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1309">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1309</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:07.087-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:58.733-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T14:46:24.547-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1310">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1310</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:07.120-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:58.950-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T14:50:30.523-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1311">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1311</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:07.150-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:59.170-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T14:55:36.657-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1312">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1312</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:07.167-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:59.387-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T14:57:07.583-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1313">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:safari:6.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:safari:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.5</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:safari:6.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1313</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:17:07.197-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:04:59.623-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T14:59:03.290-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1314">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1314</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T07:52:59.417-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T07:24:47.747-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T13:42:06.160-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" xml:lang="en">APPLE-SA-2014-04-22-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1315">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1315</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T07:52:59.417-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T13:48:42.920-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T13:48:42.890-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-134"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" xml:lang="en">APPLE-SA-2014-04-22-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1316">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1316</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T07:52:59.430-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T13:52:56.883-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T13:52:56.837-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" xml:lang="en">APPLE-SA-2014-04-22-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1318">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.8.5:supplemental_update"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.0</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.5:supplemental_update</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.3</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.4</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.8.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1318</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T07:52:59.430-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T13:58:50.017-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T13:58:49.923-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" xml:lang="en">APPLE-SA-2014-04-22-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1319">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1319</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T07:52:59.430-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T14:02:41.353-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T14:02:41.117-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" xml:lang="en">APPLE-SA-2014-04-22-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1320">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:apple_tv:6.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:apple:apple_tv:6.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.6</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1320</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T07:52:59.447-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T09:56:26.283-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T09:56:23.157-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" xml:lang="en">APPLE-SA-2014-04-22-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1321">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1321</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T07:52:59.447-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T09:52:18.557-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.3</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T09:52:18.433-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" xml:lang="en">APPLE-SA-2014-04-22-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1322">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.1</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.2</vuln:product>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1322</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T07:52:59.463-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T09:56:55.097-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T09:56:55.067-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" xml:lang="en">APPLE-SA-2014-04-22-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1401">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:1.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:1.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:auracms:auracms:1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:auracms:auracms:1.62</vuln:product>
+      <vuln:product>cpe:/a:auracms:auracms:1.61</vuln:product>
+      <vuln:product>cpe:/a:auracms:auracms:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:auracms:auracms:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:auracms:auracms:1.1</vuln:product>
+      <vuln:product>cpe:/a:auracms:auracms:1.0</vuln:product>
+      <vuln:product>cpe:/a:auracms:auracms:1.3</vuln:product>
+      <vuln:product>cpe:/a:auracms:auracms:1.2</vuln:product>
+      <vuln:product>cpe:/a:auracms:auracms:2.0</vuln:product>
+      <vuln:product>cpe:/a:auracms:auracms:2.1</vuln:product>
+      <vuln:product>cpe:/a:auracms:auracms:2.2</vuln:product>
+      <vuln:product>cpe:/a:auracms:auracms:2.3</vuln:product>
+      <vuln:product>cpe:/a:auracms:auracms:1.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1401</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T12:55:06.857-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:33.843-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T11:03:39.590-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23196" xml:lang="en">https://www.htbridge.com/advisory/HTB23196</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/auracms/AuraCMS/commit/790f66ffbc4f23a6e13636fc79d0aa1a7d81e747" xml:lang="en">https://github.com/auracms/AuraCMS/commit/790f66ffbc4f23a6e13636fc79d0aa1a7d81e747</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/auracms/AuraCMS/commit/4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade" xml:lang="en">https://github.com/auracms/AuraCMS/commit/4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90965" xml:lang="en">auracms-cve20141401-sql-injection(90965)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/530930/100/0/threaded" xml:lang="en">20140205 Multiple SQL Injection Vulnerabilities in AuraCMS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31520" xml:lang="en">31520</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56804" xml:lang="en">56804</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125079" xml:lang="en">http://packetstormsecurity.com/files/125079</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1403">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:easyxdm:easyxdm:2.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:easyxdm:easyxdm:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:easyxdm:easyxdm:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:easyxdm:easyxdm:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:easyxdm:easyxdm:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:easyxdm:easyxdm:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:easyxdm:easyxdm:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:easyxdm:easyxdm:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:easyxdm:easyxdm:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:easyxdm:easyxdm:2.3.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:easyxdm:easyxdm:2.4.18</vuln:product>
+      <vuln:product>cpe:/a:easyxdm:easyxdm:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:easyxdm:easyxdm:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:easyxdm:easyxdm:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:easyxdm:easyxdm:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:easyxdm:easyxdm:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:easyxdm:easyxdm:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:easyxdm:easyxdm:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:easyxdm:easyxdm:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:easyxdm:easyxdm:2.4.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1403</vuln:cve-id>
+    <vuln:published-datetime>2014-02-05T10:10:05.503-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:35.250-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T10:57:50.417-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.19" xml:lang="en">https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.19</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13#diff-6489956f1e1f52236929b4d33cbeb2db" xml:lang="en">https://github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13#diff-6489956f1e1f52236929b4d33cbeb2db</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90876" xml:lang="en">easyxdm-cve20141403-xss(90876)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65291" xml:lang="en">65291</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56634" xml:lang="en">56634</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Feb/5" xml:lang="en">20140131 [CVE-2014-1403] DOM XSS in EasyXDM 2.4.18</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102803" xml:lang="en">102803</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html" xml:lang="en">http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1405">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:conceptronic:c54apm:1.26"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:conceptronic:c54apm:1.26</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1405</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T11:47:06.130-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-10T16:23:38.130-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T16:23:38.023-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf" xml:lang="en">http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1406">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:conceptronic:c54apm:1.26"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:conceptronic:c54apm:1.26</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1406</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T11:47:06.160-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-10T16:25:37.837-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T16:25:27.167-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf" xml:lang="en">http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1407">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:conceptronic:c54apm:1.26"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:conceptronic:c54apm:1.26</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1407</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T11:47:06.193-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-10T16:26:17.603-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T16:26:17.573-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf" xml:lang="en">http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1408">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:conceptronic:c54apm:1.26"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:conceptronic:c54apm:1.26</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1408</vuln:cve-id>
+    <vuln:published-datetime>2014-01-10T11:47:06.333-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-13T09:18:59.177-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-10T16:27:43.433-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf" xml:lang="en">http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf" xml:lang="en">http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1438">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1438</vuln:cve-id>
+    <vuln:published-datetime>2014-01-18T17:55:03.210-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:45:12.443-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.7</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-21T16:00:04.710-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26bef1318adc1b3a530ecc807ef99346db2aa8b0" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26bef1318adc1b3a530ecc807ef99346db2aa8b0</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://lkml.org/lkml/2014/1/9/637" xml:lang="en">[linux-kernel] 20140110 Re: Sanitize CPU-state when switching tasks (was sanitize CPU-state when switching from virtual-8086 mode to other task)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0" xml:lang="en">https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1052914" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1052914</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2141-1" xml:lang="en">USN-2141-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2139-1" xml:lang="en">USN-2139-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2138-1" xml:lang="en">USN-2138-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2136-1" xml:lang="en">USN-2136-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2135-1" xml:lang="en">USN-2135-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2134-1" xml:lang="en">USN-2134-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2133-1" xml:lang="en">USN-2133-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2117-1" xml:lang="en">USN-2117-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2113-1" xml:lang="en">USN-2113-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029592" xml:lang="en">1029592</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64781" xml:lang="en">64781</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/14/1" xml:lang="en">[oss-security] 20140114 Re: Linux kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:038" xml:lang="en">MDVSA-2014:038</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/" xml:lang="en">http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html" xml:lang="en">FEDORA-2014-1062</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html" xml:lang="en">FEDORA-2014-1072</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1439">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:hiphop_virtual_machine_for_php_project:hiphop_virtual_machine_for_php:2.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1439</vuln:cve-id>
+    <vuln:published-datetime>2014-02-05T14:55:28.873-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:36.500-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T13:00:02.287-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/facebook/hhvm/commit/95f96e7287effe2fcdfb9a5338d1a7e4f55b083b" xml:lang="en">https://github.com/facebook/hhvm/commit/95f96e7287effe2fcdfb9a5338d1a7e4f55b083b</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90979" xml:lang="en">hhvm-cve20141439-info-disc(90979)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.hhvm.com/blog/3287/hhvm-2-4-0" xml:lang="en">http://www.hhvm.com/blog/3287/hhvm-2-4-0</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp in HipHop Virtual Machine for PHP (HHVM) before 2.4.0 and 2.3.x before 2.3.3 does not properly disable a certain libxml handler, which allows remote attackers to conduct XML External Entity (XXE) attacks.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1441">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:coreftp:core_ftp:1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:coreftp:core_ftp:1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1441</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T21:59:22.357-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T11:11:59.343-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T11:11:59.140-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102966" xml:lang="en">102966</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56850" xml:lang="en">56850</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Feb/39" xml:lang="en">20140205 Core FTP Server Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html" xml:lang="en">http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://coreftp.com/forums/viewtopic.php?t=2985707" xml:lang="en">http://coreftp.com/forums/viewtopic.php?t=2985707</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated by pressing the enter key twice.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1442">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:coreftp:core_ftp:1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:coreftp:core_ftp:1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1442</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T21:59:22.390-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T11:19:26.310-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T11:19:26.280-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102967" xml:lang="en">102967</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56850" xml:lang="en">56850</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Feb/39" xml:lang="en">20140205 Core FTP Server Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html" xml:lang="en">http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://coreftp.com/forums/viewtopic.php?t=2985707" xml:lang="en">http://coreftp.com/forums/viewtopic.php?t=2985707</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1443">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:coreftp:core_ftp:1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:coreftp:core_ftp:1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1443</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T21:59:22.420-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T11:21:20.283-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T11:21:20.220-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102968" xml:lang="en">102968</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56850" xml:lang="en">56850</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Feb/39" xml:lang="en">20140205 Core FTP Server Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html" xml:lang="en">http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://coreftp.com/forums/viewtopic.php?t=2985707" xml:lang="en">http://coreftp.com/forums/viewtopic.php?t=2985707</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to an out-of-bounds read.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1444">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1444</vuln:cve-id>
+    <vuln:published-datetime>2014-01-18T17:55:03.257-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:45:12.770-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>1.7</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-21T11:30:59.920-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/96b340406724d87e4621284ebac5e059d67b2194" xml:lang="en">https://github.com/torvalds/linux/commit/96b340406724d87e4621284ebac5e059d67b2194</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/15/3" xml:lang="en">[oss-security] 20140115 Re: CVE request: assorted kernel infoleak security fixes</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1053610" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1053610</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90443" xml:lang="en">linux-kernel-cve20141444-info-disc(90443)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2129-1" xml:lang="en">USN-2129-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2128-1" xml:lang="en">USN-2128-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64952" xml:lang="en">64952</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96b340406724d87e4621284ebac5e059d67b2194" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96b340406724d87e4621284ebac5e059d67b2194</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1445">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1445</vuln:cve-id>
+    <vuln:published-datetime>2014-01-18T17:55:03.320-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:45:14.473-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-21T11:35:44.567-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/2b13d06c9584b4eb773f1e80bbaedab9a1c344e1" xml:lang="en">https://github.com/torvalds/linux/commit/2b13d06c9584b4eb773f1e80bbaedab9a1c344e1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/15/3" xml:lang="en">[oss-security] 20140115 Re: CVE request: assorted kernel infoleak security fixes</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1053613" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1053613</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90444" xml:lang="en">linux-kernel-cve20141445-info-disc(90444)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2129-1" xml:lang="en">USN-2129-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2128-1" xml:lang="en">USN-2128-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64953" xml:lang="en">64953</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1446">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1446</vuln:cve-id>
+    <vuln:published-datetime>2014-01-18T17:55:03.397-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:45:14.567-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>1.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-21T16:05:18.717-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/8e3fbf870481eb53b2d3a322d1fc395ad8b367ed" xml:lang="en">https://github.com/torvalds/linux/commit/8e3fbf870481eb53b2d3a322d1fc395ad8b367ed</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1053620" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1053620</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90445" xml:lang="en">linux-kernel-cve20141446-info-disc(90445)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2141-1" xml:lang="en">USN-2141-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2139-1" xml:lang="en">USN-2139-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2138-1" xml:lang="en">USN-2138-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2136-1" xml:lang="en">USN-2136-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2135-1" xml:lang="en">USN-2135-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2134-1" xml:lang="en">USN-2134-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2133-1" xml:lang="en">USN-2133-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2129-1" xml:lang="en">USN-2129-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2128-1" xml:lang="en">USN-2128-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2117-1" xml:lang="en">USN-2117-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2113-1" xml:lang="en">USN-2113-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64954" xml:lang="en">64954</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/15/3" xml:lang="en">[oss-security] 20140115 Re: CVE request: assorted kernel infoleak security fixes</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:038" xml:lang="en">MDVSA-2014:038</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html" xml:lang="en">FEDORA-2014-1062</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html" xml:lang="en">FEDORA-2014-1072</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8e3fbf870481eb53b2d3a322d1fc395ad8b367ed" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8e3fbf870481eb53b2d3a322d1fc395ad8b367ed</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1447">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.10.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.10.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.10.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.10.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.10.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.10.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.10.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.10.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:0.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redhat:libvirt:1.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:redhat:libvirt:0.3.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.3.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.3.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.7.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.7.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.3.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.10.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.5.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.5.5</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.5.6</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.0.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.0.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.0.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.4.5</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.4.6</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.4.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.4.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.4.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.4.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.4.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.10.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.0.5</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.0.6</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.0.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.5.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.5.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.0.5.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.2.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.2.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.6.5</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.6.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.6.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.6.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.2.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.6.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.8.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.8.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.8.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.8.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.2.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.10.2.8</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.6.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.10.2.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.10.2.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.10.2.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.10.2.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.6.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.10.2.6</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.6.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.10.2.7</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.10.2.5</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.7.6</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.7.7</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.7.5</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.1.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.1.5</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.1.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.11.8</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.11.7</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.11.6</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.11.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.11.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.11</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.12</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.13</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.11.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.11.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.11.5</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.10</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.1.8</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.8.5</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.8</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.1.9</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.8.6</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.9</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.1.6</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.6</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.1.7</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.8.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.7</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.5.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.4</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.5.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.5</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.8.7</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.8.8</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.1.0</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:0.1.1</vuln:product>
+      <vuln:product>cpe:/a:redhat:libvirt:1.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1447</vuln:cve-id>
+    <vuln:published-datetime>2014-01-24T13:55:04.963-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:48.987-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.3</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-24T17:15:00.187-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1047577" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1047577</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2093-1" xml:lang="en">USN-2093-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029695" xml:lang="en">1029695</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2846" xml:lang="en">DSA-2846</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56446" xml:lang="en">56446</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56321" xml:lang="en">56321</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0103.html" xml:lang="en">RHSA-2014:0103</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html" xml:lang="en">openSUSE-SU-2014:0270</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html" xml:lang="en">openSUSE-SU-2014:0268</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://libvirt.org/news.html" xml:lang="en">http://libvirt.org/news.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1448">
+    <vuln:cve-id>CVE-2014-1448</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:13:04.117-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-15T11:13:04.197-05:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-1447.  Reason: This candidate is a reservation duplicate of CVE-2014-1447.  Only one candidate was needed for the disclosure in question.  Notes: All CVE users should reference CVE-2014-1447 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1452">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.1:release-p4"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.1:release-p5"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.2:prerelease"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:8.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.2:rc1</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:8.4</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.1</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:8.3</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.2:prerelease</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.1:release-p4</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.0</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:10.0</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.1:release-p5</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1452</vuln:cve-id>
+    <vuln:published-datetime>2014-01-21T10:17:12.180-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:36.907-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-22T13:46:01.050-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svnweb.freebsd.org/base?view=revision&amp;amp;revision=260636" xml:lang="en">http://svnweb.freebsd.org/base?view=revision&amp;amp;revision=260636</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029616" xml:lang="en">1029616</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>FREEBSD</vuln:source>
+      <vuln:reference href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:01.bsnmpd.asc" xml:lang="en">FreeBSD-SA-14:01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56496" xml:lang="en">56496</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted GETBULK PDU request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1453">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.1:release-p4"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.1:release-p5"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.2:prerelease"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:freebsd:freebsd:9.2:rc2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.2:rc1</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.1</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:8.4</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.2:prerelease</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.1:release-p4</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.0</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:8.3</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:10.0</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.1:release-p5</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.0:beta1</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.0:beta2</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.0:beta3</vuln:product>
+      <vuln:product>cpe:/o:freebsd:freebsd:9.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1453</vuln:cve-id>
+    <vuln:published-datetime>2014-04-16T14:37:13.413-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-17T10:38:58.780-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-17T10:38:58.563-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030041" xml:lang="en">1030041</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66726" xml:lang="en">66726</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>FREEBSD</vuln:source>
+      <vuln:reference href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc" xml:lang="en">FreeBSD-SA-14:05</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57760" xml:lang="en">57760</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1455">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:pearson:esis_enterprise_student_information_system:3.3.0.13"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:pearson:esis_enterprise_student_information_system:3.3.0.13</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1455</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T16:29:20.487-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T11:40:59.163-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T11:40:59.117-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531751/100/0/threaded" xml:lang="en">20140406 Pearson eSIS Enterprise Student Information System SQL Injection</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student Information System, possibly 3.3.0.13 and earlier, allows remote attackers to execute arbitrary SQL commands via the new password.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1456">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.8:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.8:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.8:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.8:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.0.8:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openwebanalytics:open_web_analytics:1.5.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.4.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.1.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.5.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.8:rc4</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.8:rc3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.8:rc2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.8:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0.8:rc5</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.0</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.2.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:openwebanalytics:open_web_analytics:1.3.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1456</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T19:01:07.717-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T09:49:10.523-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T09:49:05.727-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91124" xml:lang="en">owa-cve20141456-xss(91124)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004" xml:lang="en">http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.openwebanalytics.com/?p=384" xml:lang="en">http://www.openwebanalytics.com/?p=384</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56885" xml:lang="en">56885</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1458">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:fortinet:fortiweb:5.0.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:fortinet:fortiweb:5.0.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1458</vuln:cve-id>
+    <vuln:published-datetime>2014-02-04T16:55:08.077-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:37.000-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-05T09:32:02.227-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90978" xml:lang="en">fortiweb-cve20141458-xss(90978)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.fortiguard.com/advisory/FG-IR-14-001/" xml:lang="en">http://www.fortiguard.com/advisory/FG-IR-14-001/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1459">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:doorgets:doorgets_cms:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:doorgets:doorgets_cms:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:doorgets:doorgets_cms:3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:doorgets:doorgets_cms:3.0</vuln:product>
+      <vuln:product>cpe:/a:doorgets:doorgets_cms:5.2</vuln:product>
+      <vuln:product>cpe:/a:doorgets:doorgets_cms:4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1459</vuln:cve-id>
+    <vuln:published-datetime>2014-02-11T12:55:06.903-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:37.077-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-12T11:12:45.440-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23197" xml:lang="en">https://www.htbridge.com/advisory/HTB23197</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/doorgets/doorGets/commit/6b81541fc1e5dd1c70614585c1a04d04ccdb3b19" xml:lang="en">https://github.com/doorgets/doorGets/commit/6b81541fc1e5dd1c70614585c1a04d04ccdb3b19</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90967" xml:lang="en">doorgets-cve20141459-sql-injection(90967)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65439" xml:lang="en">65439</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/530931/100/0/threaded" xml:lang="en">20140205 SQL Injection in doorGets CMS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31521" xml:lang="en">31521</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125078" xml:lang="en">http://packetstormsecurity.com/files/125078</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter.  NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1466">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:csp_mysql_user_manager_project:csp_mysql_user_manager:2.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:csp_mysql_user_manager_project:csp_mysql_user_manager:2.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1466</vuln:cve-id>
+    <vuln:published-datetime>2014-01-15T11:08:18.640-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-16T13:31:09.430-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-16T13:31:07.133-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90210" xml:lang="en">cpsmysql-login-sql-injection(90210)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64731" xml:lang="en">64731</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56348" xml:lang="en">56348</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124724/cspmysql-sql.txt" xml:lang="en">http://packetstormsecurity.com/files/124724/cspmysql-sql.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101867" xml:lang="en">101867</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1467">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:blackberry:enterprise_server_express:5.0.4::~~~lotus_domino~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:blackberry:enterprise_server_express:5.0.4::~~~exchange_server~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:blackberry:enterprise_server:5.0.4:mr6:~~~lotus_domino~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:blackberry:enterprise_server:5.0.4:mr6:~~~exchange_server~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:blackberry:enterprise_server:5.0.4:mr6:~~~groupwise~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:blackberry:blackberry_universal_device_service:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:blackberry:blackberry_enterprise_service:10.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:blackberry:blackberry_enterprise_service:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:blackberry:blackberry_enterprise_service:10.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:blackberry:blackberry_enterprise_service:10.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:blackberry:blackberry_enterprise_service:10.2.0</vuln:product>
+      <vuln:product>cpe:/a:blackberry:enterprise_server:5.0.4:mr6:~~~lotus_domino~~</vuln:product>
+      <vuln:product>cpe:/a:blackberry:blackberry_enterprise_service:10.1.0</vuln:product>
+      <vuln:product>cpe:/a:blackberry:enterprise_server:5.0.4:mr6:~~~exchange_server~~</vuln:product>
+      <vuln:product>cpe:/a:blackberry:blackberry_enterprise_service:10.1.2</vuln:product>
+      <vuln:product>cpe:/a:blackberry:blackberry_universal_device_service:6.0</vuln:product>
+      <vuln:product>cpe:/a:blackberry:enterprise_server_express:5.0.4::~~~exchange_server~~</vuln:product>
+      <vuln:product>cpe:/a:blackberry:blackberry_enterprise_service:10.0</vuln:product>
+      <vuln:product>cpe:/a:blackberry:enterprise_server:5.0.4:mr6:~~~groupwise~~</vuln:product>
+      <vuln:product>cpe:/a:blackberry:enterprise_server_express:5.0.4::~~~lotus_domino~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1467</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T08:10:30.637-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-14T12:34:51.747-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-14T12:34:51.670-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.blackberry.com/btsc/KB35647" xml:lang="en">http://www.blackberry.com/btsc/KB35647</vuln:reference>
+    </vuln:references>
+    <vuln:summary>BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1471">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.13"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.7</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.9</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.18</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1471</vuln:cve-id>
+    <vuln:published-datetime>2014-02-04T16:55:05.310-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:49.580-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-05T10:31:57.830-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.otrs.com/security-advisory-2014-02-sql-injection-issue" xml:lang="en">https://www.otrs.com/security-advisory-2014-02-sql-injection-issue</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949" xml:lang="en">https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d" xml:lang="en">https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82" xml:lang="en">https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.otrs.com/release-notes-otrs-help-desk-3-3-4" xml:lang="en">https://www.otrs.com/release-notes-otrs-help-desk-3-3-4</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/29/15" xml:lang="en">[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2867" xml:lang="en">DSA-2867</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56655" xml:lang="en">56655</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56644" xml:lang="en">56644</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102661" xml:lang="en">102661</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1472">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:vulnerability_manager:7.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:vulnerability_manager:7.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:vulnerability_manager:7.0.11"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mcafee:vulnerability_manager:7.0.11</vuln:product>
+      <vuln:product>cpe:/a:mcafee:vulnerability_manager:7.5.5</vuln:product>
+      <vuln:product>cpe:/a:mcafee:vulnerability_manager:7.5.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1472</vuln:cve-id>
+    <vuln:published-datetime>2014-01-16T00:05:26.600-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-27T23:57:36.427-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-17T10:10:17.797-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10061" xml:lang="en">https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10061</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90244" xml:lang="en">mcafee-vm-unspec-xss(90244)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029591" xml:lang="en">1029591</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64795" xml:lang="en">64795</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56394" xml:lang="en">56394</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101940" xml:lang="en">101940</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1473">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:vulnerability_manager:7.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:vulnerability_manager:7.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:vulnerability_manager:7.0.11"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mcafee:vulnerability_manager:7.0.11</vuln:product>
+      <vuln:product>cpe:/a:mcafee:vulnerability_manager:7.5.5</vuln:product>
+      <vuln:product>cpe:/a:mcafee:vulnerability_manager:7.5.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1473</vuln:cve-id>
+    <vuln:published-datetime>2014-01-16T00:05:26.663-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-27T23:57:36.520-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-17T10:12:04.830-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10061" xml:lang="en">https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10061</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90245" xml:lang="en">mcafee-vm-unspec-csrf(90245)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029591" xml:lang="en">1029591</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64795" xml:lang="en">64795</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56394" xml:lang="en">56394</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101939" xml:lang="en">101939</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1475">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha4"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha5"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha6"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha7"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:dev"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.24"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:dev"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:rc-1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:rc-2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:rc-3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:rc-4"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.28"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:rc-3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.21</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:rc-1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:rc-4</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.20</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.24</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.23</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.22</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.28</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.27</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.26</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.25</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.11</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.10</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.17</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.18</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.18</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.15</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.16</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.13</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.14</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.12</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.11</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.10</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.13</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.12</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.15</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha7</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.14</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha6</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.17</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.19</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.16</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha4</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha5</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.22</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:dev</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.23</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.24</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:dev</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.20</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.21</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.19</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:rc-2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1475</vuln:cve-id>
+    <vuln:published-datetime>2014-01-24T13:55:05.057-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:38.483-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-24T17:47:41.623-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://drupal.org/SA-CORE-2014-001" xml:lang="en">https://drupal.org/SA-CORE-2014-001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64973" xml:lang="en">64973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:031" xml:lang="en">MDVSA-2014:031</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2851" xml:lang="en">DSA-2851</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2847" xml:lang="en">DSA-2847</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56601" xml:lang="en">56601</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56260" xml:lang="en">56260</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1476">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha4"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha5"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha6"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha7"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:dev"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.24"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha4</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.22</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha5</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:dev</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.23</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.24</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.20</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.21</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.11</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.17</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.18</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.15</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.16</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.13</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.14</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.12</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.10</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha7</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha6</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.19</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1476</vuln:cve-id>
+    <vuln:published-datetime>2014-01-24T13:55:05.150-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:38.563-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-24T17:48:34.030-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://drupal.org/SA-CORE-2014-001" xml:lang="en">https://drupal.org/SA-CORE-2014-001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64973" xml:lang="en">64973</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:031" xml:lang="en">MDVSA-2014:031</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2847" xml:lang="en">DSA-2847</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56260" xml:lang="en">56260</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1477">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1477</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:24.393-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:51.297-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T12:02:49.840-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=953114" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=953114</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=951366" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=951366</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=950438" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=950438</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=950000" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=950000</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=945939" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=945939</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=945334" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=945334</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=937697" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=937697</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=937132" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=937132</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=936808" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=936808</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=925896" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=925896</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=921470" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=921470</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://8pecxstudios.com/?page_id=44080" xml:lang="en">https://8pecxstudios.com/?page_id=44080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2119-1" xml:lang="en">USN-2119-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-01.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-01.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2858" xml:lang="en">DSA-2858</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56706" xml:lang="en">56706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0133.html" xml:lang="en">RHSA-2014:0133</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0132.html" xml:lang="en">RHSA-2014:0132</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" xml:lang="en">openSUSE-SU-2014:0213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" xml:lang="en">FEDORA-2014-2083</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" xml:lang="en">FEDORA-2014-2041</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1478">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1478</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:24.783-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:51.467-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T13:11:57.147-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=953373" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=953373</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=950452" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=950452</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=946733" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=946733</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=945585" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=945585</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=944851" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=944851</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=944321" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=944321</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=944278" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=944278</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=942940" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=942940</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=942152" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=942152</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=939472" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=939472</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=938431" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=938431</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=932162" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=932162</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=925308" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=925308</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=924348" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=924348</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=922603" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=922603</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=916635" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=916635</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=911845" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=911845</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=911707" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=911707</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=867597" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=867597</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://8pecxstudios.com/?page_id=44080" xml:lang="en">https://8pecxstudios.com/?page_id=44080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-01.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-01.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56706" xml:lang="en">56706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" xml:lang="en">openSUSE-SU-2014:0213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1479">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1479</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:24.830-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:51.640-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T13:44:30.477-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=911864" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=911864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://8pecxstudios.com/?page_id=44080" xml:lang="en">https://8pecxstudios.com/?page_id=44080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2119-1" xml:lang="en">USN-2119-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-02.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-02.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2858" xml:lang="en">DSA-2858</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56706" xml:lang="en">56706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0133.html" xml:lang="en">RHSA-2014:0133</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0132.html" xml:lang="en">RHSA-2014:0132</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" xml:lang="en">openSUSE-SU-2014:0213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" xml:lang="en">FEDORA-2014-2083</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" xml:lang="en">FEDORA-2014-2041</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1480">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1480</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:24.847-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:51.827-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T13:48:37.497-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=916726" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=916726</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-03.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-03.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1481">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1481</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:24.877-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:51.983-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T13:58:58.247-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=936056" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=936056</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://8pecxstudios.com/?page_id=44080" xml:lang="en">https://8pecxstudios.com/?page_id=44080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2119-1" xml:lang="en">USN-2119-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-13.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-13.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2858" xml:lang="en">DSA-2858</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56706" xml:lang="en">56706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0133.html" xml:lang="en">RHSA-2014:0133</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0132.html" xml:lang="en">RHSA-2014:0132</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" xml:lang="en">openSUSE-SU-2014:0213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" xml:lang="en">FEDORA-2014-2083</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" xml:lang="en">FEDORA-2014-2041</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1482">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1482</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:24.893-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:52.157-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T14:00:15.077-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=943803" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=943803</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://8pecxstudios.com/?page_id=44080" xml:lang="en">https://8pecxstudios.com/?page_id=44080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2119-1" xml:lang="en">USN-2119-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-04.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-04.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2858" xml:lang="en">DSA-2858</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56706" xml:lang="en">56706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0133.html" xml:lang="en">RHSA-2014:0133</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0132.html" xml:lang="en">RHSA-2014:0132</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" xml:lang="en">openSUSE-SU-2014:0213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" xml:lang="en">FEDORA-2014-2083</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" xml:lang="en">FEDORA-2014-2041</vuln:reference>
+    </vuln:references>
+    <vuln:summary>RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1483">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1483</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:24.910-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:52.327-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T14:02:05.640-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=950427" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=950427</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://8pecxstudios.com/?page_id=44080" xml:lang="en">https://8pecxstudios.com/?page_id=44080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-05.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-05.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56706" xml:lang="en">56706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1484">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.2"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1484</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:24.940-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:52.500-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T14:10:16.183-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=953993" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=953993</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-06.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-06.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html" xml:lang="en">20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1485">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1485</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:24.957-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:52.670-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T14:12:25.750-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=910139" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=910139</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://8pecxstudios.com/?page_id=44080" xml:lang="en">https://8pecxstudios.com/?page_id=44080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-07.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-07.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56706" xml:lang="en">56706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1486">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1486</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:24.987-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:52.843-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T14:14:22.160-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=942164" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=942164</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://8pecxstudios.com/?page_id=44080" xml:lang="en">https://8pecxstudios.com/?page_id=44080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2119-1" xml:lang="en">USN-2119-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-08.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-08.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2858" xml:lang="en">DSA-2858</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56706" xml:lang="en">56706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0133.html" xml:lang="en">RHSA-2014:0133</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0132.html" xml:lang="en">RHSA-2014:0132</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" xml:lang="en">openSUSE-SU-2014:0213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" xml:lang="en">FEDORA-2014-2083</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" xml:lang="en">FEDORA-2014-2041</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1487">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1487</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:25.017-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:52.953-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T14:15:30.537-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=947592" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=947592</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://8pecxstudios.com/?page_id=44080" xml:lang="en">https://8pecxstudios.com/?page_id=44080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2119-1" xml:lang="en">USN-2119-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-09.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-09.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2858" xml:lang="en">DSA-2858</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56706" xml:lang="en">56706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0133.html" xml:lang="en">RHSA-2014:0133</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0132.html" xml:lang="en">RHSA-2014:0132</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" xml:lang="en">openSUSE-SU-2014:0213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" xml:lang="en">FEDORA-2014-2083</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" xml:lang="en">FEDORA-2014-2041</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1488">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1488</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:25.050-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:53.030-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T14:16:39.427-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=950604" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=950604</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://8pecxstudios.com/?page_id=44080" xml:lang="en">https://8pecxstudios.com/?page_id=44080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-11.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-11.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56706" xml:lang="en">56706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1489">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1489</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:25.067-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:51.173-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T14:20:34.950-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=959531" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=959531</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-10.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-10.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1490">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.11.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.11.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.11.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.4.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.11.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1490</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:25.097-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:53.203-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T14:28:44.307-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=930874" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=930874</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=930857" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=930857</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://8pecxstudios.com/?page_id=44080" xml:lang="en">https://8pecxstudios.com/?page_id=44080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2119-1" xml:lang="en">USN-2119-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-12.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-12.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2858" xml:lang="en">DSA-2858</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56706" xml:lang="en">56706</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" xml:lang="en">openSUSE-SU-2014:0213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" xml:lang="en">FEDORA-2014-2083</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" xml:lang="en">FEDORA-2014-2041</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1491">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.11.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.11.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.11.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.4.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.11.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1491</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T00:44:25.127-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:53.280-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T14:30:02.400-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=934545" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=934545</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2119-1" xml:lang="en">USN-2119-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-2" xml:lang="en">USN-2102-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2102-1" xml:lang="en">USN-2102-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-12.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-12.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2858" xml:lang="en">DSA-2858</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" xml:lang="en">SUSE-SU-2014:0248</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" xml:lang="en">openSUSE-SU-2014:0213</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" xml:lang="en">openSUSE-SU-2014:0212</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" xml:lang="en">FEDORA-2014-2083</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" xml:lang="en">FEDORA-2014-2041</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1492">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.14.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:network_security_services:3.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.11.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.11.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.11.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.4.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.7.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.11.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:network_security_services:3.12.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1492</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T09:25:38.493-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:47:43.410-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-25T11:21:50.383-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://hg.mozilla.org/projects/nss/rev/709d4e597979" xml:lang="en">https://hg.mozilla.org/projects/nss/rev/709d4e597979</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes" xml:lang="en">https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1079851" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1079851</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=903885" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=903885</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2159-1" xml:lang="en">USN-2159-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1493">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1493</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.240-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:53.547-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T15:13:45.320-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=977538" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=977538</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=967341" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=967341</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=965982" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=965982</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=963974" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=963974</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=960145" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=960145</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=958867" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=958867</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=896268" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=896268</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2151-1" xml:lang="en">USN-2151-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-15.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-15.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2881" xml:lang="en">DSA-2881</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0316.html" xml:lang="en">RHSA-2014:0316</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0310.html" xml:lang="en">RHSA-2014:0310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1494">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1494</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.270-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:53.703-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T15:18:09.403-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=964462" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=964462</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=949843" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=949843</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=938626" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=938626</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=938615" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=938615</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=933219" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=933219</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=932496" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=932496</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=927579" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=927579</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=909586" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=909586</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=627295" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=627295</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-15.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-15.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1496">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1496</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.303-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:53.890-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T15:21:22.393-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=925747" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=925747</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-16.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-16.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1497">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1497</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.333-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:54.063-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T15:25:43.993-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=966311" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=966311</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2151-1" xml:lang="en">USN-2151-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-17.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-17.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2881" xml:lang="en">DSA-2881</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0316.html" xml:lang="en">RHSA-2014:0316</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0310.html" xml:lang="en">RHSA-2014:0310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1498">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1498</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.350-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:54.250-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T15:34:22.117-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=935618" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=935618</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-18.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-18.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1499">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1499</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.380-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:54.437-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T15:42:42.033-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=961512" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=961512</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-19.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-19.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1500">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1500</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.397-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:54.623-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T15:48:40.887-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=956524" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=956524</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-20.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-20.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1501">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1501</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.427-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:54.797-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T15:51:48.907-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=960135" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=960135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-21.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-21.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1502">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1502</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.443-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:54.983-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T15:55:27.927-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=972622" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=972622</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-22.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-22.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1504">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1504</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.473-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:55.157-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T15:58:53.653-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=911547" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=911547</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-23.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-23.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1505">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1505</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.490-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:55.343-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T16:03:47.800-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=941887" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=941887</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2151-1" xml:lang="en">USN-2151-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-28.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-28.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2881" xml:lang="en">DSA-2881</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0316.html" xml:lang="en">RHSA-2014:0316</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0310.html" xml:lang="en">RHSA-2014:0310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1506">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1506</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.520-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:55.530-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T16:19:35.213-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=944374" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=944374</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-24.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-24.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html" xml:lang="en">20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1507">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:mozilla:firefoxos:1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:mozilla:firefoxos:1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1507</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.553-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-19T16:55:28.143-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T16:55:28.097-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=940684" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=940684</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-25.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-25.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1508">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1508</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.567-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:55.860-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T16:58:52.930-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=963198" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=963198</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2151-1" xml:lang="en">USN-2151-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-26.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-26.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2881" xml:lang="en">DSA-2881</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0316.html" xml:lang="en">RHSA-2014:0316</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0310.html" xml:lang="en">RHSA-2014:0310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1509">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1509</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.600-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:56.030-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T17:02:08.260-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=966021" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=966021</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2151-1" xml:lang="en">USN-2151-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-27.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-27.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0316.html" xml:lang="en">RHSA-2014:0316</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0310.html" xml:lang="en">RHSA-2014:0310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1510">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1510</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.613-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:56.123-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T17:07:25.287-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=982906" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=982906</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2151-1" xml:lang="en">USN-2151-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-29.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-29.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2881" xml:lang="en">DSA-2881</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0316.html" xml:lang="en">RHSA-2014:0316</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0310.html" xml:lang="en">RHSA-2014:0310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1511">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1511</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.647-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:56.217-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T17:10:03.947-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=982909" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=982909</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2151-1" xml:lang="en">USN-2151-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-29.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-29.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2881" xml:lang="en">DSA-2881</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0316.html" xml:lang="en">RHSA-2014:0316</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0310.html" xml:lang="en">RHSA-2014:0310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1512">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1512</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.660-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:56.297-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T17:12:03.293-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=982957" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=982957</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2151-1" xml:lang="en">USN-2151-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-30.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-30.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2881" xml:lang="en">DSA-2881</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0316.html" xml:lang="en">RHSA-2014:0316</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0310.html" xml:lang="en">RHSA-2014:0310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0145.html" xml:lang="en">20140326 VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1513">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1513</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.693-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:56.390-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T17:13:28.280-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=982974" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=982974</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2151-1" xml:lang="en">USN-2151-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-31.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-31.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2881" xml:lang="en">DSA-2881</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0316.html" xml:lang="en">RHSA-2014:0316</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0310.html" xml:lang="en">RHSA-2014:0310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1514">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1514</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T06:55:06.723-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:56.500-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T17:14:56.937-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=983344" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=983344</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2151-1" xml:lang="en">USN-2151-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-32.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-32.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2881" xml:lang="en">DSA-2881</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0316.html" xml:lang="en">RHSA-2014:0316</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0310.html" xml:lang="en">RHSA-2014:0310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" xml:lang="en">openSUSE-SU-2014:0448</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" xml:lang="en">SUSE-SU-2014:0418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1515">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1515</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T09:25:38.507-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:28:56.640-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>1.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-25T11:27:23.113-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.mozilla.org/security/announce/2014/mfsa2014-33.html" xml:lang="en">https://www.mozilla.org/security/announce/2014/mfsa2014-33.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=945429" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=945429</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html" xml:lang="en">20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1516">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1516</vuln:cve-id>
+    <vuln:published-datetime>2014-03-29T16:55:04.123-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T13:33:14.993-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:33:14.947-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.slideshare.net/ibmsecurity/overtaking-firefox-profiles-vulnerabilities-in-firefox-for-android" xml:lang="en">http://www.slideshare.net/ibmsecurity/overtaking-firefox-profiles-vulnerabilities-in-firefox-for-android</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://securityintelligence.com/vulnerabilities-firefox-android-overtaking-firefox-profiles/" xml:lang="en">http://securityintelligence.com/vulnerabilities-firefox-android-overtaking-firefox-profiles/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html" xml:lang="en">20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1517">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.4:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:4.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.14.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.16.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.17.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.17.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.17.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.17.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.17.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.17.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18.6%2b"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.18.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.20:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.20:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.20.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.20.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.20.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.20.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.20.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.20.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.21.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.22:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.22.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.22.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.22.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.22.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.22.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.22.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.23.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.23.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.23.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.23.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:bugzilla:2.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.17.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.17.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.17.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.17.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.17.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.17.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.4:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.2:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.21.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.21.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.22:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.20.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.20.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.20.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.22.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.22.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.22.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.22.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.22.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.20:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.20:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18:rc3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.22.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.4.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.3.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.20.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.20.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.20.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.20.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.14.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.14.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.14.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.14.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.14.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.19.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.19.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.19.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.18.6%2b</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.21.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.23.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.23.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.23.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:2.23.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.4.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.4:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:4.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:bugzilla:3.6.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1517</vuln:cve-id>
+    <vuln:published-datetime>2014-04-19T21:55:06.723-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T16:12:41.563-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T16:12:40.657-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=713926" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=713926</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.mozilla.org/?p=bugzilla/bugzilla.git;a=commit;h=0e390970ba51b14a5dc780be7c6f0d6d7baa67e3" xml:lang="en">http://git.mozilla.org/?p=bugzilla/bugzilla.git;a=commit;h=0e390970ba51b14a5dc780be7c6f0d6d7baa67e3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.bugzilla.org/security/4.0.11/" xml:lang="en">http://www.bugzilla.org/security/4.0.11/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1518">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1518</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.677-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T11:29:46.733-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T11:29:44.043-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=993546" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=993546</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=992968" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=992968</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=991471" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=991471</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=986843" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=986843</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=986678" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=986678</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=980537" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=980537</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=966630" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=966630</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=952022" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=952022</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=944353" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=944353</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-34.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-34.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1519">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1519</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.707-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T11:51:53.667-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T11:51:51.027-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=996883" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=996883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=995607" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=995607</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=990794" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=990794</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=986864" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=986864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=977955" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=977955</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=953104" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=953104</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=946658" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=946658</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=919592" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=919592</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-34.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-34.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1520">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1520</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.753-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T12:02:09.143-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T12:02:07.173-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=961676" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=961676</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-35.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-35.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1522">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1522</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.787-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T12:11:38.583-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T12:11:36.177-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=995289" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=995289</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-36.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-36.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1523">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1523</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.800-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T12:24:23.030-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T12:24:19.860-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=969226" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=969226</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-37.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-37.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1524">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1524</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.833-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T12:33:27.033-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T12:33:24.253-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=989183" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=989183</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-38.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-38.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1525">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1525</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.863-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T12:39:27.297-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T12:39:22.030-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=989210" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=989210</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-39.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-39.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1526">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1526</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.880-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T12:56:20.300-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T12:56:17.970-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=988106" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=988106</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-47.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-47.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1527">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1527</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.910-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:01:15.387-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:01:13.310-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=960146" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=960146</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-40.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-40.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1528">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1528</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.943-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:07:51.433-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:07:51.277-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=963962" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=963962</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-41.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-41.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1529">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1529</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.973-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:12:49.910-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:12:46.863-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=987003" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=987003</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-42.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-42.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1530">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1530</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:05.003-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:19:08.407-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:19:05.297-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=895557" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=895557</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-43.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-43.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1531">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1531</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:05.037-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:44:36.193-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:44:32.600-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=987140" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=987140</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-44.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-44.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1532">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1532</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:05.067-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:51:29.847-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:51:26.927-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=966006" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=966006</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-46.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-46.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1597">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.1.1::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.1.2::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.2.1::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.2.2::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.2.3::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.2.4::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:-::~~open~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.0::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.0.2::~~pro~~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.1.2::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.1.1::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.0::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.0.2::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.2.4::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:-::~~open~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.2.1::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.2.2::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.2.3::~~pro~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1597</vuln:cve-id>
+    <vuln:published-datetime>2014-02-27T10:55:15.483-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-28T10:25:42.487-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T10:25:42.427-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91269" xml:lang="en">idoit-cve20141597-sql-injection(91269)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65557" xml:lang="en">65557</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=141" xml:lang="en">http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=141</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.csnc.ch/misc/files/advisories/CVE-2014-1597_i-doit_SQL_Injection.txt" xml:lang="en">http://www.csnc.ch/misc/files/advisories/CVE-2014-1597_i-doit_SQL_Injection.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56931" xml:lang="en">56931</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0154.html" xml:lang="en">20140217 SQL Injection i-doit Pro (CVE-2014-1597)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1599">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:sfr:sfr_box_router_firmware:nb6-main-r3.3.4"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:sfr:sfr_box_router:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:sfr:sfr_box_router_firmware:nb6-main-r3.3.4</vuln:product>
+      <vuln:product>cpe:/h:sfr:sfr_box_router:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1599</vuln:cve-id>
+    <vuln:published-datetime>2014-03-09T09:16:56.773-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T12:07:40.987-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-10T12:07:40.863-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531349/100/0/threaded" xml:lang="en">20140305 CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.3.4 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) dns, (2) dhcp, (3) nat, (4) route, or (5) lan in network/; or (6) wifi/config.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1604">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:python:rply:0.7.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:python:rply:0.7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1604</vuln:cve-id>
+    <vuln:published-datetime>2014-01-27T19:55:04.037-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-28T12:22:39.253-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-28T12:22:39.207-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7c" xml:lang="en">https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7c</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90593" xml:lang="en">rply-cve20141604-insecure-permissions(90593)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102202" xml:lang="en">102202</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/18/4" xml:lang="en">[oss-security] 20140117 Re: Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/17/8" xml:lang="en">[oss-security] 20140114 Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56429" xml:lang="en">56429</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735263" xml:lang="en">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735263</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1607">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.14"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:drupal:drupal:7.14</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1607</vuln:cve-id>
+    <vuln:published-datetime>2014-01-26T15:55:06.690-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:28.423-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T13:44:35.717-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://groups.drupal.org/node/402023" xml:lang="en">https://groups.drupal.org/node/402023</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/530876/100/0/threaded" xml:lang="en">20140123 [CVE-2014-1607.] Cross Site Scripting(XSS) in Drupal Event calendar module</vuln:reference>
+    </vuln:references>
+    <vuln:summary>** DISPUTED ** Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific.  If so, then this CVE will be REJECTed in the future.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1608">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.0:a1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.0:a2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.0:a3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.0:a1</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.0:a2</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.0:a3</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.6</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.7</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.8</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.15</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.14</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.13</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.10</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.11</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.9</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1608</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T13:03:00.467-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-19T10:16:16.537-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T10:16:16.443-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.ocert.org/advisories/ocert-2014-001.html" xml:lang="en">http://www.ocert.org/advisories/ocert-2014-001.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102" xml:lang="en">https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1063111" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1063111</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65445" xml:lang="en">65445</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mantisbt.org/bugs/view.php?id=16879" xml:lang="en">http://www.mantisbt.org/bugs/view.php?id=16879</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1609">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.0:a1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.0:a2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.0:a3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.0:a1</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.0:a2</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.0:a3</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.6</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.7</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.8</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.15</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.14</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.13</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.10</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.11</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.9</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1609</vuln:cve-id>
+    <vuln:published-datetime>2014-03-20T12:55:12.323-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-20T14:51:46.340-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-20T14:50:02.900-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.ocert.org/advisories/ocert-2014-001.html" xml:lang="en">http://www.ocert.org/advisories/ocert-2014-001.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f" xml:lang="en">https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1063111" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1063111</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65461" xml:lang="en">65461</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mantisbt.org/bugs/view.php?id=16880" xml:lang="en">http://www.mantisbt.org/bugs/view.php?id=16880</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1610">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1610</vuln:cve-id>
+    <vuln:published-datetime>2014-01-30T18:55:02.413-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:47:46.783-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-31T13:46:03.910-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gerrit.wikimedia.org/r/#/c/110215/" xml:lang="en">https://gerrit.wikimedia.org/r/#/c/110215/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php" xml:lang="en">https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gerrit.wikimedia.org/r/#/c/110069/" xml:lang="en">https://gerrit.wikimedia.org/r/#/c/110069/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.wikimedia.org/show_bug.cgi?id=60339" xml:lang="en">https://bugzilla.wikimedia.org/show_bug.cgi?id=60339</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugzilla.wikimedia.org/attachment.cgi?id=14384&amp;action=diff" xml:lang="en">https://bugzilla.wikimedia.org/attachment.cgi?id=14384&amp;action=diff</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugzilla.wikimedia.org/attachment.cgi?id=14361&amp;action=diff" xml:lang="en">https://bugzilla.wikimedia.org/attachment.cgi?id=14361&amp;action=diff</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029707" xml:lang="en">1029707</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65223" xml:lang="en">65223</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102631" xml:lang="en">102631</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31329/" xml:lang="en">31329</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2891" xml:lang="en">DSA-2891</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html" xml:lang="en">http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html" xml:lang="en">http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57472" xml:lang="en">57472</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56695" xml:lang="en">56695</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102630" xml:lang="en">102630</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html" xml:lang="en">[MediaWiki-announce] 20140128 MediaWiki Security Releases: 1.22.2, 1.21.5 and 1.19.11</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html" xml:lang="en">FEDORA-2014-1745</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html" xml:lang="en">FEDORA-2014-1802</vuln:reference>
+    </vuln:references>
+    <vuln:summary>MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1611">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:anonymous_posting_project:anonymous_posting:7.x-1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:anonymous_posting_project:anonymous_posting:7.x-1.3"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:anonymous_posting_project:anonymous_posting:7.x-1.3</vuln:product>
+      <vuln:product>cpe:/a:anonymous_posting_project:anonymous_posting:7.x-1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1611</vuln:cve-id>
+    <vuln:published-datetime>2014-01-30T13:55:03.580-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T13:37:16.577-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-30T20:57:36.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2173437" xml:lang="en">https://drupal.org/node/2173437</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2173321" xml:lang="en">https://drupal.org/node/2173321</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90526" xml:lang="en">anonymousposting-contactname-xss(90526)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56476" xml:lang="en">56476</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Jan/77" xml:lang="en">20140115 [Security-news] SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124803/Drupal-Anonymous-Posting-7.x-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/124803/Drupal-Anonymous-Posting-7.x-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102126" xml:lang="en">102126</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1612">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:media5:mediatrix_voip_gateway_4402_firmware:dgw_1.1.13.186"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:media5:mediatrix_voip_gateway:4402"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:media5:mediatrix_voip_gateway:4402</vuln:product>
+      <vuln:product>cpe:/a:media5:mediatrix_voip_gateway_4402_firmware:dgw_1.1.13.186</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1612</vuln:cve-id>
+    <vuln:published-datetime>2014-01-30T13:55:03.627-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:42.127-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-31T12:15:06.950-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/252294" xml:lang="en">VU#252294</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90656" xml:lang="en">mediatrixwebmanagement-cve20141612-xss(90656)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/530871/100/0/threaded" xml:lang="en">20140123 Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56638" xml:lang="en">56638</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102415" xml:lang="en">102415</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1615">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:carbonblack:carbon_black:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:carbonblack:carbon_black:4.1.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:carbonblack:carbon_black:4.1.0:beta2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:carbonblack:carbon_black:4.1.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:carbonblack:carbon_black:4.1.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:carbonblack:carbon_black:4.0.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1615</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T10:23:35.283-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T08:36:53.820-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T08:36:53.743-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.secureworks.com/advisories/SWRX-2014-007/SWRX-2014-007.pdf" xml:lang="en">http://www.secureworks.com/advisories/SWRX-2014-007/SWRX-2014-007.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57645" xml:lang="en">57645</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1618">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:uaepd:shopping_cart_script:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:uaepd:shopping_cart_script:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1618</vuln:cve-id>
+    <vuln:published-datetime>2014-01-21T10:17:12.477-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-22T13:51:52.447-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-22T13:51:52.400-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90214" xml:lang="en">uaepd-multiple-sql-injection(90214)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64734" xml:lang="en">64734</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabilty" xml:lang="en">http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabilty</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56351" xml:lang="en">56351</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txt" xml:lang="en">http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101900" xml:lang="en">101900</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101899" xml:lang="en">101899</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101859" xml:lang="en">101859</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1619">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cubicfactory:cubic_cms:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cubicfactory:cubic_cms:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cubicfactory:cubic_cms:5.1.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cubicfactory:cubic_cms:5.2</vuln:product>
+      <vuln:product>cpe:/a:cubicfactory:cubic_cms:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cubicfactory:cubic_cms:5.1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1619</vuln:cve-id>
+    <vuln:published-datetime>2014-01-21T10:17:12.727-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-22T14:01:14.883-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-22T14:01:14.853-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90153" xml:lang="en">cubiccms-agent-login-sql-injection(90153)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.cubicfactory.com/es/cubic-cms/changelog/id/260" xml:lang="en">http://www.cubicfactory.com/es/cubic-cms/changelog/id/260</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124652" xml:lang="en">http://packetstormsecurity.com/files/124652</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101721" xml:lang="en">101721</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101719" xml:lang="en">101719</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1620">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:hiox:hiox_guest_book:5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:hiox:hiox_guest_book:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1620</vuln:cve-id>
+    <vuln:published-datetime>2014-01-21T10:17:12.760-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-22T14:07:44.190-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-22T14:07:42.907-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90156" xml:lang="en">hiox-guestbook-add-xss(90156)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124681/Hiox-Guest-Book-5.0-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/124681/Hiox-Guest-Book-5.0-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101844" xml:lang="en">101844</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX Guest Book (HGB) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name1, (2) email, or (3) cmt parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1624">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:python:pyxdg:0.25"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:python:pyxdg:0.25</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1624</vuln:cve-id>
+    <vuln:published-datetime>2014-01-27T19:55:04.083-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T21:12:02.490-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.3</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-28T07:43:37.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-59"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90618" xml:lang="en">pythonxdg-cve20141624-symlink(90618)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65042" xml:lang="en">65042</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/21/4" xml:lang="en">[oss-security] 20140121 Re: Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/21/3" xml:lang="en">[oss-security] 20140121 Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247" xml:lang="en">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1626">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:galen_charlton:marc-xml:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:galen_charlton:marc-xml:1.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:galen_charlton:marc-xml:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:galen_charlton:marc-xml:1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1626</vuln:cve-id>
+    <vuln:published-datetime>2014-01-25T20:55:20.563-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-27T11:56:12.227-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T11:56:12.163-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes" xml:lang="en">https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90620" xml:lang="en">marcfile-xml-info-disc(90620)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65057" xml:lang="en">65057</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html" xml:lang="en">http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/55404" xml:lang="en">55404</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102367" xml:lang="en">102367</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://lists.katipo.co.nz/pipermail/koha/2014-January/038430.html" xml:lang="en">[Koha] 20140122 SECURITY release: MARC::File::XML 1.0.2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://libmail.georgialibraries.org/pipermail/open-ils-general/2014-January/009442.html" xml:lang="en">[OPEN-ILS-GENERAL] 20140121 SECURITY release: MARC::File::XML 1.0.2</vuln:reference>
+    </vuln:references>
+    <vuln:summary>XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1636">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:doug_poulin:ommand_school_student_management_system:1.06.01"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:doug_poulin:ommand_school_student_management_system:1.06.01</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1636</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T14:55:06.677-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:43.500-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T12:06:37.350-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90175" xml:lang="en">commandschool-id-sql-injection(90175)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64707" xml:lang="en">64707</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html" xml:lang="en">http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101885" xml:lang="en">101885</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101884" xml:lang="en">101884</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101883" xml:lang="en">101883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101882" xml:lang="en">101882</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101881" xml:lang="en">101881</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101880" xml:lang="en">101880</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101879" xml:lang="en">101879</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101878" xml:lang="en">101878</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101877" xml:lang="en">101877</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101876" xml:lang="en">101876</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101875" xml:lang="en">101875</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101874" xml:lang="en">101874</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1637">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:doug_poulin:ommand_school_student_management_system:1.06.01"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:doug_poulin:ommand_school_student_management_system:1.06.01</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1637</vuln:cve-id>
+    <vuln:published-datetime>2014-01-22T14:55:06.787-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:43.593-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-23T12:07:02.960-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64707" xml:lang="en">64707</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html" xml:lang="en">http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101888" xml:lang="en">101888</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1638">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:debian:localepurge:0.7.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:debian:localepurge:0.7.3.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1638</vuln:cve-id>
+    <vuln:published-datetime>2014-01-27T19:55:04.130-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-28T13:09:07.850-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.3</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-28T13:09:07.803-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-59"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90669" xml:lang="en">localepurge-cve20141638-symlink(90669)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65098" xml:lang="en">65098</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102381" xml:lang="en">102381</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102379" xml:lang="en">102379</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/22/4" xml:lang="en">[oss-security] 20140122 Re: Getting tempfile/mktemp wrong</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/22/3" xml:lang="en">[oss-security] 20140122 Getting tempfile/mktemp wrong</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736359" xml:lang="en">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736359</vuln:reference>
+    </vuln:references>
+    <vuln:summary>(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1639">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:debian:syncevolution:1.3.99.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:debian:syncevolution:1.3.99.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1639</vuln:cve-id>
+    <vuln:published-datetime>2014-01-27T19:55:04.177-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T17:02:44.467-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.3</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-28T13:31:12.343-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-59"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90662" xml:lang="en">syncevolution-cve20141639-symlink(90662)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65098" xml:lang="en">65098</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102380" xml:lang="en">102380</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/22/4" xml:lang="en">[oss-security] 20140122 Re: Getting tempfile/mktemp wrong</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/22/3" xml:lang="en">[oss-security] 20140122 Getting tempfile/mktemp wrong</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736357" xml:lang="en">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736357</vuln:reference>
+    </vuln:references>
+    <vuln:summary>syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1640">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:debian:axiom:20100701-1.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:debian:axiom:20100701-1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1640</vuln:cve-id>
+    <vuln:published-datetime>2014-01-27T19:55:04.223-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T16:44:47.303-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.3</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-28T13:39:28.310-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-59"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90663" xml:lang="en">axiom-cve20141640-symlink(90663)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102383" xml:lang="en">102383</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/22/4" xml:lang="en">[oss-security] 20140122 Re: Getting tempfile/mktemp wrong</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/22/3" xml:lang="en">[oss-security] 20140122 Getting tempfile/mktemp wrong</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736358" xml:lang="en">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736358</vuln:reference>
+    </vuln:references>
+    <vuln:summary>axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1642">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:4.3.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.3.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1642</vuln:cve-id>
+    <vuln:published-datetime>2014-01-26T11:58:11.620-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:47:49.143-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T12:45:10.837-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90649" xml:lang="en">xen-irq-cve20141642-code-exec(90649)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-83.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-83.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029679" xml:lang="en">1029679</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65097" xml:lang="en">65097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/23/4" xml:lang="en">[oss-security] 20140123 Xen Security Advisory 83 (CVE-2014-1642) - Out-of-memory  condition yielding memory corruption during IRQ setup</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56557" xml:lang="en">56557</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102406" xml:lang="en">102406</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" xml:lang="en">SUSE-SU-2014:0373</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html" xml:lang="en">FEDORA-2014-1552</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1643">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:symantec:encryption_management_server:3.3.0:mp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:encryption_management_server:3.3.0:mp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:encryption_management_server:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:encryption_management_server:3.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:symantec:encryption_management_server:3.3.0:mp2</vuln:product>
+      <vuln:product>cpe:/a:symantec:encryption_management_server:3.3.0:mp1</vuln:product>
+      <vuln:product>cpe:/a:symantec:encryption_management_server:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:symantec:encryption_management_server:3.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1643</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T23:52:04.347-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-07T13:52:13.613-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T13:52:10.800-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140205_00" xml:lang="en">http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140205_00</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65300" xml:lang="en">65300</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1644">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.2.2.9</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1644</vuln:cve-id>
+    <vuln:published-datetime>2014-03-28T21:55:07.093-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T12:40:14.277-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T12:40:08.403-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140327_00" xml:lang="en">http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140327_00</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt" xml:lang="en">https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66399" xml:lang="en">66399</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html" xml:lang="en">20140328 SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1645">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:liveupdate_administrator:2.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.2.2.9</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:symantec:liveupdate_administrator:2.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1645</vuln:cve-id>
+    <vuln:published-datetime>2014-03-28T21:55:07.123-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T12:27:39.907-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T12:27:28.500-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140327_00" xml:lang="en">http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140327_00</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt" xml:lang="en">https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66400" xml:lang="en">66400</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html" xml:lang="en">20140328 SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1646">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:symantec:encryption_desktop:10.3.0::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:encryption_desktop:10.3.1::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:encryption_desktop:10.3.2:-:~~professional~~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.2.2</vuln:product>
+      <vuln:product>cpe:/a:symantec:encryption_desktop:10.3.1::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.2.0</vuln:product>
+      <vuln:product>cpe:/a:symantec:encryption_desktop:10.3.0::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.2.1</vuln:product>
+      <vuln:product>cpe:/a:symantec:encryption_desktop:10.3.2:-:~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.0.0</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.1.0</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.1.2</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1646</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T15:55:05.237-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T14:00:48.890-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T14:00:48.657-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140423_00" xml:lang="en">http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140423_00</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67016" xml:lang="en">67016</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1647">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:pgp_desktop:10.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:symantec:encryption_desktop:10.3.0::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:encryption_desktop:10.3.1::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:encryption_desktop:10.3.2:-:~~professional~~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.2.2</vuln:product>
+      <vuln:product>cpe:/a:symantec:encryption_desktop:10.3.1::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:symantec:encryption_desktop:10.3.0::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.2.0</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.2.1</vuln:product>
+      <vuln:product>cpe:/a:symantec:encryption_desktop:10.3.2:-:~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.0.0</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.1.0</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.1.2</vuln:product>
+      <vuln:product>cpe:/a:symantec:pgp_desktop:10.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1647</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T15:55:05.267-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T14:06:44.087-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T14:06:42.227-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140423_00" xml:lang="en">http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140423_00</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67020" xml:lang="en">67020</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1648">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:symantec:messaging_gateway:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:messaging_gateway:10.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:messaging_gateway:10.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:messaging_gateway:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:messaging_gateway:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:symantec:messaging_gateway:10.0.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:symantec:messaging_gateway:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:symantec:messaging_gateway:10.0</vuln:product>
+      <vuln:product>cpe:/a:symantec:messaging_gateway:10.5.0</vuln:product>
+      <vuln:product>cpe:/a:symantec:messaging_gateway:10.5.1</vuln:product>
+      <vuln:product>cpe:/a:symantec:messaging_gateway:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:symantec:messaging_gateway:10.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1648</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T07:52:59.587-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T10:07:09.613-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T10:07:04.537-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140422_00" xml:lang="en">http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140422_00</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66966" xml:lang="en">66966</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/256" xml:lang="en">20140422 (CVE-2014-1648) Symantec Messaging Gateway Management Console Cross Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1663">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:citrix:xenmobile_device_manager:8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:citrix:xenmobile_device_manager:8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:citrix:xenmobile_device_manager_mdm:8.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:citrix:xenmobile_device_manager:8.6</vuln:product>
+      <vuln:product>cpe:/a:citrix:xenmobile_device_manager:8.5</vuln:product>
+      <vuln:product>cpe:/a:citrix:xenmobile_device_manager_mdm:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1663</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T12:00:07.307-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-07T12:11:40.450-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T12:11:36.010-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65348" xml:lang="en">65348</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.citrix.com/article/CTX140044" xml:lang="en">http://support.citrix.com/article/CTX140044</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56438" xml:lang="en">56438</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1664">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:citrix:gotomeeting:5.0.799.1238:-:~-~-~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:citrix:gotomeeting:5.0.799.1238:-:~-~-~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1664</vuln:cve-id>
+    <vuln:published-datetime>2014-01-26T15:55:06.720-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:29.860-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T13:58:10.220-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90695" xml:lang="en">gotomeeting-cve20141664-info-disc(90695)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65123" xml:lang="en">65123</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/530879/100/0/threaded" xml:lang="en">20140124 [CVE-2014-1664] GoToMeeting Information Disclosure via Logging Output (Android)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102559" xml:lang="en">102559</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1666">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:4.1.5</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.3.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.3.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.6.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1666</vuln:cve-id>
+    <vuln:published-datetime>2014-01-26T11:58:11.650-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:47:49.770-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>8.3</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T12:53:38.880-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch" xml:lang="en">http://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90675" xml:lang="en">xen-cve20141666-priv-esc(90675)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-87.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-87.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029684" xml:lang="en">1029684</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65125" xml:lang="en">65125</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/24/6" xml:lang="en">[oss-security] 20140123 Xen Security Advisory 87 (CVE-2014-1666) - PHYSDEVOP_{prepare,release}_msix  exposed to unprivileged guests</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56650" xml:lang="en">56650</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102536" xml:lang="en">102536</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" xml:lang="en">SUSE-SU-2014:0373</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" xml:lang="en">SUSE-SU-2014:0372</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html" xml:lang="en">FEDORA-2014-1552</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1670">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:bing:4.2.0:-:~-~-~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:bing:4.2.0:-:~-~-~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1670</vuln:cve-id>
+    <vuln:published-datetime>2014-01-25T11:55:03.237-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:30.110-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T10:12:54.883-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=com.microsoft.bing" xml:lang="en">https://play.google.com/store/apps/details?id=com.microsoft.bing</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.youtube.com/watch?v=_j1RKtTxZ3k" xml:lang="en">http://www.youtube.com/watch?v=_j1RKtTxZ3k</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65128" xml:lang="en">65128</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102575" xml:lang="en">102575</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/" xml:lang="en">http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1671">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:dell:kace_k1000_systems_management_appliance:-"/>
+        <cpe-lang:fact-ref name="cpe:/h:dell:kace_k1100s_systems_management_appliance:-"/>
+        <cpe-lang:fact-ref name="cpe:/h:dell:kace_k1200s_systems_management_appliance:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:dell:kace_k1000_systems_management_virtual_appliance:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:dell:kace_k1000_systems_management_appliance_software:5.4.76847"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:dell:kace_k1000_systems_management_appliance_software:5.4.76847</vuln:product>
+      <vuln:product>cpe:/h:dell:kace_k1200s_systems_management_appliance:-</vuln:product>
+      <vuln:product>cpe:/a:dell:kace_k1000_systems_management_virtual_appliance:-</vuln:product>
+      <vuln:product>cpe:/h:dell:kace_k1100s_systems_management_appliance:-</vuln:product>
+      <vuln:product>cpe:/h:dell:kace_k1000_systems_management_appliance:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1671</vuln:cve-id>
+    <vuln:published-datetime>2014-01-25T20:55:20.657-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:30.187-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T11:44:36.630-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90592" xml:lang="en">kace-multiple-sql-injection(90592)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65029" xml:lang="en">65029</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.baesystemsdetica.com.au/Research/Advisories/Dell-KACE-K1000-SQL-Injection-%28DS-2014-001%29" xml:lang="en">http://www.baesystemsdetica.com.au/Research/Advisories/Dell-KACE-K1000-SQL-Injection-(DS-2014-001)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56396" xml:lang="en">56396</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1672">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:checkpoint:security_gateway:r75.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:checkpoint:management_server:r75.47"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:checkpoint:security_gateway:r75.47</vuln:product>
+      <vuln:product>cpe:/a:checkpoint:management_server:r75.47</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1672</vuln:cve-id>
+    <vuln:published-datetime>2014-01-25T20:55:26.780-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-27T12:00:11.450-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T12:00:11.357-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98087" xml:lang="en">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98087</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, which allows attackers to bypass intended access restrictions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1673">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:checkpoint:session_authentication_agent:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:checkpoint:session_authentication_agent:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1673</vuln:cve-id>
+    <vuln:published-datetime>2014-01-25T20:55:26.797-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-01-31T01:08:30.347-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-27T12:09:55.930-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98263" xml:lang="en">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98263</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90746" xml:lang="en">check-point-cve20141673-unauth-access(90746)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Jan/185" xml:lang="en">20140127 [CVE-2014-1673] Check Point Session Authentication Agent vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124967" xml:lang="en">http://packetstormsecurity.com/files/124967</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102418" xml:lang="en">102418</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1680">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:bandisoft:bandizip:3.09"/>
+        <cpe-lang:fact-ref name="cpe:/a:bandisoft:bandizip:3.08"/>
+        <cpe-lang:fact-ref name="cpe:/a:bandisoft:bandizip:3.07"/>
+        <cpe-lang:fact-ref name="cpe:/a:bandisoft:bandizip:3.06"/>
+        <cpe-lang:fact-ref name="cpe:/a:bandisoft:bandizip:3.05"/>
+        <cpe-lang:fact-ref name="cpe:/a:bandisoft:bandizip:3.04"/>
+        <cpe-lang:fact-ref name="cpe:/a:bandisoft:bandizip:3.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:bandisoft:bandizip:3.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:bandisoft:bandizip:3.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:bandisoft:bandizip:3.00"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:bandisoft:bandizip:3.00</vuln:product>
+      <vuln:product>cpe:/a:bandisoft:bandizip:3.01</vuln:product>
+      <vuln:product>cpe:/a:bandisoft:bandizip:3.06</vuln:product>
+      <vuln:product>cpe:/a:bandisoft:bandizip:3.02</vuln:product>
+      <vuln:product>cpe:/a:bandisoft:bandizip:3.05</vuln:product>
+      <vuln:product>cpe:/a:bandisoft:bandizip:3.03</vuln:product>
+      <vuln:product>cpe:/a:bandisoft:bandizip:3.04</vuln:product>
+      <vuln:product>cpe:/a:bandisoft:bandizip:3.08</vuln:product>
+      <vuln:product>cpe:/a:bandisoft:bandizip:3.07</vuln:product>
+      <vuln:product>cpe:/a:bandisoft:bandizip:3.09</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1680</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T08:10:30.950-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:45.280-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-14T12:06:22.087-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90966" xml:lang="en">bandzip-dll-cve20141680-code-exec(90966)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.bandisoft.com/bandizip/history" xml:lang="en">http://www.bandisoft.com/bandizip/history</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125059" xml:lang="en">http://packetstormsecurity.com/files/125059</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102979" xml:lang="en">102979</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1681">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.65"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.66"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.67"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.68"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.69"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.72"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.74"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.75"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.76"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.77"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.101"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.100"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.99"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.98"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.97"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.96"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.95"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:32.0.1700.94"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.41</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.95</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.58</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.94</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.59</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.38</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.56</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.39</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.57</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.54</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.55</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.52</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.53</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.50</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.51</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.99</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.98</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.97</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.96</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.0</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.2</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.4</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.3</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.11</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.6</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.10</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.5</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.8</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.13</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.7</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.12</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.15</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.9</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.14</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.62</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.26</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.23</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.24</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.21</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.22</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.69</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.68</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.67</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.101</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.66</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.100</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.65</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.64</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.63</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.76</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.77</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.74</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.75</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.72</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.19</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.18</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.70</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.17</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.71</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.16</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.35</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.34</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.31</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.30</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.33</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.32</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.27</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.28</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:32.0.1700.29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1681</vuln:cve-id>
+    <vuln:published-datetime>2014-01-28T09:30:39.527-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:52:00.677-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-28T14:19:50.677-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102633" xml:lang="en">102633</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1683">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:skybluecanvas:skybluecanvas:1.1_r248-03"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:skybluecanvas:skybluecanvas:1.1_r248-03</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1683</vuln:cve-id>
+    <vuln:published-datetime>2014-01-29T13:55:27.027-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:45.437-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-30T18:00:07.070-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-134"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90670" xml:lang="en">skybluecanvas-index-command-exec(90670)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65129" xml:lang="en">65129</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31432" xml:lang="en">31432</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31183" xml:lang="en">31183</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56646" xml:lang="en">56646</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Jan/159" xml:lang="en">20140123 Remote Command Injection Vulnerability in SkyBlueCanvas CMS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html" xml:lang="en">http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php, when the pid parameter is 4.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1684">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:1.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:videolan:vlc_media_player:2.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.4.1</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.6.1</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.12</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.13</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.11</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.10</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.9</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.8</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.7</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:1.1.10.1</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:videolan:vlc_media_player:2.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1684</vuln:cve-id>
+    <vuln:published-datetime>2014-03-03T11:55:04.287-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T15:35:15.370-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-04T08:20:23.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404" xml:lang="en">http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://trac.videolan.org/vlc/ticket/10482" xml:lang="en">https://trac.videolan.org/vlc/ticket/10482</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.elsherei.com/?p=269" xml:lang="en">http://www.elsherei.com/?p=269</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1690">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1690</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T01:18:54.557-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:47:51.410-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T13:17:54.650-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94b90d265659886" xml:lang="en">https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94b90d265659886</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2690d97ade05c5325cbf7c72b94b90d265659886" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2690d97ade05c5325cbf7c72b94b90d265659886</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1058748" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1058748</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2158-1" xml:lang="en">USN-2158-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2140-1" xml:lang="en">USN-2140-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2137-1" xml:lang="en">USN-2137-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/28/3" xml:lang="en">[oss-security] 20140128 Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1691">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:horde:horde_application_framework:5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:horde:horde_application_framework:5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:horde:horde_application_framework:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:horde:horde_application_framework:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:horde:horde_application_framework:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:horde:horde_application_framework:5.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:horde:horde_application_framework:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:horde:horde_application_framework:5.0.4</vuln:product>
+      <vuln:product>cpe:/a:horde:horde_application_framework:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:horde:horde_application_framework:5.0.3</vuln:product>
+      <vuln:product>cpe:/a:horde:horde_application_framework:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:horde:horde_application_framework:5.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1691</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T11:55:06.363-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-02T10:50:49.507-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T10:50:44.990-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3" xml:lang="en">https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/156" xml:lang="en">[oss-security] 20140128  Re: Remote code execution in horde &lt; 5.1.1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/153" xml:lang="en">[oss-security] 20140128  Remote code execution in horde &lt; 5.1.1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215" xml:lang="en">https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2853" xml:lang="en">DSA-2853</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/169" xml:lang="en">[oss-security] 20140129  Re: Remote code execution in horde &lt; 5.1.1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1692">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:5.8p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.4p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.3p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.3p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.2p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.1p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.0p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.9.1p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.8.1p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.7.1p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.7.1p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.6.1p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.6.1p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.5p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.4p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.3p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.2.3p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.2.2p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.1p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.0p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.0.2p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.0.1p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.9p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.9p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.9.9p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:1.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openbsd:openssh:3.0.2p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:1.5</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.5</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.4</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.4p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.3</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.9</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.8</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.7</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.6</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.0</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:1.2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.1p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:1.3</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.0.1p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.9</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.0</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.3p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.5</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:5.0</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.4</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.9.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.9.9</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.3</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.6</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.2p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.5p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.5</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:5.7</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.6.1p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:5.8</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:5.5</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:5.6</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:5.3</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:5.4</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:5.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.3</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:5.2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.8</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.7</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.9</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.7.1p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.7.1p2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.3p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.3p2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.9.1p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.2.3p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.0p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:5.8p2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.4</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.0</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:1.2.27</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.3</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.1p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.8.1p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:4.4p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.0p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:5.9</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.9.9p2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.2.2p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.8.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.6.1p2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.9p1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2.9p2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1692</vuln:cve-id>
+    <vuln:published-datetime>2014-01-29T11:02:05.443-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-06T23:52:00.847-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-29T14:17:33.193-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90819" xml:lang="en">openssh-cve20141692-code-exec(90819)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65230" xml:lang="en">65230</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10" xml:lang="en">http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9;r2=1.10;f=h" xml:lang="en">http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9;r2=1.10;f=h</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102611" xml:lang="en">102611</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/01/29/2" xml:lang="en">[oss-security] 20140128 OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/01/29/10" xml:lang="en">[oss-security] 20140129 Re: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1694">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.13"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.7</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.9</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.18</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1694</vuln:cve-id>
+    <vuln:published-datetime>2014-02-04T16:55:05.640-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:50:55.003-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-05T10:47:28.587-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface" xml:lang="en">https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77" xml:lang="en">https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312" xml:lang="en">https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7" xml:lang="en">https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.otrs.com/release-notes-otrs-help-desk-3-3-4" xml:lang="en">https://www.otrs.com/release-notes-otrs-help-desk-3-3-4</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/29/7" xml:lang="en">[oss-security] 20140129 CVE Request: otrs: CSRF issue in customer web interface</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/29/15" xml:lang="en">[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2867" xml:lang="en">DSA-2867</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56655" xml:lang="en">56655</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56644" xml:lang="en">56644</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102632" xml:lang="en">102632</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://bugs.otrs.org/show_bug.cgi?id=10099" xml:lang="en">http://bugs.otrs.org/show_bug.cgi?id=10099</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1695">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.7</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.19</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.9</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.18</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.14</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.16</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1695</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T19:01:08.200-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-28T14:00:01.033-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-28T13:59:57.953-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.otrs.com/security-advisory-2014-03-xss-issue" xml:lang="en">https://www.otrs.com/security-advisory-2014-03-xss-issue</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65844" xml:lang="en">65844</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57018" xml:lang="en">57018</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00030.html" xml:lang="en">openSUSE-SU-2014:0360</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1696">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:siemens:simatic_wincc_open_architecture:3.12"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:siemens:simatic_wincc_open_architecture:3.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1696</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T23:52:04.380-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:45.767-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T16:06:39.200-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90934" xml:lang="en">simatic-wincc-cve20141696-priv-esc(90934)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102809" xml:lang="en">102809</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1697">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:siemens:simatic_wincc_open_architecture:3.12"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:siemens:simatic_wincc_open_architecture:3.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1697</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T23:52:04.410-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:45.843-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T16:07:52.500-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90933" xml:lang="en">simatic-wincc-cve20141697-code-exec(90933)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65351" xml:lang="en">65351</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56651" xml:lang="en">56651</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102810" xml:lang="en">102810</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1698">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:siemens:simatic_wincc_open_architecture:3.12"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:siemens:simatic_wincc_open_architecture:3.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1698</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T23:52:04.443-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:45.920-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T16:08:38.643-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90935" xml:lang="en">simatic-wincc-cve20141698-dir-trav(90935)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65349" xml:lang="en">65349</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56651" xml:lang="en">56651</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102811" xml:lang="en">102811</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1699">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:siemens:simatic_wincc_open_architecture:3.12"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:siemens:simatic_wincc_open_architecture:3.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1699</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T23:52:04.457-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:46.017-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T16:09:44.067-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90936" xml:lang="en">simatic-wincc-cve20141699-dos(90936)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65347" xml:lang="en">65347</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56651" xml:lang="en">56651</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102812" xml:lang="en">102812</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1700">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.53</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.116</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.35</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.52</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.115</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.34</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.50</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.117</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.39</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.38</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.111</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.37</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.36</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.113</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.92</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.90</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.91</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.89</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.88</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.49</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.47</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.124</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.48</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.125</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.110</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.45</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.41</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.126</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.46</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.42</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.43</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.44</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.40</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.83</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.85</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.80</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.9</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.82</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.81</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.6</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.8</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.7</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.1</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.4</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.3</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.0</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.76</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.77</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.79</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.133</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.136</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.15</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.135</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.14</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.13</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.31</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.12</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.30</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.11</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.10</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.71</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.74</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.75</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.19</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.73</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.18</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.68</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.67</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.66</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.65</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.69</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.23</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.20</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.24</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.21</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.22</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.144</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.27</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.28</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.146</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.25</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.132</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.26</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.60</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.62</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.107</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.61</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.106</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.64</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.63</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.104</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.109</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.108</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.54</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.55</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.56</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.57</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.59</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1700</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.333-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:03.407-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T14:27:29.083-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=168171&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=168171&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=344881" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=344881</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2883" xml:lang="en">DSA-2883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1701">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.53</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.116</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.35</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.52</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.115</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.34</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.50</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.117</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.39</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.38</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.111</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.37</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.36</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.113</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.92</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.90</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.91</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.89</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.88</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.49</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.47</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.124</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.48</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.125</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.110</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.45</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.41</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.126</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.46</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.42</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.43</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.44</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.40</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.83</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.85</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.80</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.9</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.82</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.81</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.6</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.8</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.7</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.1</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.4</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.3</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.0</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.76</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.77</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.79</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.133</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.136</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.15</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.135</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.14</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.13</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.31</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.12</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.30</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.11</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.10</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.71</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.74</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.75</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.19</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.73</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.18</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.68</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.67</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.66</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.65</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.69</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.23</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.20</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.24</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.21</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.22</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.144</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.27</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.28</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.146</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.25</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.132</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.26</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.60</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.62</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.107</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.61</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.106</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.64</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.63</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.104</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.109</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.108</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.54</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.55</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.56</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.57</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.59</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1701</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.350-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:03.577-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T14:28:42.647-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=166999&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=166999&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=342618" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=342618</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2883" xml:lang="en">DSA-2883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1702">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.53</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.116</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.35</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.52</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.115</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.34</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.50</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.117</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.39</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.38</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.111</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.37</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.36</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.113</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.92</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.90</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.91</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.89</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.88</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.49</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.47</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.124</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.48</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.125</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.110</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.45</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.41</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.126</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.46</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.42</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.43</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.44</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.40</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.83</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.85</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.80</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.9</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.82</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.81</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.6</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.8</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.7</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.1</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.4</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.3</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.0</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.76</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.77</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.79</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.133</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.136</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.15</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.135</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.14</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.13</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.31</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.12</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.30</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.11</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.10</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.71</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.74</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.75</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.19</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.73</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.18</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.68</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.67</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.66</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.65</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.69</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.23</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.20</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.24</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.21</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.22</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.144</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.27</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.28</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.146</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.25</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.132</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.26</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.60</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.62</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.107</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.61</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.106</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.64</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.63</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.104</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.109</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.108</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.54</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.55</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.56</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.57</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.59</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1702</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.380-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:03.670-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T14:40:43.883-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=168059&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=168059&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=333058" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=333058</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2883" xml:lang="en">DSA-2883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of scheduled tasks during shutdown of a thread.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1703">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.53</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.116</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.35</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.52</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.115</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.34</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.50</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.117</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.39</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.38</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.111</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.37</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.36</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.113</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.92</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.90</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.91</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.89</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.88</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.49</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.47</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.124</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.48</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.125</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.110</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.45</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.41</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.126</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.46</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.42</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.43</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.44</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.40</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.83</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.85</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.80</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.9</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.82</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.81</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.6</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.8</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.7</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.1</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.4</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.3</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.0</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.76</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.77</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.79</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.133</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.136</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.15</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.135</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.14</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.13</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.31</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.12</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.30</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.11</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.10</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.71</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.74</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.75</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.19</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.73</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.18</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.68</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.67</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.66</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.65</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.69</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.23</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.20</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.24</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.21</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.22</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.144</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.27</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.28</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.146</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.25</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.132</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.26</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.60</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.62</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.107</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.61</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.106</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.64</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.63</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.104</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.109</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.108</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.54</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.55</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.56</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.57</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.59</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1703</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.413-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:03.767-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T14:42:34.760-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=247627&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=247627&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=338354" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=338354</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2883" xml:lang="en">DSA-2883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1704">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:v8:3.23.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.116</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.35</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.115</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.34</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.117</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.39</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.111</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.38</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.37</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.113</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.36</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.92</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.90</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.91</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.89</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.88</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.110</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.41</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.42</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.40</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.9</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.6</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.8</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.7</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.1</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.4</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.3</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.0</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.133</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.15</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.136</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.14</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.135</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.13</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.12</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.11</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.10</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.71</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.74</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.75</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.19</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.73</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.18</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.68</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.67</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.66</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.65</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.69</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.20</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.132</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.107</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.106</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.104</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.109</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.108</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.53</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.52</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.50</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.49</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.124</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.47</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.125</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.48</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.126</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.45</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.46</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.43</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.44</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.83</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.85</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.80</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.82</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.81</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.2</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.3</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.4</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.5</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.6</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.7</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.8</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.9</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.76</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.77</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.79</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.0</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.1</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.31</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.30</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.17</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.10</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.11</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.12</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.13</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.14</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.15</vuln:product>
+      <vuln:product>cpe:/a:google:v8:3.23.16</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.23</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.24</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.21</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.22</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.144</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.27</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.28</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.146</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.25</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.26</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.60</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.62</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.61</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.64</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.63</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.54</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.55</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.56</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.57</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.59</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1704</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.427-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:03.843-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T14:47:17.970-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=19668" xml:lang="en">https://code.google.com/p/v8/source/detail?r=19668</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=19614" xml:lang="en">https://code.google.com/p/v8/source/detail?r=19614</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=18564" xml:lang="en">https://code.google.com/p/v8/source/detail?r=18564</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=349079" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=349079</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=345715" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=345715</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=328202" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=328202</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2883" xml:lang="en">DSA-2883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1705">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.151"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.151"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.116</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.35</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.115</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.34</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.117</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.39</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.111</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.38</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.37</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.113</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.36</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.92</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.90</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.91</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.89</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.88</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.110</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.41</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.42</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.40</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.9</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.6</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.8</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.7</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.1</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.4</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.3</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.0</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.133</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.15</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.136</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.14</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.135</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.13</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.12</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.11</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.10</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.71</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.74</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.75</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.19</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.18</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.73</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.68</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.67</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.66</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.65</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.69</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.20</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.132</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.107</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.106</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.104</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.109</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.108</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.53</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.52</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.50</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.49</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.124</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.47</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.125</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.48</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.126</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.45</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.46</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.43</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.44</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.83</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.85</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.80</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.153</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.152</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.82</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.81</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.151</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.76</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.77</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.79</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.31</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.30</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.23</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.24</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.149</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.21</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.22</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.27</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.144</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.28</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.25</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.146</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.26</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.60</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.62</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.61</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.64</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.63</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.54</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.55</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.56</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.57</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.59</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1705</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.460-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:03.920-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T14:56:12.407-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=351787" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=351787</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2883" xml:lang="en">DSA-2883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1706">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.124"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.93"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.112"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.149"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.149</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.124</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1706</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.490-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T21:59:12.457-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T11:22:16.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=351796" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=351796</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1707">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.124"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.93"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.112"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.149"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.149</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.124</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1707</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.523-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T21:53:53.240-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T07:23:51.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=351811" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=351811</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1708">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.124"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.93"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.112"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.149"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.149</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.124</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1708</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.537-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T21:54:30.087-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T11:23:20.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=344051" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=344051</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1710">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.124"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.93"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.112"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.149"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.149</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.124</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1710</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.570-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T22:04:31.700-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T15:50:44.767-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=256918&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=256918&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=256723&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=256723&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=351852" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=351852</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a denial of service (GPU command-buffer memory corruption) or possibly have unspecified other impact via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1711">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.124"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.93"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.112"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:chrome_os:33.0.1750.149"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.149</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/o:google:chrome_os:33.0.1750.124</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1711</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.583-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T22:01:14.567-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T15:51:59.990-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=351855" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=351855</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1713">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.151"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.151"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.116</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.35</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.115</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.34</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.117</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.39</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.111</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.38</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.37</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.113</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.36</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.92</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.90</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.91</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.89</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.88</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.110</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.41</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.42</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.40</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.9</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.6</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.8</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.7</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.1</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.4</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.3</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.0</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.133</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.15</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.136</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.14</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.135</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.13</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.12</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.11</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.10</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.71</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.74</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.75</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.19</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.18</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.73</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.68</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.67</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.66</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.65</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.69</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.20</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.132</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.107</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.106</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.104</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.109</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.108</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.53</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.52</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.50</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.49</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.124</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.47</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.125</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.48</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.126</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.45</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.46</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.43</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.44</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.83</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.85</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.80</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.153</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.82</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.152</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.81</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.151</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.76</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.77</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.79</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.31</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.30</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.23</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.24</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.149</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.21</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.22</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.27</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.144</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.28</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.25</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.146</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.26</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.60</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.62</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.61</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.64</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.63</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.54</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.55</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.56</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.57</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.59</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1713</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.617-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:05:22.030-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T15:54:12.383-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=169176&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=169176&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=352374" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=352374</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2883" xml:lang="en">DSA-2883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" xml:lang="en">APPLE-SA-2014-04-22-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" xml:lang="en">APPLE-SA-2014-04-22-3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>APPLE</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" xml:lang="en">APPLE-SA-2014-04-01-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html" xml:lang="en">20140326 VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1714">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.151"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.151"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.116</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.35</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.115</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.34</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.117</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.39</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.111</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.38</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.37</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.113</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.36</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.92</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.90</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.91</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.89</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.88</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.110</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.41</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.42</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.40</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.9</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.6</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.8</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.7</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.1</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.4</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.3</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.0</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.133</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.15</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.136</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.14</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.135</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.13</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.12</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.11</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.10</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.71</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.74</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.75</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.19</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.18</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.73</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.68</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.67</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.66</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.65</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.69</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.20</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.132</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.107</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.106</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.104</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.109</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.108</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.53</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.52</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.50</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.49</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.124</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.47</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.125</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.48</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.126</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.45</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.46</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.43</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.44</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.83</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.85</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.80</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.153</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.82</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.152</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.81</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.151</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.76</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.77</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.79</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.31</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.30</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.23</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.24</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.149</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.21</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.22</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.27</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.144</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.28</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.25</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.146</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.26</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.60</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.62</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.61</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.64</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.63</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.54</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.55</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.56</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.57</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.59</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1714</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.647-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:04.670-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T15:06:32.907-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=256974&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=256974&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=352395" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=352395</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0143.html" xml:lang="en">20140326 VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1715">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.151"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.152"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.153"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.149"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.151"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.106"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.107"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.108"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.110"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.117"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.124"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.125"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.126"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.132"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.133"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.135"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.136"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.144"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.146"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.29"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.30"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.31"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.34"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.35"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.40"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.70"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.88"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.89"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.90"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:33.0.1750.93"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.116</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.35</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.115</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.34</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.117</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.112</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.39</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.111</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.38</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.37</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.113</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.36</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.92</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.93</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.90</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.91</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.89</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.88</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.110</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.41</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.42</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.40</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.9</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.6</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.5</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.8</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.7</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.2</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.1</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.4</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.3</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.0</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.16</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.133</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.15</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.136</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.14</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.135</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.13</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.12</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.11</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.10</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.70</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.71</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.74</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.75</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.19</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.18</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.73</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.68</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.67</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.66</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.65</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.69</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.20</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.132</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.107</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.106</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.104</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.109</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.108</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.53</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.52</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.51</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.50</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.49</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.124</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.47</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.125</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.48</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.126</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.45</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.46</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.43</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.44</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.83</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.85</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.80</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.153</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.152</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.82</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.81</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.151</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.76</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.77</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.79</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.31</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.30</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.29</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.23</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.24</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.149</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.21</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.22</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.27</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.144</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.28</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.25</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.146</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.26</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.60</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.62</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.61</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.64</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.63</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.54</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.55</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.56</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.57</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.58</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:33.0.1750.59</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1715</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.677-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:04.843-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T15:05:00.043-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=352429" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=352429</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2883" xml:lang="en">DSA-2883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1716">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1716</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:56:51.303-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:08:54.310-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:08:41.717-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20138" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20138</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=354123" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=354123</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1717">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1717</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:15.617-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:10:47.127-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:10:47.063-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20020" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20020</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=353004" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=353004</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1718">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1718</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:15.773-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:12:12.440-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:12:12.393-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=261817&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=261817&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=260969&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=260969&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=258418&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=258418&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=257417&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=257417&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=348332" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=348332</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1719">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1719</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:15.977-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:14:57.150-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:14:57.103-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=252010&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=252010&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=343661" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=343661</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1720">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1720</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:51.180-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:17:26.593-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:17:26.560-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=170216&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=170216&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=356095" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=356095</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1721">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1721</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:51.213-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:19:17.423-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:19:14.627-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=19834" xml:lang="en">https://code.google.com/p/v8/source/detail?r=19834</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=350434" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=350434</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1722">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1722</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:51.243-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:24:53.780-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:24:31.577-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=164405&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=164405&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=330626" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=330626</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1723">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1723</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:51.277-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:28:16.690-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:28:16.613-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=254091&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=254091&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=337746" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=337746</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1724">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1724</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:56.867-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:29:38.633-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:29:38.507-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=259109&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=259109&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=327295" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=327295</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1725">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1725</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:56.900-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:31:28.620-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:31:07.963-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=170264&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=170264&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=357332" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=357332</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1726">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1726</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:56.963-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:49:17.423-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:49:17.390-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=259353&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=259353&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=346135" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=346135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1727">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1727</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:57.010-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:51:16.863-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:51:16.817-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=255276&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=255276&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=342735" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=342735</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1728">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1728</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:57.073-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:56:30.563-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:56:30.517-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=360298" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=360298</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=358059" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=358059</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=356517" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=356517</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=356235" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=356235</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=355586" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=355586</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=354297" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=354297</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=353013" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=353013</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=352982" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=352982</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=351815" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=351815</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=350863" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=350863</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=350537" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=350537</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=350533" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=350533</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=348319" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=348319</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=347262" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=347262</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=345820" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=345820</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1729">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1729</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T06:57:57.197-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T21:58:38.737-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T21:58:37.050-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20409" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20409</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20345" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20345</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20033" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20033</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=19923" xml:lang="en">https://code.google.com/p/v8/source/detail?r=19923</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=19584" xml:lang="en">https://code.google.com/p/v8/source/detail?r=19584</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=19572" xml:lang="en">https://code.google.com/p/v8/source/detail?r=19572</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=358059" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=358059</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=355586" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=355586</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=352982" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=352982</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=350863" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=350863</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=348319" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=348319</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=347262" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=347262</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=345820" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=345820</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1730">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.131"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.131</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.130</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1730</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T06:55:05.433-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T10:29:20.927-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T10:29:19.757-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20595" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20595</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20593" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20593</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20388" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20388</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20377" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20377</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20375" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20375</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=354967" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=354967</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1731">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.131"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.131</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.130</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1731</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T06:55:05.480-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T10:31:52.497-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T10:31:51.403-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=171216&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=171216&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=349903" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=349903</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1732">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.131"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.131</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.130</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1732</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T06:55:05.513-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T10:38:32.990-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T10:38:30.227-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=261737&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=261737&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=352851" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=352851</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1733">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.131"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.131</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.130</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1733</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T06:55:05.543-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T10:43:50.860-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T10:43:49.673-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=260157&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=260157&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=351103" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=351103</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1734">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.131"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.131</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.130</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1734</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T06:55:05.560-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T11:15:37.607-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T11:15:36.073-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=367314" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=367314</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=357382" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=357382</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=356181" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=356181</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1735">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.131"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.131</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.130</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1735</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T06:55:05.590-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T11:21:36.240-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T11:21:35.007-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=171127&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=171127&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=171077&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=171077&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20624" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20624</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20622" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20622</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20501" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20501</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=360429" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=360429</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=359525" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=359525</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=359130" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=359130</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1751">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1751</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:06.430-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T20:36:29.023-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T20:36:25.353-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-018" xml:lang="en">MS14-018</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0235 and CVE-2014-1755.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1752">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1752</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:06.463-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T20:39:33.077-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T20:39:32.703-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-018" xml:lang="en">MS14-018</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1753">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6:sp1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6:sp1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1753</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:06.477-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T20:43:23.757-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T20:43:23.693-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-018" xml:lang="en">MS14-018</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1755">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1755</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:06.510-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T20:37:38.200-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T20:37:38.137-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-018" xml:lang="en">MS14-018</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0235 and CVE-2014-1751.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1757">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office_compatibility_pack::sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2007:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2010:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2010:sp2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:word:2007:sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office_compatibility_pack::sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2010:sp2</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2010:sp1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1757</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:06.540-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T20:49:25.723-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T20:49:25.677-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-017" xml:lang="en">MS14-017</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1758">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2003:sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:word:2003:sp3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1758</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:06.573-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T20:51:18.523-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T20:51:18.493-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-017" xml:lang="en">MS14-017</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Word Stack Overflow Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1759">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:publisher:2007:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:publisher:2003:sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:publisher:2003:sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:publisher:2007:sp3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1759</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:06.587-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T20:55:09.500-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T20:55:04.717-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-020" xml:lang="en">MS14-020</vuln:reference>
+    </vuln:references>
+    <vuln:summary>pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka "Arbitrary Pointer Dereference Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1760">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1760</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:55:06.620-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T20:41:39.113-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T20:41:36.253-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-018" xml:lang="en">MS14-018</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1761">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office_web_apps_server:2013"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office_web_apps:2010:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office_web_apps:2010:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:sharepoint_server:2013"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:sharepoint_server:2010:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:sharepoint_server:2010:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office:2011::mac"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office_compatibility_pack::sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word_viewer"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2013"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2013:-:~-~-~rt~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2010:sp1:~~~x64~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2010:sp1:~~~x86~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2010:sp2:~~~x64~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2010:sp2:~~~x86~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2007:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:word:2003:sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:word:2007:sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2003:sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:sharepoint_server:2013</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2013:-:~-~-~rt~~</vuln:product>
+      <vuln:product>cpe:/a:microsoft:sharepoint_server:2010:sp1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:sharepoint_server:2010:sp2</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word_viewer</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2010:sp1:~~~x64~~</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2010:sp2:~~~x64~~</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office_web_apps:2010:sp1</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office_web_apps:2010:sp2</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2010:sp1:~~~x86~~</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2010:sp2:~~~x86~~</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office:2011::mac</vuln:product>
+      <vuln:product>cpe:/a:microsoft:word:2013</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office_compatibility_pack::sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office_web_apps_server:2013</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1761</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T09:24:01.067-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:47:56.067-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-25T10:08:06.717-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MS</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/bulletin/MS14-017" xml:lang="en">MS14-017</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://technet.microsoft.com/security/advisory/2953095" xml:lang="en">http://technet.microsoft.com/security/advisory/2953095</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1762">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1762</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T06:55:03.153-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:15:10.007-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:15:09.977-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/443810610958958592" xml:lang="en">http://twitter.com/thezdi/statuses/443810610958958592</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1763">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1763</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T06:55:03.200-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:17:29.263-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:17:29.247-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/443855973673754624" xml:lang="en">http://twitter.com/thezdi/statuses/443855973673754624</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1764">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1764</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T06:55:03.233-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:26:37.700-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:26:37.670-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/443855973673754624" xml:lang="en">http://twitter.com/thezdi/statuses/443855973673754624</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1765">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1765</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T06:55:03.247-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:34:52.230-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:34:52.183-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/444216845734666240" xml:lang="en">http://twitter.com/thezdi/statuses/444216845734666240</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1766">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1766</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T06:55:03.280-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:40:57.350-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:40:57.303-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/444216845734666240" xml:lang="en">http://twitter.com/thezdi/statuses/444216845734666240</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the kernel in Microsoft Windows 8.1 allows local users to gain privileges via unknown vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1776">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1776</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T06:55:03.340-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:53:15.060-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:53:15.013-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://technet.microsoft.com/library/security/2963983" xml:lang="en">https://technet.microsoft.com/library/security/2963983</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html" xml:lang="en">http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in VGX.DLL in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1826">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ithoughts:ithoughtshd:4.19::~~~iphone_os~ipad~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ithoughts:ithoughtshd:4.19::~~~iphone_os~ipad~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1826</vuln:cve-id>
+    <vuln:published-datetime>2014-03-26T06:55:05.240-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T14:11:18.247-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T14:11:14.513-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.madirish.net/559" xml:lang="en">http://www.madirish.net/559</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML via a crafted map name.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1827">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ithoughts:ithoughtshd:4.19::~~~iphone_os~ipad~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ithoughts:ithoughtshd:4.19::~~~iphone_os~ipad~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1827</vuln:cve-id>
+    <vuln:published-datetime>2014-03-26T06:55:05.257-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T14:14:10.253-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T14:14:10.207-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.madirish.net/559" xml:lang="en">http://www.madirish.net/559</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to upload arbitrary files by placing a %00 sequence after a dangerous extension, as demonstrated by a .html%00.txt file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1828">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ithoughts:ithoughtshd:4.19::~~~iphone_os~ipad~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ithoughts:ithoughtshd:4.19::~~~iphone_os~ipad~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1828</vuln:cve-id>
+    <vuln:published-datetime>2014-03-26T06:55:05.270-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T14:18:46.123-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T14:18:43.937-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.madirish.net/559" xml:lang="en">http://www.madirish.net/559</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad devices allows remote attackers to cause a denial of service (disk consumption) by uploading a large file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1833">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:devscripts_devel_team:devscripts:2.14.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:devscripts_devel_team:devscripts:2.14.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1833</vuln:cve-id>
+    <vuln:published-datetime>2014-02-05T13:55:06.363-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:46.140-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-06T11:28:27.337-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1059947" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1059947</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65260" xml:lang="en">65260</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/31/7" xml:lang="en">[oss-security] 20140131 CVE request: uupdate (devscripts) directory traversal</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/31/11" xml:lang="en">[oss-security] 20140131 Re: CVE request: uupdate (devscripts) directory traversal</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102748" xml:lang="en">102748</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160" xml:lang="en">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1837">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:stackideas:komento:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:stackideas:komento:1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:stackideas:komento:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:stackideas:komento:1.7.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:stackideas:komento:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:stackideas:komento:1.7.2</vuln:product>
+      <vuln:product>cpe:/a:stackideas:komento:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:stackideas:komento:1.7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1837</vuln:cve-id>
+    <vuln:published-datetime>2014-01-30T14:55:03.333-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:46.217-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-31T12:01:37.787-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90974" xml:lang="en">komento-joomla-cve20141837-xss(90974)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65173" xml:lang="en">65173</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://stackideas.com/downloads/changelog/komento" xml:lang="en">http://stackideas.com/downloads/changelog/komento</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56577" xml:lang="en">56577</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102563" xml:lang="en">102563</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1838">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:13.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:logilab:logilab-common:0.60.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:novell:opensuse:12.3</vuln:product>
+      <vuln:product>cpe:/o:novell:opensuse:13.1</vuln:product>
+      <vuln:product>cpe:/a:logilab:logilab-common:0.60.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1838</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T15:37:04.833-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T14:38:15.277-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T14:38:13.200-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-59"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.logilab.org/ticket/207561" xml:lang="en">http://www.logilab.org/ticket/207561</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57209" xml:lang="en">57209</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html" xml:lang="en">openSUSE-SU-2014:0306</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://comments.gmane.org/gmane.comp.security.oss.general/11986" xml:lang="en">[oss-security] 20140131 CVE request: temp file issues in python's logilab-common module</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1839">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:13.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:logilab:logilab-common:0.60.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:novell:opensuse:12.3</vuln:product>
+      <vuln:product>cpe:/o:novell:opensuse:13.1</vuln:product>
+      <vuln:product>cpe:/a:logilab:logilab-common:0.60.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1839</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T15:37:04.850-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T14:43:00.410-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T14:43:00.253-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.logilab.org/ticket/207562" xml:lang="en">http://www.logilab.org/ticket/207562</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57209" xml:lang="en">57209</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html" xml:lang="en">openSUSE-SU-2014:0306</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://comments.gmane.org/gmane.comp.security.oss.general/11986" xml:lang="en">[oss-security] 20140131 CVE request: temp file issues in python's logilab-common module</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1840">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mybb:mybb:1.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.6</vuln:product>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.7</vuln:product>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.5</vuln:product>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.8</vuln:product>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.9</vuln:product>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.11</vuln:product>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.12</vuln:product>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.10</vuln:product>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.3</vuln:product>
+      <vuln:product>cpe:/a:mybb:mybb:1.6.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1840</vuln:cve-id>
+    <vuln:published-datetime>2014-03-03T11:55:04.320-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-04T12:36:10.193-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-04T12:36:10.007-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/" xml:lang="en">http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1841">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.0.1733"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.01.1740"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.01.1740</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.0.1733</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.40</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.30</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1841</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.763-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T11:23:07.387-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T11:23:07.323-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" xml:lang="en">20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1842">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.0.1733"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.01.1740"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.01.1740</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.0.1733</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.40</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.30</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1842</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.780-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T11:24:52.327-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T11:24:52.280-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" xml:lang="en">20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1843">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.0.1733"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.01.1740"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.01.1740</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.0.1733</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.40</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.30</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1843</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.810-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T11:34:23.800-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T11:34:23.737-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" xml:lang="en">20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1854">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adrotateplugin:adrotate:3.9.::~pro~wordpress~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:adrotateplugin:adrotate:3.9.::~free~wordpress~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:adrotateplugin:adrotate:3.9.5::~pro~wordpress~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:adrotateplugin:adrotate:3.9.4::~pro~wordpress~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:adrotateplugin:adrotate:3.9.4::~free~wordpress~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:adrotateplugin:adrotate:3.9.3::~pro~wordpress~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:adrotateplugin:adrotate:3.9.3::~free~wordpress~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:adrotateplugin:adrotate:3.9.2::~pro~wordpress~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:adrotateplugin:adrotate:3.9.2::~free~wordpress~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:adrotateplugin:adrotate:3.9.1::~pro~wordpress~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:adrotateplugin:adrotate:3.9.1::~free~wordpress~~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adrotateplugin:adrotate:3.9.4::~free~wordpress~~~</vuln:product>
+      <vuln:product>cpe:/a:adrotateplugin:adrotate:3.9.4::~pro~wordpress~~~</vuln:product>
+      <vuln:product>cpe:/a:adrotateplugin:adrotate:3.9.3::~free~wordpress~~~</vuln:product>
+      <vuln:product>cpe:/a:adrotateplugin:adrotate:3.9.5::~pro~wordpress~~~</vuln:product>
+      <vuln:product>cpe:/a:adrotateplugin:adrotate:3.9.2::~free~wordpress~~~</vuln:product>
+      <vuln:product>cpe:/a:adrotateplugin:adrotate:3.9.1::~free~wordpress~~~</vuln:product>
+      <vuln:product>cpe:/a:adrotateplugin:adrotate:3.9.1::~pro~wordpress~~~</vuln:product>
+      <vuln:product>cpe:/a:adrotateplugin:adrotate:3.9.::~free~wordpress~~~</vuln:product>
+      <vuln:product>cpe:/a:adrotateplugin:adrotate:3.9.2::~pro~wordpress~~~</vuln:product>
+      <vuln:product>cpe:/a:adrotateplugin:adrotate:3.9.3::~pro~wordpress~~~</vuln:product>
+      <vuln:product>cpe:/a:adrotateplugin:adrotate:3.9.::~pro~wordpress~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1854</vuln:cve-id>
+    <vuln:published-datetime>2014-02-27T10:55:15.623-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T15:42:45.240-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T06:47:43.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23201" xml:lang="en">https://www.htbridge.com/advisory/HTB23201</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91253" xml:lang="en">adrotate-track-sql-injection(91253)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65709" xml:lang="en">65709</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531176/100/0/threaded" xml:lang="en">20140220 SQL Injection in AdRotate</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31834" xml:lang="en">31834</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5" xml:lang="en">http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57079" xml:lang="en">57079</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1861">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:jetroplatforms:jetro_cockpit_secure_browsing:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:jetroplatforms:jetro_cockpit_secure_browsing:4.3.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:jetroplatforms:jetro_cockpit_secure_browsing:4.3.1</vuln:product>
+      <vuln:product>cpe:/a:jetroplatforms:jetro_cockpit_secure_browsing:4.3.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1861</vuln:cve-id>
+    <vuln:published-datetime>2014-02-18T06:55:16.603-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-20T21:04:47.563-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T14:48:08.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://blog.quaji.com/2014/02/remote-code-execution-on-all-enterprise.html" xml:lang="en">http://blog.quaji.com/2014/02/remote-code-execution-on-all-enterprise.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-02/0075.html" xml:lang="en">20140217 Jetro Cockpit Secure Browsing vulnerability - Client missing input validation allowing RCE</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1869">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:zeroclipboard_project:zeroclipboard:1.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.3.1</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.1.7</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:zeroclipboard_project:zeroclipboard:1.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1869</vuln:cve-id>
+    <vuln:published-datetime>2014-02-07T19:55:06.207-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:46.390-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-10T12:33:51.373-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2" xml:lang="en">https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/zeroclipboard/zeroclipboard/pull/335" xml:lang="en">https://github.com/zeroclipboard/zeroclipboard/pull/335</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca" xml:lang="en">https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91085" xml:lang="en">zeroclipboard-cve20141869-xss(91085)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65484" xml:lang="en">65484</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56821" xml:lang="en">56821</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1870">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:18.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:15.00:next"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.10:beta"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.02"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.01"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.00:beta"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.60:beta"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.52.1100"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.50:beta"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.10:beta"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.01"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.00:beta"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:11.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.60:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.60:alpha"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.53:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.53:b"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.52:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.52:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.50:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.50:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.20:alpha"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.10:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.01"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.00:beta3"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.00:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.00:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.00:alpha"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:10.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:1.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:17.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:16.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:15.00"/>
+          <cpe-lang:fact-ref name="cpe:/a:opera:opera_browser:12.15"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:opera:opera_browser:11.64</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.65</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.66</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.67</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.02</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.01</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.60:beta1</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:16.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.10</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.11</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.61</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.60</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.62</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.11</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.01</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.10</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.13</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.12</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.00:beta2</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.00:beta</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.00:beta3</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.00:beta1</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:18.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.01</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.00:alpha</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:1.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.61</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:15.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.62</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.60:alpha</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.60</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:15.00:next</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.10:beta</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.52:beta2</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:17.00</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.52:beta1</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.50:beta</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.53:beta1</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.50:beta2</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.14</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.15</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.52.1100</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.00:beta</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.53:b</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.63</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:12.10:beta</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.50</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.51</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.60:beta</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.50:beta1</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.20:alpha</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.10</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.11</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.52</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.51</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:11.50</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.53</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.52</vuln:product>
+      <vuln:product>cpe:/a:opera:opera_browser:10.54</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1870</vuln:cve-id>
+    <vuln:published-datetime>2014-02-06T18:55:04.057-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-07T13:14:02.387-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T13:14:01.573-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/" xml:lang="en">http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1874">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1874</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T01:18:54.587-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:45:30.847-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T13:04:35.693-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98" xml:lang="en">https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2172fa709ab32ca60e86179dc67d0857be8e2c98" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2172fa709ab32ca60e86179dc67d0857be8e2c98</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1062356" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1062356</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2141-1" xml:lang="en">USN-2141-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2140-1" xml:lang="en">USN-2140-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2139-1" xml:lang="en">USN-2139-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2138-1" xml:lang="en">USN-2138-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2137-1" xml:lang="en">USN-2137-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2136-1" xml:lang="en">USN-2136-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2135-1" xml:lang="en">USN-2135-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2134-1" xml:lang="en">USN-2134-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2133-1" xml:lang="en">USN-2133-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2129-1" xml:lang="en">USN-2129-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2128-1" xml:lang="en">USN-2128-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/07/2" xml:lang="en">[oss-security] 20140206 Re: CVE Request: Linux kernel: SELinux local DoS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1876">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:openjdk:1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:openjdk:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:openjdk:1.6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:openjdk:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:openjdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:openjdk:1.7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1876</vuln:cve-id>
+    <vuln:published-datetime>2014-02-10T18:55:05.103-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:00.503-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-11T10:30:52.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-59"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1060907" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1060907</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/285" xml:lang="en">[oss-security] 20140207 Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/242" xml:lang="en">[oss-security] 20140203 CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102808" xml:lang="en">102808</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562" xml:lang="en">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1877">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:dokeos_project:dokeos:2.1.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:dokeos_project:dokeos:2.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1877</vuln:cve-id>
+    <vuln:published-datetime>2014-03-13T10:55:05.173-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-13T14:07:20.860-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-13T14:07:20.813-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91295" xml:lang="en">dokeos-cve20141877-xss(91295)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.xchg.info/?p=381" xml:lang="en">http://www.xchg.info/?p=381</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/286" xml:lang="en">[oss-security] 20140207 Re: Dokeos 2.1.1 Multiple Stored XSS Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/258" xml:lang="en">[oss-security] 20140206 Dokeos 2.1.1 Multiple Stored XSS Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2) Street, (3) Address line, (4) Zip code, or (5) City field to main/auth/profile.php; (6) Subject field to main/social/groups.php; or (7) Message body field to main/messages/view_message.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1878">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:nagios:nagios:4.0.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:nagios:nagios:4.0.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:nagios:nagios:4.0.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:nagios:nagios:4.0.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:nagios:nagios:4.0.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:nagios:nagios:4.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:nagios:nagios:4.0.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:nagios:nagios:4.0.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:nagios:nagios:4.0.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.8.2</vuln:product>
+      <vuln:product>cpe:/a:nagios:nagios:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.9.0</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.9.2</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.9.3</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.10.0</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.9.4</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.8.3</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.8.4</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.8.5</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.9.1</vuln:product>
+      <vuln:product>cpe:/a:nagios:nagios:4.0.3:rc1</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:nagios:nagios:4.0.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.8.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1878</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T10:13:04.063-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-28T13:27:24.133-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T13:27:24.007-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://dev.icinga.org/issues/5434" xml:lang="en">https://dev.icinga.org/issues/5434</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6" xml:lang="en">https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1066578" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1066578</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65605" xml:lang="en">65605</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57024" xml:lang="en">57024</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1879">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.0.6:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.9.4:b"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.9.4:c"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.2.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:1.3:alpha"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:2.11.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.0.0:alpha"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.0.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.0.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.0.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.1.5:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.2.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.2.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.4.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.7:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.8:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:3.5.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:phpmyadmin:phpmyadmin:4.0.4.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.9.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.3.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.9.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.9.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.7.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.7.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.7.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.9.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.3.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.1.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.1.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.6.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.2.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.2.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.2.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.7.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.10.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.10.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.8.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.3.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.3.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.3.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.3:alpha</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.10.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.9.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.1.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.9.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.9.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.8.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.0.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.8.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.4.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.9.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.8.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.0.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.5:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.8.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.3:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.4:rc2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.1.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.1.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.1.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.3.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.4.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.3.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.5.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.0.6:a</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.4.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.0.1.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.4.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.2.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.0.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.5.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.5.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.2.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.2.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.8:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.7:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.2.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.1.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.4.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.10.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.6.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.2.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.10.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.10.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.0.0:alpha</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.2.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.9.4:c</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.9</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:1.2.9.4:b</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:4.0.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.5.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.5.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.8</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.5.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.7</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.9.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.9.1</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.4.11</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.0.0:beta</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.5.1.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.9.5</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.9.4</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.9.3</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.9.2</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:2.11.9.6</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.2.0</vuln:product>
+      <vuln:product>cpe:/a:phpmyadmin:phpmyadmin:3.3.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1879</vuln:cve-id>
+    <vuln:published-datetime>2014-02-20T10:27:09.547-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:45:31.223-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-20T13:55:15.627-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a" xml:lang="en">https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php" xml:lang="en">http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00017.html" xml:lang="en">openSUSE-SU-2014:0344</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1881">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.3.0:rc1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.7.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.9.0:rc1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:phonegap:2.4.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.7.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.7.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.3.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.6.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.9.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.9.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.5.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.8.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1881</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T23:50:46.267-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:39:37.103-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T10:11:20.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://seclists.org/bugtraq/2014/Jan/96" xml:lang="en">20140124 Security Vulnerabilities in Apache Cordova / PhoneGap</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.internetsociety.org/ndss2014/programme#session3" xml:lang="en">http://www.internetsociety.org/ndss2014/programme#session3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" xml:lang="en">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt" xml:lang="en">http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/07/9" xml:lang="en">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1882">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.7.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.9.0:rc1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.3.0:rc1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:cordova:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.4.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.6.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.9.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.7.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.9.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.5.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.8.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.7.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.3.0:rc2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1882</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T23:50:46.283-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:26:49.287-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T10:15:05.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.internetsociety.org/ndss2014/programme#session3" xml:lang="en">http://www.internetsociety.org/ndss2014/programme#session3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" xml:lang="en">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://seclists.org/bugtraq/2014/Jan/96" xml:lang="en">20140124 Security Vulnerabilities in Apache Cordova / PhoneGap</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt" xml:lang="en">http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/07/9" xml:lang="en">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1883">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0:rc1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:phonegap:2.4.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.5.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.3.0:rc2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1883</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T23:50:46.313-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:32:03.437-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T10:28:00.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://seclists.org/bugtraq/2014/Jan/96" xml:lang="en">20140124 Security Vulnerabilities in Apache Cordova / PhoneGap</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/phonegap/phonegap/blob/2.6.0/changelog" xml:lang="en">https://github.com/phonegap/phonegap/blob/2.6.0/changelog</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.internetsociety.org/ndss2014/programme#session3" xml:lang="en">http://www.internetsociety.org/ndss2014/programme#session3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" xml:lang="en">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt" xml:lang="en">http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/07/9" xml:lang="en">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1884">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.0.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.1.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.2.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:apache:cordova:3.3.0:rc1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_phone:8"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_phone:7"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.6.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.6.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.7.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.7.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.8.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.8.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.9.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.9.0:rc1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_phone:8"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_phone:7"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:phonegap:2.4.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.7.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.7.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.3.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.6.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.9.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:apache:cordova:3.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.9.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.5.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:adobe:phonegap:2.8.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1884</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T23:50:46.343-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:37:54.633-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T10:26:41.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.internetsociety.org/ndss2014/programme#session3" xml:lang="en">http://www.internetsociety.org/ndss2014/programme#session3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" xml:lang="en">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://seclists.org/bugtraq/2014/Jan/96" xml:lang="en">20140124 Security Vulnerabilities in Apache Cordova / PhoneGap</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt" xml:lang="en">http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/07/9" xml:lang="en">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1885">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:hsgroup:forzearmate:-::~~~android~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.9.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.9.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.8.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.8.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.7.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.7.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.6.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.6.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:hsgroup:forzearmate:-::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1885</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T23:50:46.360-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T15:01:54.897-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-05T13:04:14.440-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.internetsociety.org/ndss2014/programme#session3" xml:lang="en">http://www.internetsociety.org/ndss2014/programme#session3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" xml:lang="en">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/07/9" xml:lang="en">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1886">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:edinburghtour:edinburgh_by_bus:-::~~~android~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.9.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.9.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.8.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.8.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.7.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.7.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.6.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.6.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:edinburghtour:edinburgh_by_bus:-::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1886</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T23:50:46.390-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T15:02:59.853-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-05T08:00:13.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.internetsociety.org/ndss2014/programme#session3" xml:lang="en">http://www.internetsociety.org/ndss2014/programme#session3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" xml:lang="en">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/07/9" xml:lang="en">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1887">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:drinkedin:drinkedin_barfinder:-::~~~android~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.9.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.9.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.8.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.8.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.7.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.7.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.6.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.6.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.5.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.4.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc2"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:phonegap:2.0.0"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:drinkedin:drinkedin_barfinder:-::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1887</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T23:50:46.423-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T15:04:02.697-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-05T07:52:41.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.internetsociety.org/ndss2014/programme#session3" xml:lang="en">http://www.internetsociety.org/ndss2014/programme#session3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" xml:lang="en">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/07/9" xml:lang="en">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated by (1) freelifetimecheating.com and (2) www.babesroulette.com.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1888">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.8.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.7.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.7.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.7.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.6.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.6.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.6.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.6.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.5.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:buddypress:buddypress_plugin:1.6.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.9</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.8</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.7</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.6</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.5.3.1</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.6.5</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.5</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.7.2</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.6.3</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.8.1</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.6.4</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:buddypress:buddypress_plugin:1.7.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1888</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T19:01:09.183-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T10:10:58.790-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T10:10:58.650-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91175" xml:lang="en">buddypress-cve20141888-xss(91175)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65555" xml:lang="en">65555</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531049/100/0/threaded" xml:lang="en">20140213 Wordpress plugin Buddypress &lt;= 1.9.1 stored xss vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56950" xml:lang="en">56950</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/103307" xml:lang="en">103307</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://buddypress.org/2014/02/buddypress-1-9-2" xml:lang="en">http://buddypress.org/2014/02/buddypress-1-9-2</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details.  NOTE: this can be exploited without authentication by leveraging CVE-2014-1889.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1891">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:4.1.5</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.4</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.2.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.6.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.3.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.3.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.3.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1891</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:35:53.467-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:02.893-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.2</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T15:11:50.293-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-84.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-84.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/10/8" xml:lang="en">[oss-security] 20140210 Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/07/4" xml:lang="en">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/07/12" xml:lang="en">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" xml:lang="en">SUSE-SU-2014:0446</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" xml:lang="en">SUSE-SU-2014:0373</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" xml:lang="en">SUSE-SU-2014:0372</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1892">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.6.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:4.1.5</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.0.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.4</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.0.4</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.0.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.0.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.0.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.6.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.3.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1892</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:35:53.497-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:03.003-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.2</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T14:54:21.977-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-84.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-84.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/10/8" xml:lang="en">[oss-security] 20140210 Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/07/4" xml:lang="en">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/07/12" xml:lang="en">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" xml:lang="en">SUSE-SU-2014:0446</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" xml:lang="en">SUSE-SU-2014:0373</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" xml:lang="en">SUSE-SU-2014:0372</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1893">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.6.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:4.1.5</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.0.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.4</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.0.4</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.0.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.0.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.0.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.2.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.6.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.3.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1893</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:35:53.513-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:03.113-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.2</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T14:57:11.590-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-84.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-84.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/10/8" xml:lang="en">[oss-security] 20140210 Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/07/4" xml:lang="en">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/07/12" xml:lang="en">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" xml:lang="en">SUSE-SU-2014:0446</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" xml:lang="en">SUSE-SU-2014:0373</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" xml:lang="en">SUSE-SU-2014:0372</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1894">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:3.2.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.2.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:3.1.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1894</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:35:53.547-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:03.223-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.2</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T14:59:36.487-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-84.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-84.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/10/8" xml:lang="en">[oss-security] 20140210 Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/07/4" xml:lang="en">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/07/12" xml:lang="en">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" xml:lang="en">SUSE-SU-2014:0446</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" xml:lang="en">SUSE-SU-2014:0373</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" xml:lang="en">SUSE-SU-2014:0372</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1895">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:4.3.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.3.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1895</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:35:53.577-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:03.333-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T15:03:43.527-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-85.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-85.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/10/6" xml:lang="en">[oss-security] 20140210 Xen Security Advisory 85 (CVE-2014-1895) - Off-by-one error in FLASK_AVC_CACHESTAT hypercall</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/07/12" xml:lang="en">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" xml:lang="en">SUSE-SU-2014:0373</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1896">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:4.3.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.3.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.4.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1896</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:35:53.607-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:03.427-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T15:10:54.370-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/xsa86.patch" xml:lang="en">http://xenbits.xen.org/xsa/xsa86.patch</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-86.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-86.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/10/7" xml:lang="en">[oss-security] 20140210 Xen Security Advisory 86 (CVE-2014-1896) - libvchan failure handling malicious ring indexes</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/07/12" xml:lang="en">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" xml:lang="en">SUSE-SU-2014:0373</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1899">
+    <vuln:cve-id>CVE-2014-1899</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:05.933-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:05.933-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.citrix.com/article/CTX140291" xml:lang="en">https://support.citrix.com/article/CTX140291</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1903">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:freepbx:freepbx:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:freepbx:freepbx:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:freepbx:freepbx:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:freepbx:freepbx:2.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:freepbx:freepbx:2.10</vuln:product>
+      <vuln:product>cpe:/a:freepbx:freepbx:2.11</vuln:product>
+      <vuln:product>cpe:/a:freepbx:freepbx:2.9</vuln:product>
+      <vuln:product>cpe:/a:freepbx:freepbx:2.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1903</vuln:cve-id>
+    <vuln:published-datetime>2014-02-18T06:55:16.977-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:46.907-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T20:07:11.023-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531040/100/0/threaded" xml:lang="en">20140211 [CVE-2014-1903] FreePBX 2.9 through 12 RCE</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice" xml:lang="en">http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html" xml:lang="en">http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html" xml:lang="en">http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/103240" xml:lang="en">103240</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://issues.freepbx.org/browse/FREEPBX-7123" xml:lang="en">http://issues.freepbx.org/browse/FREEPBX-7123</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://issues.freepbx.org/browse/FREEPBX-7117" xml:lang="en">http://issues.freepbx.org/browse/FREEPBX-7117</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429" xml:lang="en">http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03" xml:lang="en">http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html" xml:lang="en">20140211 Re: Freepbx , php code execution exploit</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html" xml:lang="en">20140211 Freepbx , php code execution exploit</vuln:reference>
+    </vuln:references>
+    <vuln:summary>admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1904">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:m1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:m2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:m3"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:m4"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:3.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:4.0.0:m1"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:4.0.0:m2"/>
+        <cpe-lang:fact-ref name="cpe:/a:springsource:spring_framework:4.0.0:rc1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.2.7</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:4.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:4.0.0:m2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:4.0.0:m1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:m1</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:m2</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:m3</vuln:product>
+      <vuln:product>cpe:/a:springsource:spring_framework:3.0.0:m4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1904</vuln:cve-id>
+    <vuln:published-datetime>2014-03-20T12:55:12.683-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:05:30.200-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T08:50:14.987-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://jira.springsource.org/browse/SPR-11426" xml:lang="en">https://jira.springsource.org/browse/SPR-11426</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485" xml:lang="en">https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531422/100/0/threaded" xml:lang="en">20140311 CVE-2014-1904 XSS when using Spring MVC</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.gopivotal.com/security/cve-2014-1904" xml:lang="en">http://www.gopivotal.com/security/cve-2014-1904</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57915" xml:lang="en">57915</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0400.html" xml:lang="en">RHSA-2014:0400</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://docs.spring.io/spring/docs/3.2.8.RELEASE/changelog.txt" xml:lang="en">http://docs.spring.io/spring/docs/3.2.8.RELEASE/changelog.txt</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1906">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.27.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.27.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.25.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.07"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.05"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:1.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:2.0</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.27.3</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:2.1</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.25</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.27.4</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.07</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:2.2</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.27</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.05</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.25.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1906</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T10:55:28.797-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T10:07:59.883-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T09:29:32.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23199" xml:lang="en">https://www.htbridge.com/advisory/HTB23199</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91477" xml:lang="en">videowhisper-cve20141906-xss(91477)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125454" xml:lang="en">http://packetstormsecurity.com/files/125454</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1907">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.27.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.27.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.25.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.07"/>
+          <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:4.05"/>
+          <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:2.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:2.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:videowhisper:live_streaming_integration_plugin:1.0.2"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:2.0</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.27.3</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:2.1</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.25</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.27.4</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.07</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:2.2</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.27</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.05</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:live_streaming_integration_plugin:4.25.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1907</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T10:55:28.830-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T09:39:23.667-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T04:30:37.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23199" xml:lang="en">https://www.htbridge.com/advisory/HTB23199</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91478" xml:lang="en">videowhisper-cve20141907-dir-trav(91478)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125454" xml:lang="en">http://packetstormsecurity.com/files/125454</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1910">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:citrix:sharefile_mobile:2.4::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:citrix:sharefile_mobile_for_tablets:2.4::~~~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:citrix:sharefile_mobile:2.4::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:citrix:sharefile_mobile_for_tablets:2.4::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1910</vuln:cve-id>
+    <vuln:published-datetime>2014-02-21T10:30:16.267-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T12:34:57.030-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-21T12:34:56.953-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.citrix.com/article/CTX140303" xml:lang="en">http://support.citrix.com/article/CTX140303</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029791" xml:lang="en">1029791</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57020" xml:lang="en">57020</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1911">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:foscam:fi8919w_firmware:11.37.2.54"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:foscam:fi8919w:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:foscam:fi8919w:-</vuln:product>
+      <vuln:product>cpe:/o:foscam:fi8919w_firmware:11.37.2.54</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1911</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T06:55:05.473-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T13:54:48.300-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T09:12:01.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/525132" xml:lang="en">VU#525132</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://foscam.us/forum/mjpeg-54-firmware-bug-user-logon-bypass-t8442.html" xml:lang="en">http://foscam.us/forum/mjpeg-54-firmware-bug-user-logon-bypass-t8442.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1912">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.7.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.7.1150"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.7.1150::~~~~x64~"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.7.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.7.2150"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.6.2150"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.6.6150"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.5.150"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:2.5.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.4:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.1.2150::~~~~x64~"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.2:alpha"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.2.2150"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:python:python:3.3.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:python:python:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.6.3</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.6.2</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.7.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.7.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.0</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.1</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.4:alpha1</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.6</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.5</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.3</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.7</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.7.6</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.7.5</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.7.4</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.7.3</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.6.6</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.6.5</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.6.4</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.6.8</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.6.7</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.7.2150</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.2.2150</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.2:alpha</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.1.2150::~~~~x64~</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.2</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.6.6150</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.7.1150::~~~~x64~</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.5.150</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.7.1150</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.5.6</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:python:python:2.6.2150</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:python:python:3.1.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1912</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T19:55:05.093-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:57:37.083-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T10:54:46.887-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://bugs.python.org/issue20246" xml:lang="en">http://bugs.python.org/issue20246</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/" xml:lang="en">https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2125-1" xml:lang="en">USN-2125-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029831" xml:lang="en">1029831</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/12/16" xml:lang="en">[oss-security] 20140212 Re: CVE request? buffer overflow in socket.recvfrom_into</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/31875" xml:lang="en">31875</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2880" xml:lang="en">DSA-2880</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://pastebin.com/raw.php?i=GHXSmNEg" xml:lang="en">http://pastebin.com/raw.php?i=GHXSmNEg</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://hg.python.org/cpython/rev/87673659d8f7" xml:lang="en">http://hg.python.org/cpython/rev/87673659d8f7</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1914">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:doug_poulin:command_school_student_management_system:1.06.01"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:doug_poulin:command_school_student_management_system:1.06.01</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1914</vuln:cve-id>
+    <vuln:published-datetime>2014-02-07T10:48:57.157-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:47.000-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T13:18:32.813-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90179" xml:lang="en">commandschool-message-xss(90179)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90178" xml:lang="en">commandschool-addtopic-xss(90178)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64707" xml:lang="en">64707</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html" xml:lang="en">http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101892" xml:lang="en">101892</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101891" xml:lang="en">101891</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to sw/chat/message.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1915">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:doug_poulin:command_school_student_management_system:1.06.01"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:doug_poulin:command_school_student_management_system:1.06.01</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1915</vuln:cve-id>
+    <vuln:published-datetime>2014-02-07T10:48:57.517-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:47.077-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-07T13:19:17.157-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64707" xml:lang="en">64707</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html" xml:lang="en">http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101890" xml:lang="en">101890</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/101889" xml:lang="en">101889</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php.  NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1916">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.1::~~~iphone_os~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.1.1::~~~iphone_os~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.1:rc1:~~~iphone_os~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2::~~~iphone_os~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2.1::~~~iphone_os~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumble:1.2.2::~~~iphone_os~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:light_speed_gaming:mumblekit:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:light_speed_gaming:mumblekit:-</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2.1::~~~iphone_os~~</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.1:rc1:~~~iphone_os~~</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2.2::~~~iphone_os~~</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.1.1::~~~iphone_os~~</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.1::~~~iphone_os~~</vuln:product>
+      <vuln:product>cpe:/a:light_speed_gaming:mumble:1.2::~~~iphone_os~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1916</vuln:cve-id>
+    <vuln:published-datetime>2014-02-07T19:55:06.237-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-10T12:26:33.363-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-10T12:26:33.300-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102957" xml:lang="en">102957</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://mumble.info/security/Mumble-SA-2014-003.txt" xml:lang="en">http://mumble.info/security/Mumble-SA-2014-003.txt</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1921">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:parcimonie_project:parcimonie:0.7.1-1"/>
+        <cpe-lang:fact-ref name="cpe:/a:parcimonie_project:parcimonie:0.7-1"/>
+        <cpe-lang:fact-ref name="cpe:/a:parcimonie_project:parcimonie:0.6-3"/>
+        <cpe-lang:fact-ref name="cpe:/a:parcimonie_project:parcimonie:0.6-1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:parcimonie_project:parcimonie:0.6-1</vuln:product>
+      <vuln:product>cpe:/a:parcimonie_project:parcimonie:0.6-3</vuln:product>
+      <vuln:product>cpe:/a:parcimonie_project:parcimonie:0.7-1</vuln:product>
+      <vuln:product>cpe:/a:parcimonie_project:parcimonie:0.7.1-1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1921</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T10:55:06.203-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:47.483-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:03:57.443-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://gaffer.ptitcanardnoir.org/intrigeri/files/parcimonie/App-Parcimonie-0.8.1.tar.gz" xml:lang="en">https://gaffer.ptitcanardnoir.org/intrigeri/files/parcimonie/App-Parcimonie-0.8.1.tar.gz</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738134" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738134</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91118" xml:lang="en">parcimonie-cve20141921-info-disc(91118)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65505" xml:lang="en">65505</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2860" xml:lang="en">DSA-2860</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/308" xml:lang="en">[oss-security] 20140210 Re: CVE request: parcimonie (0.6 to 0.8, included) possible correlation between key fetches</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/305" xml:lang="en">[oss-security] 20140210 CVE request: parcimonie (0.6 to 0.8, included) possible correlation between key fetches</vuln:reference>
+    </vuln:references>
+    <vuln:summary>parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1930">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:6.6</vuln:product>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:6.4</vuln:product>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:6.2</vuln:product>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:7.2</vuln:product>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:7.0</vuln:product>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:6.8</vuln:product>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:8.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1930</vuln:cve-id>
+    <vuln:published-datetime>2014-02-10T17:55:03.887-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:47.657-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-11T13:37:57.347-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/566894" xml:lang="en">VU#566894</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details" xml:lang="en">http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65305" xml:lang="en">65305</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102815" xml:lang="en">102815</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/102814" xml:lang="en">102814</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://jvn.jp/vu/JVNVU97441356/index.html" xml:lang="en">http://jvn.jp/vu/JVNVU97441356/index.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1931">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:visibility_software:cyber_recruiter:8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:6.6</vuln:product>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:6.4</vuln:product>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:6.2</vuln:product>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:7.2</vuln:product>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:7.0</vuln:product>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:6.8</vuln:product>
+      <vuln:product>cpe:/a:visibility_software:cyber_recruiter:8.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1931</vuln:cve-id>
+    <vuln:published-datetime>2014-02-10T17:55:03.933-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:47.750-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-11T13:38:41.583-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details" xml:lang="en">http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65564" xml:lang="en">65564</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1932">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:python:pillow:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pythonware:python_imaging_library:1.1.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:python:pillow:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:pythonware:python_imaging_library:1.1.7</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1932</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:11.090-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-18T11:51:05.090-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-18T11:51:05.060-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-59"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7" xml:lang="en">https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2168-1" xml:lang="en">USN-2168-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/11/1" xml:lang="en">[oss-security] 20140210 Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1933">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:python:pillow:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pythonware:python_imaging_library:1.1.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:python:pillow:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:pythonware:python_imaging_library:1.1.7</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1933</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:11.120-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-18T11:51:10.293-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-18T11:51:10.263-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7" xml:lang="en">https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2168-1" xml:lang="en">USN-2168-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/11/1" xml:lang="en">[oss-security] 20140210 Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/10/15" xml:lang="en">[oss-security] 20140210 CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1939">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:google:android:4.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.1.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.2.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.2.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0.4</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0.3</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.3</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.3.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1939</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T23:50:46.453-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-04T11:02:59.460-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-04T10:35:24.060-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/11/2" xml:lang="en">[oss-security] 20140210 CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html" xml:lang="en">http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1942">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:pearson:esis_enterprise_student_information_system:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:pearson:esis_enterprise_student_information_system:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1942</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T23:58:17.077-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-02T12:05:40.047-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T12:05:35.907-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/163188" xml:lang="en">VU#163188</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1943">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:fine_free_file_project:fine_free_file:5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.4</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.3</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.2</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.1</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.9</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.8</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.7</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.10</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.11</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.12</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.0</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.13</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.14</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.15</vuln:product>
+      <vuln:product>cpe:/a:fine_free_file_project:fine_free_file:5.16</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1943</vuln:cve-id>
+    <vuln:published-datetime>2014-02-18T14:55:04.377-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:57:38.880-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-19T10:46:59.307-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/glensc/file/blob/FILE5_17/ChangeLog" xml:lang="en">https://github.com/glensc/file/blob/FILE5_17/ChangeLog</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2126-1" xml:lang="en">USN-2126-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2123-1" xml:lang="en">USN-2123-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.php.net/ChangeLog-5.php" xml:lang="en">http://www.php.net/ChangeLog-5.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2868" xml:lang="en">DSA-2868</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2861" xml:lang="en">DSA-2861</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mx.gw.com/pipermail/file/2014/001337.html" xml:lang="en">[file] 20140213 segfault in magic_buffer</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mx.gw.com/pipermail/file/2014/001334.html" xml:lang="en">[file] 20140211 segfault in magic_buffer</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mx.gw.com/pipermail/file/2014/001330.html" xml:lang="en">[file] 20140211 segfault in magic_buffer</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mx.gw.com/pipermail/file/2014/001327.html" xml:lang="en">[file] 20142010 segfault in magic_buffer</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html" xml:lang="en">openSUSE-SU-2014:0367</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html" xml:lang="en">openSUSE-SU-2014:0364</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1944">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ilch:ilch_cms:2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ilch:ilch_cms:2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1944</vuln:cve-id>
+    <vuln:published-datetime>2014-03-09T09:16:56.850-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T12:14:25.637-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-10T12:14:25.590-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/IlchCMS/Ilch-2.0/commit/381e15f39d07d3cdf6aaaa25c0f2321f817935f7" xml:lang="en">https://github.com/IlchCMS/Ilch-2.0/commit/381e15f39d07d3cdf6aaaa25c0f2321f817935f7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23203" xml:lang="en">https://www.htbridge.com/advisory/HTB23203</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91538" xml:lang="en">ilchcms-cve20141944-xss(91538)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531350/100/0/threaded" xml:lang="en">20140305 Cross-Site Scripting (XSS) in Ilch CMS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32076" xml:lang="en">32076</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1945">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.7:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.7:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.3:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.3:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.2:b"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.2:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.2:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.5</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.7</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.6</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.7:-</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.2:-</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.3:a</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.2:a</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.7:beta</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.3:-</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.8</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.7.1</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.2:b</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1945</vuln:cve-id>
+    <vuln:published-datetime>2014-03-09T09:16:57.083-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T12:24:22.857-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-10T12:24:22.793-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.opendocman.com/opendocman-v1-2-7-2-released" xml:lang="en">http://www.opendocman.com/opendocman-v1-2-7-2-released</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.opendocman.com/opendocman-v1-2-7-1-release" xml:lang="en">http://www.opendocman.com/opendocman-v1-2-7-1-release</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23202" xml:lang="en">https://www.htbridge.com/advisory/HTB23202</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65775" xml:lang="en">65775</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56189" xml:lang="en">56189</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1948">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1948</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T10:55:06.407-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-08T00:13:14.480-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:10:03.767-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.launchpad.net/glance/+bug/1275062" xml:lang="en">https://bugs.launchpad.net/glance/+bug/1275062</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65507" xml:lang="en">65507</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/12/18" xml:lang="en">[oss-security] 20140212 [OSSA 2014-004] Glance Swift store backend password leak  (CVE-2014-1948)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56419" xml:lang="en">56419</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0229.html" xml:lang="en">RHSA-2014:0229</vuln:reference>
+    </vuln:references>
+    <vuln:summary>OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1950">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:4.3.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.5</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.3.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.4</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.6.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1950</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T10:55:06.563-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:06.723-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:13:17.050-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-88.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-88.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/12/17" xml:lang="en">[oss-security] 20140212 Xen Security Advisory 88 (CVE-2014-1950) - use-after-free in xc_cpupool_getinfo() under memory pressure</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" xml:lang="en">SUSE-SU-2014:0373</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" xml:lang="en">SUSE-SU-2014:0372</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1955">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:fortinet:fortiweb:5.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:fortinet:fortiweb:5.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1955</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:06.173-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T08:14:40.323-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T08:14:40.247-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.fortiguard.com/advisory/FG-IR-13-009/" xml:lang="en">http://www.fortiguard.com/advisory/FG-IR-13-009/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1956">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:fortinet:fortiweb:5.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:fortinet:fortiweb:5.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1956</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:06.203-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T08:20:06.820-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T08:20:06.787-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.fortiguard.com/advisory/FG-IR-13-009/" xml:lang="en">http://www.fortiguard.com/advisory/FG-IR-13-009/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1957">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:fortinet:fortiweb:5.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:fortinet:fortiweb:5.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1957</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:06.237-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T08:54:07.450-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T08:54:06.467-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:security-protection>ALLOWS_USER_ACCESS</vuln:security-protection>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.fortiguard.com/advisory/FG-IR-13-009/" xml:lang="en">http://www.fortiguard.com/advisory/FG-IR-13-009/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1959">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.1.17"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:gnutls:3.2.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.20</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.7</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.19</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.9</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.8.1</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.18</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:gnu:gnutls:3.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1959</vuln:cve-id>
+    <vuln:published-datetime>2014-03-06T19:10:57.620-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:45:38.007-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-07T07:12:21.670-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c" xml:lang="en">https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2121-1" xml:lang="en">USN-2121-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.gnutls.org/security.html" xml:lang="en">http://www.gnutls.org/security.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2866" xml:lang="en">DSA-2866</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/345" xml:lang="en">[oss-security] 20140213 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/344" xml:lang="en">[oss-security] 20140213 CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1960">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver_solution_manager:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver_solution_manager:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:netweaver_solution_manager:7.0</vuln:product>
+      <vuln:product>cpe:/a:sap:netweaver_solution_manager:7.1</vuln:product>
+      <vuln:product>cpe:/a:sap:netweaver:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1960</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T10:55:07.437-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:48.327-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:15:42.057-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1828885" xml:lang="en">https://service.sap.com/sap/support/notes/1828885</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91093" xml:lang="en">netweaver-solution-info-disc(91093)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56942" xml:lang="en">56942</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://erpscan.com/advisories/erpscan-14-004-sap-netweaver-solution-manager-missing-authorization-check-information-disclosure/" xml:lang="en">http://erpscan.com/advisories/erpscan-14-004-sap-netweaver-solution-manager-missing-authorization-check-information-disclosure/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1961">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:netweaver:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1961</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T10:55:07.470-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:48.420-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:28:06.900-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1852146" xml:lang="en">https://service.sap.com/sap/support/notes/1852146</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91096" xml:lang="en">netweaver-webdyn-path-disclosure(91096)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56947" xml:lang="en">56947</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://erpscan.com/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure/" xml:lang="en">http://erpscan.com/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1962">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:customer_relationship_management:7.02:ehp2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:customer_relationship_management:7.02:ehp2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1962</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T10:55:07.500-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:48.500-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:18:07.403-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1917054" xml:lang="en">https://service.sap.com/sap/support/notes/1917054</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91098" xml:lang="en">sap-crm-info-disc(91098)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56944" xml:lang="en">56944</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://erpscan.com/advisories/erpscan-14-003-sap-crm-gwsync-xxe/" xml:lang="en">http://erpscan.com/advisories/erpscan-14-003-sap-crm-gwsync-xxe/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1963">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver:7.20"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:netweaver:7.20</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1963</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T10:55:07.533-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:48.577-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:21:29.953-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1773912" xml:lang="en">https://service.sap.com/sap/support/notes/1773912</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91097" xml:lang="en">netweaver-message-server-dos(91097)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56947" xml:lang="en">56947</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://erpscan.com/advisories/erpscan-14-001-sap-netweaver-message-server-dos/" xml:lang="en">http://erpscan.com/advisories/erpscan-14-001-sap-netweaver-message-server-dos/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1964">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver_exchange_infrastructure_%28bc-xi%29:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:netweaver_exchange_infrastructure_%28bc-xi%29:-</vuln:product>
+      <vuln:product>cpe:/a:sap:netweaver:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1964</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T10:55:07.563-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:48.657-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:26:44.963-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1788080" xml:lang="en">https://service.sap.com/sap/support/notes/1788080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91095" xml:lang="en">netweaver-dir-xss(91095)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56947" xml:lang="en">56947</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://erpscan.com/advisories/erpscan-14-005-sap-netweaver-dir-error-xss/" xml:lang="en">http://erpscan.com/advisories/erpscan-14-005-sap-netweaver-dir-error-xss/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1965">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver:7.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver:7.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver:7.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver:7.11"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:netweaver:7.11</vuln:product>
+      <vuln:product>cpe:/a:sap:netweaver:7.10</vuln:product>
+      <vuln:product>cpe:/a:sap:netweaver:7.01</vuln:product>
+      <vuln:product>cpe:/a:sap:netweaver:7.02</vuln:product>
+      <vuln:product>cpe:/a:sap:netweaver:7.0</vuln:product>
+      <vuln:product>cpe:/a:sap:netweaver:3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1965</vuln:cve-id>
+    <vuln:published-datetime>2014-02-14T10:55:07.830-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-21T00:06:48.750-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T11:50:22.387-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1442517" xml:lang="en">https://service.sap.com/sap/support/notes/1442517</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91094" xml:lang="en">netweaver-ispeakadapter-xss(91094)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.stechno.net/sap-notes.html?view=sapnote&amp;id=1442517" xml:lang="en">http://www.stechno.net/sap-notes.html?view=sapnote&amp;id=1442517</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56947" xml:lang="en">56947</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://erpscan.com/advisories/erpscan-14-006-sap-netweaver-pip-xss/" xml:lang="en">http://erpscan.com/advisories/erpscan-14-006-sap-netweaver-pip-xss/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1966">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.10.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.12</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1966</vuln:cve-id>
+    <vuln:published-datetime>2014-02-23T23:48:10.210-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-24T14:53:51.657-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-24T14:53:49.750-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-051-03" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-051-03</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892342.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892342.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1967">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:7andi-fs.co:denny%27s:2.0.0::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:7andi-fs.co:denny%27s:1.0.2::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:7andi-fs.co:denny%27s:1.0.1::~~~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:7andi-fs.co:denny%27s:1.0.1::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:7andi-fs.co:denny%27s:1.0.2::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:7andi-fs.co:denny%27s:2.0.0::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1967</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:04.243-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T13:58:12.380-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T13:58:12.303-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=jp.denimoba" xml:lang="en">https://play.google.com/store/apps/details?id=jp.denimoba</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000022" xml:lang="en">JVNDB-2014-000022</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN48810179/index.html" xml:lang="en">JVN#48810179</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1968">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:riken:xoonips:3.47::~~~xoops~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:riken:xoonips:3.46::~~~xoops~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:riken:xoonips:3.45::~~~xoops~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:riken:xoonips:3.44::~~~xoops~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:riken:xoonips:3.43::~~~xoops~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:riken:xoonips:3.42::~~~xoops~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:riken:xoonips:3.41::~~~xoops~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:riken:xoonips:3.40::~~~xoops~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:riken:xoonips:3.47::~~~xoops~~</vuln:product>
+      <vuln:product>cpe:/a:riken:xoonips:3.40::~~~xoops~~</vuln:product>
+      <vuln:product>cpe:/a:riken:xoonips:3.42::~~~xoops~~</vuln:product>
+      <vuln:product>cpe:/a:riken:xoonips:3.41::~~~xoops~~</vuln:product>
+      <vuln:product>cpe:/a:riken:xoonips:3.44::~~~xoops~~</vuln:product>
+      <vuln:product>cpe:/a:riken:xoonips:3.43::~~~xoops~~</vuln:product>
+      <vuln:product>cpe:/a:riken:xoonips:3.46::~~~xoops~~</vuln:product>
+      <vuln:product>cpe:/a:riken:xoonips:3.45::~~~xoops~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1968</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:04.273-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T14:06:21.190-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T14:06:21.127-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xoonips.sourceforge.jp" xml:lang="en">http://xoonips.sourceforge.jp</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000025" xml:lang="en">JVNDB-2014-000025</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN87797318/index.html" xml:lang="en">JVN#87797318</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1969">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apps4u%40android:sd_card_manager:20140223::~~~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apps4u%40android:sd_card_manager:20140223::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1969</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T12:55:08.817-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T12:26:20.383-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T12:26:20.320-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000035" xml:lang="en">JVNDB-2014-000035</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN47386847/index.html" xml:lang="en">JVN#47386847</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1970">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:estrongs:es_file_explorer:3.0.0::~~~android~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:estrongs:es_file_explorer:1.6.1.1::~~~android~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:estrongs:es_file_explorer:1.6.0.2::~~~android~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:estrongs:es_file_explorer:1.6.1.1::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:estrongs:es_file_explorer:3.0.0::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:estrongs:es_file_explorer:1.6.0.2::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1970</vuln:cve-id>
+    <vuln:published-datetime>2014-03-20T11:55:05.493-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-20T13:12:59.220-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-20T13:12:56.843-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000033" xml:lang="en">JVNDB-2014-000033</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN70029459/index.html" xml:lang="en">JVN#70029459</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1971">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:silexlabs:silex:2.0.0:alpha5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:silexlabs:silex:2.0.0:alpha5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1971</vuln:cve-id>
+    <vuln:published-datetime>2014-03-20T11:55:06.823-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-20T13:23:41.287-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-20T13:23:38.710-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/silexlabs/Silex/blob/master/docs/change-log.md" xml:lang="en">https://github.com/silexlabs/Silex/blob/master/docs/change-log.md</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000032" xml:lang="en">JVNDB-2014-000032</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN14282890/index.html" xml:lang="en">JVN#14282890</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1974">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:3.0::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:3.0::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:2.5::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:2.4::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:2.3::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:2.2::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:2.1::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.9::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.8::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.7::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.6::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.5::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.4::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.3::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.2::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.1::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.0::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:2.4::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:2.3::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:2.2::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:2.1::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:2.0::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.9::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.8::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.7::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.6::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.5::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.4::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.3::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.2::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.1::~~professional~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:lyesoft:andexplorer:1.0::~~professional~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.3::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.2::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.1::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.0::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:2.5::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.9::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.8::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.7::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:2.4::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.6::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.5::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:3.0::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:2.3::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:2.3::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:2.1::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:2.2::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.5::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:3.0::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:2.4::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.9::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:2.2::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.8::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:2.1::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.7::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:2.0::~~professional~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.6::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.4::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.2::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.3::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.0::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.1::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:lyesoft:andexplorer:1.4::~~professional~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1974</vuln:cve-id>
+    <vuln:published-datetime>2014-04-19T15:55:07.640-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:05:34.687-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T15:03:48.263-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=lysesoft.andexplorerpro" xml:lang="en">https://play.google.com/store/apps/details?id=lysesoft.andexplorerpro</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=lysesoft.andexplorer" xml:lang="en">https://play.google.com/store/apps/details?id=lysesoft.andexplorer</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000037" xml:lang="en">JVNDB-2014-000037</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN22670349/index.html" xml:lang="en">JVN#22670349</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the LYSESOFT AndExplorer application before 20140403 and AndExplorerPro application before 20140405 for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1975">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:r-company:unzipper:1.0.1::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:r-company:unzipper:1.0.0::~~~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:r-company:unzipper:1.0.1::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:r-company:unzipper:1.0.0::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1975</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T01:18:18.830-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-18T11:59:37.623-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-18T11:58:53.513-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=org.rhorita777.unzipper" xml:lang="en">https://play.google.com/store/apps/details?id=org.rhorita777.unzipper</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000031" xml:lang="en">JVNDB-2014-000031</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN38227002/index.html" xml:lang="en">JVN#38227002</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN38227002/995495/index.html" xml:lang="en">http://jvn.jp/en/jp/JVN38227002/995495/index.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1976">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:yumenomachi:demaecan:2.1.0::~~~android~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:yumenomachi:demaecan:2.0.0::~~~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:yumenomachi:demaecan:2.1.0::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:yumenomachi:demaecan:2.0.0::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1976</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T01:18:18.907-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-18T12:05:27.273-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-18T12:05:20.710-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=com.demaecan.androidapp" xml:lang="en">https://play.google.com/store/apps/details?id=com.demaecan.androidapp</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000030" xml:lang="en">JVNDB-2014-000030</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN16263849/index.html" xml:lang="en">JVN#16263849</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1977">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5550"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5500"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5400"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5300"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5200"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5100"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5000"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4900"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4800"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4700"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4600"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4500"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4400"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4300"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4200"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4000"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:3400"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:3300"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:3200"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:3100"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:3000"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:2631"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:2546"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:6300::~~~android~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.4"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5550"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5500"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5400"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5300"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5200"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5100"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5000"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4900"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4800"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4700"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4600"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4500"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4400"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4300"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4200"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:4000"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:3400"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:3300"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:3200"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:3100"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:3000"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:2631"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:2546"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:6700::~~~android~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.1.2"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:5200</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:2546</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:3100</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:4000</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:4400</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:5550</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:4600</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:3000</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:4700</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:3400</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:4200</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:4800</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:5400</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:4900</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:5300</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:2631</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:3300</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:3200</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:4300</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:6300::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:5000</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:6700::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:5500</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:5100</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:4500</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1977</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T10:17:45.070-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-20T12:03:45.070-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-20T12:03:14.663-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027" xml:lang="en">JVNDB-2014-000027</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN81739241/index.html" xml:lang="en">JVN#81739241</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1978">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:6100::~~~android~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:6300::~~~android~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.4"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:6130::~~~android~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:6700::~~~android~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.1.2"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:6130::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:6300::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:6700::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:6100::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1978</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T10:17:45.103-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-20T12:02:34.990-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-20T12:02:34.363-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000028" xml:lang="en">JVNDB-2014-000028</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN05951929/index.html" xml:lang="en">JVN#05951929</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1979">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:6620::~~~android~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:6000::~~~android~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:6200::~~~android~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.1.2"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:5900::~~~android~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:6300::~~~android~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:6200::~~~android~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:nttdocomo:spmode_mail_android:6000::~~~android~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.4"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:5900::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:6620::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:6300::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:6000::~~~android~~</vuln:product>
+      <vuln:product>cpe:/a:nttdocomo:spmode_mail_android:6200::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1979</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T10:17:45.117-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-20T12:36:50.880-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-20T12:36:50.693-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029" xml:lang="en">JVNDB-2014-000029</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN89260331/index.html" xml:lang="en">JVN#89260331</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1982">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:alliedtelesis:img646bd_firmware:3.5"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:alliedtelesis:img646bd:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:alliedtelesis:at-rg634a_firmware:3.3%2b"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:alliedtelesis:at-rg634a:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:alliedtelesis:img624a_firmware:3.5"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:alliedtelesis:img624a:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:alliedtelesis:img616lh_firmware:%2b2.4"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:alliedtelesis:img616lh:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:alliedtelesis:at-rg634a_firmware:3.3%2b</vuln:product>
+      <vuln:product>cpe:/h:alliedtelesis:img646bd:-</vuln:product>
+      <vuln:product>cpe:/h:alliedtelesis:img616lh:-</vuln:product>
+      <vuln:product>cpe:/o:alliedtelesis:img624a_firmware:3.5</vuln:product>
+      <vuln:product>cpe:/h:alliedtelesis:at-rg634a:-</vuln:product>
+      <vuln:product>cpe:/o:alliedtelesis:img616lh_firmware:%2b2.4</vuln:product>
+      <vuln:product>cpe:/h:alliedtelesis:img624a:-</vuln:product>
+      <vuln:product>cpe:/o:alliedtelesis:img646bd_firmware:3.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1982</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:35.803-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T13:57:38.137-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:57:38.057-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32545" xml:lang="en">32545</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/340" xml:lang="en">20140326 [GTA-2014-01] - Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell.</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1983">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:remote_service_manager:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:remote_service_manager:3.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cybozu:remote_service_manager:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:remote_service_manager:3.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1983</vuln:cve-id>
+    <vuln:published-datetime>2014-04-19T15:55:07.670-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T15:12:44.837-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T15:12:44.790-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://cs.cybozu.co.jp/information/20130317notice01.php" xml:lang="en">http://cs.cybozu.co.jp/information/20130317notice01.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000039" xml:lang="en">JVNDB-2014-000039</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN10319260/index.html" xml:lang="en">JVN#10319260</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1984">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:remote_service_manager:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:remote_service_manager:3.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cybozu:remote_service_manager:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:remote_service_manager:3.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1984</vuln:cve-id>
+    <vuln:published-datetime>2014-04-19T15:55:07.687-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T15:16:56.590-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T15:16:56.527-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://cs.cybozu.co.jp/information/20130317notice02.php" xml:lang="en">http://cs.cybozu.co.jp/information/20130317notice02.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000040" xml:lang="en">JVNDB-2014-000040</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN00058727/index.html" xml:lang="en">JVN#00058727</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1985">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:redmine:redmine:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:redmine:redmine:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:redmine:redmine:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:redmine:redmine:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:redmine:redmine:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:redmine:redmine:2.5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:redmine:redmine:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:redmine:redmine:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:redmine:redmine:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:redmine:redmine:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:redmine:redmine:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:redmine:redmine:2.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1985</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T10:55:05.663-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T09:19:18.173-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T09:19:18.017-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.redmine.org/projects/redmine/wiki/Security_Advisories" xml:lang="en">http://www.redmine.org/projects/redmine/wiki/Security_Advisories</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3" xml:lang="en">https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.redmine.org/projects/redmine/wiki/Changelog_2_4" xml:lang="en">http://www.redmine.org/projects/redmine/wiki/Changelog_2_4</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.redmine.org/projects/redmine/wiki/Changelog" xml:lang="en">http://www.redmine.org/projects/redmine/wiki/Changelog</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57524" xml:lang="en">57524</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/84" xml:lang="en">[oss-security] 20140410 Re: CVE request: redmine open redirector</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1986">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:kokuyo:camiapp:1.21.1::~~~android~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:kokuyo:camiapp:1.21.1::~~~android~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1986</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:15.383-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:09.707-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T09:59:05.567-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://play.google.com/store/apps/details?id=jp.co.kokuyost.CamiApp" xml:lang="en">https://play.google.com/store/apps/details?id=jp.co.kokuyost.CamiApp</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000036" xml:lang="en">JVNDB-2014-000036</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN55438786/index.html" xml:lang="en">JVN#55438786</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1988">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1988</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:07.430-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T11:32:37.667-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T11:32:37.167-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.cybozu.com/ja-jp/article/8105" xml:lang="en">https://support.cybozu.com/ja-jp/article/8105</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000042" xml:lang="en">JVNDB-2014-000042</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN90519014/index.html" xml:lang="en">JVN#90519014</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1989">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1989</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:07.787-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T11:35:28.657-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T11:35:28.530-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.cybozu.com/ja/article/5264" xml:lang="en">https://support.cybozu.com/ja/article/5264</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000043" xml:lang="en">JVNDB-2014-000043</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN31230946/index.html" xml:lang="en">JVN#31230946</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1990">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:toshibatec:e-studio-283:-"/>
+        <cpe-lang:fact-ref name="cpe:/h:toshibatec:e-studio-233:-"/>
+        <cpe-lang:fact-ref name="cpe:/h:toshibatec:e-studio-282:-"/>
+        <cpe-lang:fact-ref name="cpe:/h:toshibatec:e-studio-232:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:toshibatec:e-studio-233:-</vuln:product>
+      <vuln:product>cpe:/h:toshibatec:e-studio-232:-</vuln:product>
+      <vuln:product>cpe:/h:toshibatec:e-studio-283:-</vuln:product>
+      <vuln:product>cpe:/h:toshibatec:e-studio-282:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1990</vuln:cve-id>
+    <vuln:published-datetime>2014-04-19T15:55:07.717-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T15:23:39.973-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T15:23:39.910-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.toshibatec.co.jp/page.jsp?id=4224" xml:lang="en">http://www.toshibatec.co.jp/page.jsp?id=4224</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000038" xml:lang="en">JVNDB-2014-000038</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN13313061/index.html" xml:lang="en">JVN#13313061</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authentication of administrators for requests that change passwords.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2013">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:artifex:mupdf:1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:artifex:mupdf:1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:artifex:mupdf:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:artifex:mupdf:1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:artifex:mupdf:1.3</vuln:product>
+      <vuln:product>cpe:/a:artifex:mupdf:1.2</vuln:product>
+      <vuln:product>cpe:/a:artifex:mupdf:1.1</vuln:product>
+      <vuln:product>cpe:/a:artifex:mupdf:1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2013</vuln:cve-id>
+    <vuln:published-datetime>2014-03-03T11:55:04.350-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T15:33:39.493-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-04T13:35:17.420-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.hdwsec.fr/blog/mupdf.html" xml:lang="en">http://www.hdwsec.fr/blog/mupdf.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/375" xml:lang="en">[oss-security] 20140218 Re: CVE request: MuPDF Stack-based Buffer Overflow in xps_parse_color()</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Jan/130" xml:lang="en">20140120 0day - MuPDF Stack-based Buffer Overflow in xps_parse_color()</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-02/msg00088.html" xml:lang="en">openSUSE-SU-2014:0309</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc" xml:lang="en">http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://bugs.ghostscript.com/show_bug.cgi?id=694957" xml:lang="en">http://bugs.ghostscript.com/show_bug.cgi?id=694957</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2014">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.580"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.569"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.567"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.558"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.554"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.547"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.542"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.525"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.518"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.516"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.508"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.504"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.500"/>
+        <cpe-lang:fact-ref name="cpe:/a:gilles_lamiral:imapsync:1.564"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.567</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.558</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.53</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.569</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.547</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.504</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.542</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.525</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.518</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.500</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.554</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.564</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.516</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.508</vuln:product>
+      <vuln:product>cpe:/a:gilles_lamiral:imapsync:1.580</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2014</vuln:cve-id>
+    <vuln:published-datetime>2014-04-18T18:14:35.980-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T12:19:29.213-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T12:19:23.870-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/378" xml:lang="en">[oss-security] 20140218 Re: CVE request: "imapsync ignores the --tls switch and sends my authentication plaintext."</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128293.html" xml:lang="en">FEDORA-2014-2505</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/imapsync/imapsync/issues/15" xml:lang="en">https://github.com/imapsync/imapsync/issues/15</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.mageia.org/show_bug.cgi?id=12770" xml:lang="en">https://bugs.mageia.org/show_bug.cgi?id=12770</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:060" xml:lang="en">MDVSA-2014:060</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.linux-france.org/prj/imapsync_list/msg01910.html" xml:lang="en">[imapsync_list] 20140122 Re: [imapsync] Upon certificate issues STARTTLS is ignored and the password sent in plaintext (#15)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.linux-france.org/prj/imapsync_list/msg01907.html" xml:lang="en">[imapsync_list] 20140120 Re: [imapsync] STARTTLS support (#15)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/367" xml:lang="en">[oss-security] 20140217 CVE request: "imapsync ignores the --tls switch and sends my authentication plaintext."</vuln:reference>
+    </vuln:references>
+    <vuln:summary>imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2016">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.8.0::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.8.1::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.8.2::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.8.3::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.0::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.1::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.2::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.3::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.4::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.5::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.6::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.7::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.8::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.9::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.10::community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.0:-:community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.1:-:community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.2:-:community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.3:-:community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.4:-:community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.5:-:community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.6:-:community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.7:-:community"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.8:-:community"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.1.0::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.1.1::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.1.2::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.1.3::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.0.0::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.0.1::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.0.2::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.0.3::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.0.4::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.0.5::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.0.6::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.0.7::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.0.8::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.0.9::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:5.0.10::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.0::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.1::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.2::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.3::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.4::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.5::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.6::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.7::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.8::enterprise"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.8.0::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.8.1::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.8.2::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.8.3::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.0::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.1::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.2::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.3::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.4::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.5::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.6::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.7::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.6.8::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.9::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.10::professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.0:-:professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.1:-:professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.2:-:professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.3:-:professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.4:-:professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.5:-:professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.6:-:professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.7:-:professional"/>
+        <cpe-lang:fact-ref name="cpe:/a:oxid-esales:eshop:4.7.8:-:professional"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.0:-:professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.1::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.0::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.4::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.5::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.6::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.7::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.10::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.2::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.3::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.0.6::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.0.5::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.0.4::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.0.3::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.0.2::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.0.1::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.0.0::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.0:-:community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.2::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.3::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.0.9::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.1.0::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.1.1::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.1.2::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.1.3::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.1:-:professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.8.3::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.8.2::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.5:-:professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.4:-:professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.3:-:professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.8.1::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.2:-:professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.8.0::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.4::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.8::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.8:-:professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.5::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.7:-:professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.2::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.6:-:professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.3::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.7::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.8:-:community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.6::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.0::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.9::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.8::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.1::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.9::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.0::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.1::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.0.10::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.1:-:community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.8::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.3:-:community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.10::community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.2:-:community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.8.0::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.5:-:community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.5::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.8.1::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.4:-:community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.4::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.8.2::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.7:-:community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.0.8::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.7::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.8.3::professional</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.7.6:-:community</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:5.0.7::enterprise</vuln:product>
+      <vuln:product>cpe:/a:oxid-esales:eshop:4.6.6::enterprise</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2016</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T14:21:48.233-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T10:36:14.110-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T10:36:13.547-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wiki.oxidforge.org/Security_bulletins/2014-001" xml:lang="en">http://wiki.oxidforge.org/Security_bulletins/2014-001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57438" xml:lang="en">57438</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2018">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.0:alpha"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1:alpha"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird_esr:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird_esr:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird_esr:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird_esr:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird_esr:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird_esr:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird_esr:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird_esr:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird_esr:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird_esr:17.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1:alpha</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.0:alpha</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird_esr:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird_esr:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird_esr:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird_esr:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird_esr:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird_esr:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.0:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird_esr:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird_esr:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird_esr:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird_esr:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2018</vuln:cve-id>
+    <vuln:published-datetime>2014-02-17T17:55:05.273-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-18T14:44:52.987-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T14:44:49.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/863369" xml:lang="en">VU#863369</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=875818" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=875818</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.vulnerability-lab.com/get_content.php?id=953" xml:lang="en">http://www.vulnerability-lab.com/get_content.php?id=953</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-14.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-14.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2019">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:apple:iphone_os:7.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.1</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.4</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.3</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0.2</vuln:product>
+      <vuln:product>cpe:/o:apple:iphone_os:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2019</vuln:cve-id>
+    <vuln:published-datetime>2014-02-18T06:55:17.027-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:45:41.410-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T19:53:18.393-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.youtube.com/watch?v=QnPk4RRWjic" xml:lang="en">http://www.youtube.com/watch?v=QnPk4RRWjic</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.apple.com/kb/HT6162" xml:lang="en">http://support.apple.com/kb/HT6162</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml" xml:lang="en">http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2020">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.0:alpha6"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.0:alpha5"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.0:alpha4"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.0:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.0:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.5.0:alpha1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:php:php:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.0:alpha1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.0:alpha3</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.0:alpha6</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.0:alpha4</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.0:alpha2</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.0:alpha5</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.5.0:beta3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2020</vuln:cve-id>
+    <vuln:published-datetime>2014-02-18T06:55:17.057-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-08T00:13:16.573-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-18T14:51:45.293-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01" xml:lang="en">https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.php.net/bug.php?id=66356" xml:lang="en">https://bugs.php.net/bug.php?id=66356</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2126-1" xml:lang="en">USN-2126-1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2024">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openclassifieds:open_classifieds_2:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openclassifieds:open_classifieds_2:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openclassifieds:open_classifieds_2:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openclassifieds:open_classifieds_2:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openclassifieds:open_classifieds_2:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openclassifieds:open_classifieds_2:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openclassifieds:open_classifieds_2:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:openclassifieds:open_classifieds_2:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:openclassifieds:open_classifieds_2:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:openclassifieds:open_classifieds_2:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openclassifieds:open_classifieds_2:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openclassifieds:open_classifieds_2:2.1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openclassifieds:open_classifieds_2:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:openclassifieds:open_classifieds_2:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:openclassifieds:open_classifieds_2:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:openclassifieds:open_classifieds_2:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:openclassifieds:open_classifieds_2:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:openclassifieds:open_classifieds_2:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:openclassifieds:open_classifieds_2:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:openclassifieds:open_classifieds_2:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:openclassifieds:open_classifieds_2:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:openclassifieds:open_classifieds_2:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:openclassifieds:open_classifieds_2:2.1</vuln:product>
+      <vuln:product>cpe:/a:openclassifieds:open_classifieds_2:2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2024</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T10:55:04.377-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T20:43:57.100-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T04:19:34.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/open-classifieds/openclassifieds2/commit/45ee8fb601a91b8a4238229580a32a4fd8d96ef9" xml:lang="en">https://github.com/open-classifieds/openclassifieds2/commit/45ee8fb601a91b8a4238229580a32a4fd8d96ef9</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23204" xml:lang="en">https://www.htbridge.com/advisory/HTB23204</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/open-classifieds/openclassifieds2/issues/556" xml:lang="en">https://github.com/open-classifieds/openclassifieds2/issues/556</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531428/100/0/threaded" xml:lang="en">20140312 Cross-Site Scripting (XSS) in Open Classifieds</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2033">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:bluecoat:proxysgos:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:bluecoat:proxysgos:6.1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:bluecoat:proxysgos:6.2.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:bluecoat:proxysgos:6.4.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:bluecoat:proxysgos:6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:bluecoat:proxysgos:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:bluecoat:proxysgos:6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:bluecoat:proxysgos:6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:bluecoat:proxysgos:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:bluecoat:proxysgos:5.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:bluecoat:proxysgos:5.5.11</vuln:product>
+      <vuln:product>cpe:/o:bluecoat:proxysgos:5.5</vuln:product>
+      <vuln:product>cpe:/o:bluecoat:proxysgos:6.1</vuln:product>
+      <vuln:product>cpe:/o:bluecoat:proxysgos:6.1.6.3</vuln:product>
+      <vuln:product>cpe:/o:bluecoat:proxysgos:6.3</vuln:product>
+      <vuln:product>cpe:/o:bluecoat:proxysgos:6.2.15.3</vuln:product>
+      <vuln:product>cpe:/o:bluecoat:proxysgos:6.2</vuln:product>
+      <vuln:product>cpe:/o:bluecoat:proxysgos:6.5</vuln:product>
+      <vuln:product>cpe:/o:bluecoat:proxysgos:6.4.6.1</vuln:product>
+      <vuln:product>cpe:/o:bluecoat:proxysgos:6.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2033</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T12:55:02.893-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T13:10:15.227-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.9</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T13:10:15.167-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/221620" xml:lang="en">VU#221620</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kb.bluecoat.com/index?page=content&amp;id=SA77" xml:lang="en">https://kb.bluecoat.com/index?page=content&amp;id=SA77</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2034">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.4.0::~~open_source~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.5.0::~~open_source~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.0::~~open_source~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.1::~~open_source~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.2::~~open_source~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.3::~~open_source~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.4::~~open_source~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.7.0::~~open_source~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.7.1::~~open_source~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.4.0::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.5.0::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.0::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.1::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.2::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.3::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.4::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.6.5::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.7.0::~~professional~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:sonatype:nexus:2.7.1::~~professional~~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sonatype:nexus:2.7.0::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.7.1::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.2::~~open_source~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.3::~~open_source~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.5.0::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.4.0::~~open_source~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.3::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.1::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.0::~~open_source~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.2::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.1::~~open_source~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.4::~~open_source~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.0::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.4::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.7.0::~~open_source~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.6.5::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.4.0::~~professional~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.5.0::~~open_source~~~</vuln:product>
+      <vuln:product>cpe:/a:sonatype:nexus:2.7.1::~~open_source~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2034</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T23:25:11.347-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T08:55:00.310-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T08:54:59.777-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API" xml:lang="en">https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.sonatype.org/advisories/archive/2014-03-03-Nexus" xml:lang="en">http://www.sonatype.org/advisories/archive/2014-03-03-Nexus</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65956" xml:lang="en">65956</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/104049" xml:lang="en">104049</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57142" xml:lang="en">57142</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2035">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:interworx:web_control_panel:5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:interworx:web_control_panel:5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:interworx:web_control_panel:5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:interworx:web_control_panel:5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:interworx:web_control_panel:5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:interworx:web_control_panel:5.0.11</vuln:product>
+      <vuln:product>cpe:/a:interworx:web_control_panel:5.0.10</vuln:product>
+      <vuln:product>cpe:/a:interworx:web_control_panel:5.0</vuln:product>
+      <vuln:product>cpe:/a:interworx:web_control_panel:5.0.13</vuln:product>
+      <vuln:product>cpe:/a:interworx:web_control_panel:5.0.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2035</vuln:cve-id>
+    <vuln:published-datetime>2014-02-27T10:55:15.670-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-28T10:32:57.063-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T10:32:57.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531191/100/0/threaded" xml:lang="en">20140220 [CVE-2014-2035] XSS in InterWorx Web Control Panel &lt;= 5.0.12</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19" xml:lang="en">http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.13 build 574 allows remote attackers to inject arbitrary web script or HTML via the i parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2038">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2038</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T01:18:54.617-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-16T00:45:41.973-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.7</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T13:08:48.560-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/263b4509ec4d47e0da3e753f85a39ea12d1eff24" xml:lang="en">https://github.com/torvalds/linux/commit/263b4509ec4d47e0da3e753f85a39ea12d1eff24</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=263b4509ec4d47e0da3e753f85a39ea12d1eff24" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=263b4509ec4d47e0da3e753f85a39ea12d1eff24</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1066939" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1066939</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2140-1" xml:lang="en">USN-2140-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2137-1" xml:lang="en">USN-2137-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/20/16" xml:lang="en">[oss-security] 20140221 Re: Re: CVE request: Linux kernel: nfs: information leakage</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.3" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.3</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2039">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2039</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T01:18:54.633-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-28T13:13:30.020-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T13:13:28.457-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/8d7f6690cedb83456edd41c9bd583783f0703bf0" xml:lang="en">https://github.com/torvalds/linux/commit/8d7f6690cedb83456edd41c9bd583783f0703bf0</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d7f6690cedb83456edd41c9bd583783f0703bf0" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d7f6690cedb83456edd41c9bd583783f0703bf0</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1067558" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1067558</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/20/14" xml:lang="en">[oss-security] 20140220 Re: CVE Request: Linux kernel: s390: crash due to linkage stack instruction</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5</vuln:reference>
+    </vuln:references>
+    <vuln:summary>arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2040">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:jordy_meow:media_file_renamer:1.7.0::~~~wordpress~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:jordy_meow:media_file_renamer:1.7.0::~~~wordpress~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2040</vuln:cve-id>
+    <vuln:published-datetime>2014-03-03T13:55:03.637-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T15:32:07.630-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-04T09:14:22.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.vapid.dhs.org/advisories/wordpress/plugins/MediaFileRenamer-1.7.0/index.html" xml:lang="en">http://www.vapid.dhs.org/advisories/wordpress/plugins/MediaFileRenamer-1.7.0/index.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65715" xml:lang="en">65715</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531270/100/0/threaded" xml:lang="en">20140226 Persistent XSS in Media File Renamer V1.7.0 wordpress plugin</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2042">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:4.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:2.94"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:2.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:2.81"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.7</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:2.94</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.8</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:2.91</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:2.81</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.71</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:4.3.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.3</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.8.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.4</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:5.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:4.9.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.6</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.7.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2042</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:06.563-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T08:18:50.870-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T08:18:50.713-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531914/100/0/threaded" xml:lang="en">20140423 CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/260" xml:lang="en">20140423 CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2043">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:procentia:intellipen:1.1.12.1520"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:procentia:intellipen:1.1.12.1520</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2043</vuln:cve-id>
+    <vuln:published-datetime>2014-03-13T10:55:05.313-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-13T14:22:50.210-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-13T14:22:42.883-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2043" xml:lang="en">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2043</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531426/100/0/threaded" xml:lang="en">20140312 CVE-2014-2043 - SQL Injection in Procentia IntelliPen</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32212" xml:lang="en">32212</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2047">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:6.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:owncloud:owncloud:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:6.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2047</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T12:55:05.613-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T15:36:46.027-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T07:17:35.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://owncloud.org/about/security/advisories/oC-SA-2014-001/" xml:lang="en">http://owncloud.org/about/security/advisories/oC-SA-2014-001/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2049">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:6.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.15</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.14</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.16</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.10</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.9</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.8</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.7</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.11</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.12</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.13</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.13</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.14</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.12</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.10</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.11</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.8</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.9</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.6</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.5</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.4</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.3</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.0</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.7</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.6</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.9</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.8</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.2</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.3</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.5</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.4</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.6</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.5</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.13</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.11</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.12</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.7</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2049</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T12:55:05.647-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T15:32:36.610-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T11:16:37.613-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://owncloud.org/about/security/advisories/oC-SA-2014-003/" xml:lang="en">http://owncloud.org/about/security/advisories/oC-SA-2014-003/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2057">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:4.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.14:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:6.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.15</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.14</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.16</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.10</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.9</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.8</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.7</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.11</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.12</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.13</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.13</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.14</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.12</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.10</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.11</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.14:a</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.8</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.9</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.6</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.5</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.4</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.3</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.0</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.7</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.6</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.9</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.8</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.2</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.3</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.5</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.4</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.6</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.5</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.13</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.11</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.0.7</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.12</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:4.5.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2057</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T12:31:08.480-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:16:57.047-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T12:53:15.523-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://owncloud.org/about/security/advisories/oC-SA-2014-007/" xml:lang="en">http://owncloud.org/about/security/advisories/oC-SA-2014-007/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2059">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.524"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.525"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.526"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.527"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.528"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.529"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.530"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.531"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.532"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.533"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.534"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.535"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.536"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.537"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.538"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.539"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.540"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.541"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.542"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.543"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.544"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.545"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.546"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.547"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.548"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.549"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.550"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.425"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.426"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.427"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.428"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.429"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.430"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.431"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.432"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.433"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.434"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.435"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.436"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.437"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.480.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.523"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.301"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.302"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.303"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.304"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.305"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.306"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.307"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.308"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.309"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.310"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.311"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.312"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.313"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.314"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.315"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.316"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.317"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.318"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.319"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.320"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.321"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.322"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.323"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.324"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.325"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.326"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.327"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.328"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.329"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.330"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.331"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.332"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.333"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.334"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.335"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.336"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.337"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.338"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.339"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.340"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.341"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.342"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.343"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.344"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.345"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.346"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.347"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.348"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.349"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.350"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.351"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.352"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.353"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.354"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.355"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.356"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.357"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.358"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.359"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.360"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.361"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.362"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.363"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.364"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.365"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.366"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.367"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.368"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.369"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.370"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.371"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.372"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.373"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.374"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.375"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.376"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.377"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.378"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.379"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.380"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.382"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.383"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.384"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.386"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.387"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.388"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.389"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.390"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.391"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.392"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.393"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.394"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.395"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.396"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.397"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.398"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.399"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.400"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.401"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.402"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.403"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.404"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.405"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.406"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.407"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.408"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.409"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.410"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.412"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.411"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.413"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.414"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.415"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.416"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.423"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.422"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.421"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.420"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.419"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.418"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.417"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.480.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.480.2:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.480.3:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.509.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.509.2:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.509.3:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.509.4:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.532.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.400::lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.400:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.400.0.12::lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.409.1::lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.409.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.409.2::lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.409.2:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.409.3:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424.2:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424.3:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424.4:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424.5:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424.6:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.447:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.447.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.447.2:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.466.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.466.2:-:lts"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.384</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.383</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.382</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.388</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.387</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.386</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.523</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.524</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.389</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.528</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.400.0.12::lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.380</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.527</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.526</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.525</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.529</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.447.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.433</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.432</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.431</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.324</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.430</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.325</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.351</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.326</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.350</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.353</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.352</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.355</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.354</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.356</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.437</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.435</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.320</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.436</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.322</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.434</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.321</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.323</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.328</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.327</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.329</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.447.2:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.357</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.358</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.359</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.402</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.403</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.401</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.409.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.409.3:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.409.2:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.400:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.400</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.407</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.406</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.405</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.404</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424.6:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424.5:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.408</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.371</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.302</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.373</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.303</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.372</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.304</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.409.2::lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.409.1::lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.378</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.375</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.374</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.377</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.376</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.550</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.370</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.301</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.466.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.466.2:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.379</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.309</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.532.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.306</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.305</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.308</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.307</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.509.2:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.509.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.426</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.427</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.428</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.429</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.422</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.509.4:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.337</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.509.3:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.336</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.420</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.335</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.421</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.338</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.339</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.423</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.332</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.333</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.425</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.330</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.331</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.334</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.396</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.530</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.397</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.531</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.398</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.399</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.532</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.538</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.539</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.536</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.537</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.368</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424.2:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.393</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.394</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.395</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.369</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424.4:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424.3:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.535</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.360</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.534</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.361</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.533</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.362</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.363</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.364</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.391</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.365</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.390</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.366</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.367</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.392</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.543</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.540</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.541</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.542</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.315</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.314</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.313</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.547</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.548</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.549</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.544</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.447:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.546</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.545</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.318</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.319</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.316</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.317</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.312</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.310</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.311</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.417</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.418</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.415</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.416</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.400::lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.419</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.346</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.410</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.348</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.347</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.411</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.340</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.349</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.480.3:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.480.2:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.409</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.480.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.345</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.414</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.341</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.413</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.342</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.412</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.480.3.1</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.343</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.344</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2059</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T19:01:09.387-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-04T14:16:27.153-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T06:30:28.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d" xml:lang="en">https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" xml:lang="en">https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91346" xml:lang="en">jenkins-cve20142059-dir-trav(91346)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/421" xml:lang="en">[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2067">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.524"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.525"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.526"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.527"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.528"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.529"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.530"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.531"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.532"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.533"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.534"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.535"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.536"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.537"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.538"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.539"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.540"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.541"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.542"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.543"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.544"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.545"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.546"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.547"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.548"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.549"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.550"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.425"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.426"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.427"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.428"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.429"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.430"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.431"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.432"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.433"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.434"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.435"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.436"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.437"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.480.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.523"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.301"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.302"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.303"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.304"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.305"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.306"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.307"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.308"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.309"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.310"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.311"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.312"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.313"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.314"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.315"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.316"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.317"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.318"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.319"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.320"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.321"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.322"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.323"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.324"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.325"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.326"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.327"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.328"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.329"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.330"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.331"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.332"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.333"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.334"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.335"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.336"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.337"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.338"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.339"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.340"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.341"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.342"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.343"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.344"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.345"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.346"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.347"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.348"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.349"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.350"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.351"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.352"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.353"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.354"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.355"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.356"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.357"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.358"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.359"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.360"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.361"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.362"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.363"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.364"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.365"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.366"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.367"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.368"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.369"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.370"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.371"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.372"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.373"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.374"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.375"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.376"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.377"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.378"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.379"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.380"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.382"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.383"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.384"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.386"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.387"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.388"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.389"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.390"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.391"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.392"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.393"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.394"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.395"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.396"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.397"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.398"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.399"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.400"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.401"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.402"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.403"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.404"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.405"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.406"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.407"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.408"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.409"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.410"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.412"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.411"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.413"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.414"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.415"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.416"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.423"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.422"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.421"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.420"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.419"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.418"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.417"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.480.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.480.2:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.480.3:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.509.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.509.2:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.509.3:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.509.4:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.532.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.400::lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.400:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.400.0.12::lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.409.1::lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.409.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.409.2::lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.409.2:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.409.3:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424.2:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424.3:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424.4:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424.5:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.424.6:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.447:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.447.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.447.2:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.466.1:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:cloudbees:jenkins:1.466.2:-:lts"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.384</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.383</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.382</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.388</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.387</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.386</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.523</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.524</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.389</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.528</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.400.0.12::lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.380</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.527</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.526</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.525</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.529</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.447.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.433</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.432</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.431</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.324</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.430</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.325</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.351</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.326</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.350</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.353</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.352</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.355</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.354</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.356</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.437</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.435</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.320</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.436</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.322</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.434</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.321</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.323</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.328</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.327</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.329</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.447.2:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.357</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.358</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.359</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.402</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.403</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.401</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.409.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.409.3:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.409.2:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.400:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.400</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.407</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.406</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.405</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.404</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424.6:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424.5:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.408</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.371</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.302</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.373</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.303</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.372</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.304</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.409.2::lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.409.1::lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.378</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.375</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.374</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.377</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.376</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.550</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.370</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.301</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.466.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.466.2:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.379</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.309</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.532.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.306</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.305</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.308</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.307</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.509.2:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.509.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.426</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.427</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.428</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.429</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.422</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.509.4:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.337</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.509.3:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.336</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.420</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.335</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.421</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.338</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.339</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.423</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.332</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.333</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.425</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.330</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.331</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.334</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.396</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.530</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.397</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.531</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.398</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.399</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.532</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.538</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.539</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.536</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.537</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.368</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424.2:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.393</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.394</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.395</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.369</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424.4:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.424.3:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.535</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.360</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.534</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.361</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.533</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.362</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.363</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.364</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.391</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.365</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.390</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.366</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.367</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.392</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.543</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.540</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.541</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.542</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.315</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.314</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.313</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.547</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.548</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.549</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.544</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.447:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.546</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.545</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.318</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.319</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.316</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.317</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.312</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.310</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.311</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.417</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.418</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.415</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.416</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.400::lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.419</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.346</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.410</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.348</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.347</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.411</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.340</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.349</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.480.3:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.480.2:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.409</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.480.1:-:lts</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.345</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.414</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.341</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.413</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.342</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.412</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.480.3.1</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.343</vuln:product>
+      <vuln:product>cpe:/a:cloudbees:jenkins:1.344</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2067</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T19:01:09.417-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:59:28.663-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T11:30:49.143-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" xml:lang="en">https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014" xml:lang="en">https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91354" xml:lang="en">jenkins-cve20142067-xss(91354)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/421" xml:lang="en">[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2075">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:enterprise_administrator:1.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:enterprise_administrator_sdk:1.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:tibco:enterprise_administrator:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:enterprise_administrator_sdk:1.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2075</vuln:cve-id>
+    <vuln:published-datetime>2014-02-27T06:55:03.627-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T14:26:43.250-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T14:26:42.627-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt" xml:lang="en">http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/mk/advisory.jsp" xml:lang="en">http://www.tibco.com/mk/advisory.jsp</vuln:reference>
+    </vuln:references>
+    <vuln:summary>TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2077">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.4.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.4.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2077</vuln:cve-id>
+    <vuln:published-datetime>2014-03-20T12:55:16.950-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:55:34.780-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T08:57:33.687-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57290" xml:lang="en">57290</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html" xml:lang="en">20140317 Open-Xchange Security Advisory 2014-03-17</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2080">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2080</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T19:01:09.590-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T10:34:52.187-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T10:34:52.060-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea" xml:lang="en">https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss" xml:lang="en">http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57038" xml:lang="en">57038</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/431" xml:lang="en">[oss-security] 20140224 Re: CVE request: XSS in MODX Revolution before 2.2.11</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Evolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2087">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:freedownloadmanager:free_download_manager:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:freedownloadmanager:free_download_manager:3.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:freedownloadmanager:free_download_manager:3.8</vuln:product>
+      <vuln:product>cpe:/a:freedownloadmanager:free_download_manager:3.9.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2087</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T13:04:17.203-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-19T10:23:55.160-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T10:23:55.113-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.rcesecurity.com/2014/03/cve-2014-2087-free-download-manager-cdownloads_deleted-updatedownload-remote-code-execution" xml:lang="en">https://www.rcesecurity.com/2014/03/cve-2014-2087-free-download-manager-cdownloads_deleted-updatedownload-remote-code-execution</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66211" xml:lang="en">66211</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2088">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ilias:ilias:4.4.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ilias:ilias:4.4.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2088</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T12:55:02.940-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T12:24:30.533-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T12:24:30.520-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html" xml:lang="en">http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2089">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ilias:ilias:4.4.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ilias:ilias:4.4.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2089</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T12:55:02.970-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T12:25:25.037-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T12:25:25.003-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html" xml:lang="en">http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2090">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ilias:ilias:4.4.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ilias:ilias:4.4.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2090</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T12:55:03.003-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:58:47.570-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T12:26:02.210-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html" xml:lang="en">http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2091">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:atutor:atutor:2.1.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:atutor:atutor:2.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2091</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T12:55:03.033-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T13:15:50.767-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T13:15:50.720-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125348/ATutor-2.1.1-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/125348/ATutor-2.1.1-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action.  NOTE: the original disclosure also reported issues that may not cross privilege boundaries.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2092">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.11.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.11.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2092</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T12:55:03.067-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:56:06.660-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T13:17:34.753-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125353/CMSMadeSimple-1.11.10-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/125353/CMSMadeSimple-1.11.10-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334.  NOTE: the original disclosure also reported issues that may not cross privilege boundaries.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2093">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.4.0.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.4.0.1</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.4.0.2</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.4.0</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.4.0.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2093</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T09:55:08.553-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-11T12:57:31.520-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-26T04:35:16.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1069396" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1069396</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/25/4" xml:lang="en">[oss-security] 20140225 Re: CVE request for catfish program</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/25/2" xml:lang="en">[oss-security] 20140225 Re: CVE request for catfish program</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2094">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.4.0.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.4.0.1</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.4.0.2</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.4.0</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.4.0.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2094</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T09:55:08.567-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-11T12:55:02.173-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-26T04:36:24.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1069396" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1069396</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/25/4" xml:lang="en">[oss-security] 20140225 Re: CVE request for catfish program</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/25/2" xml:lang="en">[oss-security] 20140225 Re: CVE request for catfish program</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the current working directory.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2095">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:1.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.8.0</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.6.3</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.6.4</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.6.2</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.6.0</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.8.2</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.8.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2095</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T09:55:08.583-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-11T12:56:27.457-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-26T04:39:46.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1069396" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1069396</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/25/4" xml:lang="en">[oss-security] 20140225 Re: CVE request for catfish program</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/25/2" xml:lang="en">[oss-security] 20140225 Re: CVE request for catfish program</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2096">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:0.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:catfish_project:catfish:1.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.8.0</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.6.3</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.6.4</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.6.2</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.6.0</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.8.2</vuln:product>
+      <vuln:product>cpe:/a:catfish_project:catfish:0.8.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2096</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T09:55:08.600-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-11T12:57:14.160-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-26T04:40:19.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1069396" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1069396</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/25/4" xml:lang="en">[oss-security] 20140225 Re: CVE request for catfish program</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/25/2" xml:lang="en">[oss-security] 20140225 Re: CVE request for catfish program</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2097">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2097</vuln:cve-id>
+    <vuln:published-datetime>2014-03-01T23:57:25.807-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T11:41:03.877-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T11:41:02.893-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f58eab151214d2d35ff0973f2b3e51c5eb372da4" xml:lang="en">http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f58eab151214d2d35ff0973f2b3e51c5eb372da4</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2098">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2098</vuln:cve-id>
+    <vuln:published-datetime>2014-03-01T23:57:25.823-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T11:41:11.487-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T11:41:11.440-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3" xml:lang="en">http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3</vuln:reference>
+    </vuln:references>
+    <vuln:summary>libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2099">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2099</vuln:cve-id>
+    <vuln:published-datetime>2014-03-01T23:57:25.840-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T11:42:20.253-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T11:42:18.770-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2" xml:lang="en">http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2102">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_contact_center_express_editor_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_contact_center_express_editor_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2102</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T20:55:04.307-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-27T16:31:52.980-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T04:09:20.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2102" xml:lang="en">20140225 Cisco Unified Contact Center Express CCMConfig Sensitive Information Disclosure Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2103">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:cisco:intrusion_prevention_system"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:6.0.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:7.0%281%29e3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:7.0%282%29e3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:7.0%282%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:7.0%283%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:7.0%284%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:7.0%285a%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:7.0%286%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:7.0%287%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:7.0%288%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:7.0%289%29e4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:intrusion_prevention_system:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:7.0%288%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:6.0.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:5.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:7.0%285a%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:7.0%289%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:7.0%286%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:7.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:7.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:7.0%287%29e4</vuln:product>
+      <vuln:product>cpe:/h:cisco:intrusion_prevention_system</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:7.0%282%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:7.0%282%29e3</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:7.0%283%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:7.0%284%29e4</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:intrusion_prevention_system:7.0%281%29e3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2103</vuln:cve-id>
+    <vuln:published-datetime>2014-02-27T15:55:06.957-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-28T11:48:16.063-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T11:48:15.860-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2103" xml:lang="en">20140227 Cisco IPS MainApp SNMP Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2104">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_domain_manager:9.0%28.1%29"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_domain_manager:9.0%28.1%29</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2104</vuln:cve-id>
+    <vuln:published-datetime>2014-03-01T23:57:25.870-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:57:28.223-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T11:39:48.610-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33111" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33111</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2104" xml:lang="en">20140227 Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2106">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.1s1"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3%283%29m"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3%283%29m1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.1s1</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3%283%29m1</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3%283%29m</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2106</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T17:55:08.940-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-28T09:30:52.210-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-28T09:30:51.270-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-sip" xml:lang="en">20140326 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2107">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.0%281%29se"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:12.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios:15.0%281%29se</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:12.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2107</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T17:55:08.987-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-28T09:41:30.357-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-28T09:41:26.543-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-RSP72010GE" xml:lang="en">20140326 Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2108">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.0%281%29se"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:12.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.9.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.9.1s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.8.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.8s%28.0%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.8s%28.1%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.8s%28.2%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.7.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.7.1s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.7.2s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.7s%28.0%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.7s%28.1%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.6.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.6.1s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.6.2s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.6s%28.0%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.6s%28.1%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.6s%28.2%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5.1s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5.2s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5.xs"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5s%28.0%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5s%28.1%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5s%28.2%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4.0as"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4.1s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4.2s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4.3s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4.4s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4.5s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4.xs"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4s%28.0%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4s%28.1%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4s%28.2%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4s%28.3%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4s%28.4%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4s%28.5%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.4s%28.6%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3.0sg"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3.1s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3.1sg"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3.2s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3.3s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3s%28.0%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3s%28.1%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3s%28.2%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.2s%28.2%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.2s%28.1%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.2s%28.0%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.2.4sg"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.2.3sg"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.2.2sg"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.2.2s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.2.1sg"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.2.1s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.2.0xo"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.2.0sg"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.2.0s"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3.2s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3.0sg</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.7s%28.0%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4s%28.6%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4s%28.2%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.8s%28.2%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.6s%28.0%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.7.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5.2s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3s%28.0%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.2s%28.0%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.6.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4.5s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.2.4sg</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.2s%28.1%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.9.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.2.2s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3.1sg</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.9.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4s%28.3%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.2.3sg</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.6s%28.1%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.8.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.6.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5s%28.0%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4.4s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5s%28.1%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4s%28.1%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.2.1sg</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.8s%28.0%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.2s%28.2%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4s%28.4%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.2.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.2.2sg</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4.3s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.6s%28.2%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.7.2s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5.xs</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.2.0xo</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3s%28.2%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3.3s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4.0as</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.2.0sg</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4s%28.0%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.7s%28.1%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.8s%28.1%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4.xs</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5s%28.2%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.2.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4s%28.5%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:12.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.0%281%29se</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.6.2s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.4.2s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.7.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3s%28.1%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2108</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T17:55:09.003-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-28T09:49:30.060-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-28T09:49:29.747-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ikev2" xml:lang="en">20140326 Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2109">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:12.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios:15.4</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:12.4</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:12.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:12.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2109</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T17:55:09.033-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-28T10:01:47.163-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-28T10:01:32.897-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat" xml:lang="en">20140326 Cisco IOS Software Network Address Translation Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2111">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:12.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios:15.4</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:12.4</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:12.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:12.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2111</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T17:55:09.063-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-28T10:06:04.780-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-28T10:06:04.717-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat" xml:lang="en">20140326 Cisco IOS Software Network Address Translation Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2112">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios:15.4</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2112</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T17:55:09.080-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-28T11:34:53.333-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-28T11:34:53.287-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn" xml:lang="en">20140326 Cisco IOS Software SSL VPN Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2113">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.1s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.1s1"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.9.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.9.1s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.8.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.8s%28.0%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.8s%28.1%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.8s%28.2%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.7.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.7.1s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.7.2s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.7s%28.0%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.7s%28.1%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5.xs"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5s%28.0%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5s%28.1%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5s%28.2%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.5.1s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3.0s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3.0sg"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3.1s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3.1sg"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3.2s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3.3s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3s%28.0%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3s%28.1%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.3s%28.2%29"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3.2s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5s%28.1%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3.0sg</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.7s%28.0%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.8s%28.0%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.8s%28.2%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.7.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.7.2s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3s%28.0%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5.xs</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3s%28.2%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3.3s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.1s1</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.7s%28.1%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.8s%28.1%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.9.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5s%28.2%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3.1sg</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.9.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.7.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.8.0s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.3s%28.1%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.5s%28.0%29</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2113</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T17:55:09.110-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-28T12:08:42.327-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-28T12:08:42.107-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ipv6" xml:lang="en">20140326 Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2114">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:emergency_responder:8.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:emergency_responder:8.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2114</vuln:cve-id>
+    <vuln:published-datetime>2014-04-04T11:10:20.293-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T12:51:05.043-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-04T12:51:00.573-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33644" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33644</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2114" xml:lang="en">20140403 Cisco Emergency Responder Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2115">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:emergency_responder:8.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:emergency_responder:8.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2115</vuln:cve-id>
+    <vuln:published-datetime>2014-04-04T11:10:37.387-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T12:50:04.243-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-04T08:47:07.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33643" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33643</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115" xml:lang="en">20140403 Cisco Emergency Responder Cross-Site Request Forgery Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2116">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:emergency_responder:8.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:emergency_responder:8.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2116</vuln:cve-id>
+    <vuln:published-datetime>2014-04-04T11:10:37.403-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T13:02:02.363-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-04T12:49:02.680-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33641" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33641</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116" xml:lang="en">20140403 Cisco Emergency Responder Dynamic Content Modification Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2117">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:emergency_responder:8.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:emergency_responder:8.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2117</vuln:cve-id>
+    <vuln:published-datetime>2014-04-04T11:10:37.450-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T13:01:51.363-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-04T13:01:46.330-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33642" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33642</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2117" xml:lang="en">20140403 Cisco Emergency Responder Open Redirect Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2118">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_security_manager:9.2.1-2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_security_manager:9.2.1-1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_security_manager:9.1.3-13"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_security_manager:9.1.3-10"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_security_manager:9.1.3-8"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_security_manager:9.1.2-42"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_security_manager:9.1.2-29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_security_manager:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_security_manager:9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:prime_security_manager:9.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:prime_security_manager:9.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_security_manager:9.1.2-29</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_security_manager:9.1.3-8</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_security_manager:9.1.2-42</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_security_manager:9.1.3-10</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_security_manager:9.2.1-1</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_security_manager:9.2.1-2</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_security_manager:9.1.3-13</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_security_manager:9.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:prime_security_manager:9.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2118</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T17:55:09.127-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-28T12:26:26.500-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-28T12:26:26.407-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33542" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33542</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2118" xml:lang="en">20140327 Cisco Prime Security Manager Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2119">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ironport_asyncos:7.9.1-039"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ironport_asyncos:8.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ironport_asyncos:8.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ironport_asyncos:8.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:content_security_management_appliance:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ironport_asyncos:7.6.2-201"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ironport_asyncos:8.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ironport_asyncos:8.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:email_security_appliance:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ironport_asyncos:8.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:ironport_asyncos:7.9.1-039</vuln:product>
+      <vuln:product>cpe:/o:cisco:ironport_asyncos:8.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:ironport_asyncos:8.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:content_security_management_appliance:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:email_security_appliance:-</vuln:product>
+      <vuln:product>cpe:/o:cisco:ironport_asyncos:7.6.2-201</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2119</vuln:cve-id>
+    <vuln:published-datetime>2014-03-20T21:04:02.937-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-21T10:13:32.373-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>8.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T10:13:29.277-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos" xml:lang="en">20140319 Cisco AsyncOS Software Code Execution Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2120">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2120</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T21:15:04.007-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-19T14:26:29.703-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T14:26:13.233-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120" xml:lang="en">20140318 Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2121">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:hosted_collaboration_solution:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:hosted_collaboration_solution:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2121</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T21:15:04.037-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:23.203-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T14:34:09.730-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029933" xml:lang="en">1029933</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66283" xml:lang="en">66283</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2121" xml:lang="en">20140318 Cisco Hosted Collaboration Solution Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2122">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:hosted_collaboration_solution:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:hosted_collaboration_solution:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2122</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T21:15:04.053-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:26.080-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T14:36:23.373-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91907" xml:lang="en">cisco-hosted-cve20142122-dos(91907)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029936" xml:lang="en">1029936</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66293" xml:lang="en">66293</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2122" xml:lang="en">20140318 Cisco Hosted Collaboration Solution Memory Leak Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2124">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.1%282%29sy3"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:catalyst_6500"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios:15.1%282%29sy3</vuln:product>
+      <vuln:product>cpe:/h:cisco:catalyst_6500</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2124</vuln:cve-id>
+    <vuln:published-datetime>2014-03-20T21:04:02.967-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:26.173-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T10:26:00.740-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91904" xml:lang="en">ciscoios-cve20142124-dos(91904)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029942" xml:lang="en">1029942</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66301" xml:lang="en">66301</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33413" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33413</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2124" xml:lang="en">20140319 Cisco IOS Software Sup2T Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57515" xml:lang="en">57515</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2125">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unity_connection:8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unity_connection:8.6%281a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unity_connection:8.6%282a%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unity_connection:8.6:%282a%29su3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unity_connection:8.6:%282a%29su2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unity_connection:8.6:%282a%29su1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unity_connection:8.6:%282%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unity_connection:8.6:%281%29"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unity_connection:8.6:%282a%29su3</vuln:product>
+      <vuln:product>cpe:/a:cisco:unity_connection:8.6:%282a%29su2</vuln:product>
+      <vuln:product>cpe:/a:cisco:unity_connection:8.6:%282%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unity_connection:8.6%282a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unity_connection:8.6%281a%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unity_connection:8.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:unity_connection:8.6:%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:unity_connection:8.6:%282a%29su1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2125</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T23:58:17.090-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-02T12:12:16.860-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T12:12:11.937-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33603" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33603</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2125" xml:lang="en">20140401 Cisco Unity Connection Cross-Site Scripting Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2126">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:9.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:9.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2126</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T00:34:50.930-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-10T14:04:08.210-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>8.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-10T14:04:08.053-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa" xml:lang="en">20140409 Multiple Vulnerabilities in Cisco ASA Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2127">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.3%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:9.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.3%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:9.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2127</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T00:34:50.960-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-10T14:09:34.750-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>8.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-10T14:09:34.643-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa" xml:lang="en">20140409 Multiple Vulnerabilities in Cisco ASA Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2128">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.3%281%29"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.3%281%29</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:9.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:9.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2128</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T00:34:51.007-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-10T14:22:38.107-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-10T14:22:16.497-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa" xml:lang="en">20140409 Multiple Vulnerabilities in Cisco ASA Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2129">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:8.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:8.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:9.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:9.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2129</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T00:34:51.037-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-10T14:29:00.573-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-10T14:29:00.527-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa" xml:lang="en">20140409 Multiple Vulnerabilities in Cisco ASA Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2131">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2131</vuln:cve-id>
+    <vuln:published-datetime>2014-03-28T21:55:07.327-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T12:07:27.930-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.1</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T12:07:27.883-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2131" xml:lang="en">20140328 Cisco IOS Software High Priority Queue Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2137">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:web_security_virtual_appliance:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:web_security_virtual_appliance:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:web_security_virtual_appliance:7.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:web_security_virtual_appliance:7.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:web_security_virtual_appliance:7.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:web_security_virtual_appliance:7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:web_security_virtual_appliance:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:web_security_virtual_appliance:7.7"/>
+        <cpe-lang:fact-ref name="cpe:/h:cisco:web_security_appliance:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:cisco:web_security_appliance:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:web_security_virtual_appliance:7.5.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:web_security_virtual_appliance:7.5.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:web_security_virtual_appliance:7.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:web_security_virtual_appliance:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:web_security_virtual_appliance:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:web_security_virtual_appliance:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:web_security_virtual_appliance:7.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:web_security_virtual_appliance:7.7</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2137</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T23:58:17.123-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-02T12:28:44.673-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T12:28:28.393-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33608" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2137" xml:lang="en">20140401 Cisco WSA HTTP Header Injection Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2138">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.2.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.2:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.1.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:4.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:4.0.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:4.0.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:4.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:4.0.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:4.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:4.0:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:4.2:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.3.1:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.3.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.3.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.3.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.3.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.3:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.3:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.3:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.2.2:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.2.2:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.2.2:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.2.2:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.2.2:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:security_manager:3.2:sp1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:security_manager:3.2:sp1</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.3.1:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:4.0.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:4.0.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:4.0:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.2:sp2</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.3:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.3:sp2</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.3:sp1</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:4.2:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.2.2:sp2</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.2.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.2.2:sp3</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.2.2:sp1</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.2.2:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.2.2:sp4</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:4.0.1:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:4.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:4.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:4.0:sp1</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.3.1:sp3</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.3.1:sp4</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.3.1:sp1</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.3.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.1.1:sp3</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:security_manager:4.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2138</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T23:58:17.137-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-02T12:56:56.573-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T12:56:51.120-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33607" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33607</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2138" xml:lang="en">20140401 Cisco Security Manager HTTP Header Redirection Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2139">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:ons_15454"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.2.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.2.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.4</vuln:product>
+      <vuln:product>cpe:/h:cisco:ons_15454</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.6</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2139</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.817-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T14:05:46.210-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T14:05:45.960-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33681" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33681</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2139" xml:lang="en">20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2140">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:ons_15454"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.2.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.2.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.4</vuln:product>
+      <vuln:product>cpe:/h:cisco:ons_15454</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.6</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2140</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.847-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T14:05:53.537-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T14:05:53.367-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33680" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33680</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2140" xml:lang="en">20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2141">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:ons_15454"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.2.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.2.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.4</vuln:product>
+      <vuln:product>cpe:/h:cisco:ons_15454</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.6</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2141</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T00:34:51.053-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-10T14:33:03.800-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-10T14:32:34.203-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33682" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33682</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2141" xml:lang="en">20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2142">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ons_15454_system_software:10.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ons_15454_system_software:9.8"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:cisco_ons_15454_system_software:9.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:ons_15454"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ons_15454_system_software:9.8</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.2.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.2.1</vuln:product>
+      <vuln:product>cpe:/o:cisco:ons_15454_system_software:10.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.4</vuln:product>
+      <vuln:product>cpe:/h:cisco:ons_15454</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.6</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:cisco_ons_15454_system_software:9.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2142</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.877-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T14:10:22.923-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T14:10:22.673-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33679" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33679</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2142" xml:lang="en">20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2143">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.4%281%29t"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.0%281%29se"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3%282%29s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3%283%29m"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3%283%29m1"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3%283%29m2"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3%283%29s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.3s"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios:15.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios:15.4</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.0%281%29se</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3%283%29m1</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3%283%29m2</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3%282%29s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.4%281%29t</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3%283%29m</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.3%283%29s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.0</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:-</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.2</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios:15.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2143</vuln:cve-id>
+    <vuln:published-datetime>2014-04-04T11:10:37.513-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T13:23:50.640-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-04T13:23:50.517-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33639" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33639</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2143" xml:lang="en">20140403 Cisco IOS Software IKE Main Mode Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2144">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xr"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios_xr</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2144</vuln:cve-id>
+    <vuln:published-datetime>2014-04-05T00:01:38.687-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-07T10:16:51.877-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.1</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-07T10:14:26.890-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2144" xml:lang="en">20140404 Cisco IOS XR Software ICMPv6 Redirect Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2145">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unity_connection:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unity_connection:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2145</vuln:cve-id>
+    <vuln:published-datetime>2014-04-05T00:01:38.700-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-07T10:27:32.103-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-07T10:27:23.243-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2145" xml:lang="en">20140404 Cisco Unity Connection Directory Traversal Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2154">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2154</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T07:52:59.790-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T10:09:17.650-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T10:09:17.617-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2154" xml:lang="en">20140422 Cisco ASA SIP Inspection Memory Leak Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Memory leak in the SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and instability) via crafted SIP packets, aka Bug ID CSCuf67469.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2155">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:cns_network_registrar:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:cns_network_registrar:7.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2155</vuln:cve-id>
+    <vuln:published-datetime>2014-04-19T17:55:07.087-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T15:59:10.873-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T15:59:10.813-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33850" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33850</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2155" xml:lang="en">20140417 Cisco Network Registrar DHCPv6 Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2156">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_2000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_990_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_880_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_770_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_550_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_6000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_3000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_95_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_85_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_75_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1700_mxp:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_3000_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_75_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_95_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_880_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_85_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_6000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_550_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_990_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1700_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_770_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_2000_mxp:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2156</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:07.977-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T11:49:05.840-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T11:49:05.340-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2157">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_2000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_990_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_880_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_770_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_550_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_6000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_3000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_95_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_85_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_75_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1700_mxp:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_3000_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_75_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_95_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_880_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_85_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_6000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_550_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_990_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1700_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_770_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_2000_mxp:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2157</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.007-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T12:03:27.213-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T12:03:26.963-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2158">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_2000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_990_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_880_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_770_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_550_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_6000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_3000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_95_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_85_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_75_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1700_mxp:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_3000_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_75_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_95_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_880_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_85_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_6000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_550_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_990_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1700_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_770_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_2000_mxp:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2158</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.037-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T12:18:44.133-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T12:18:43.603-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2159">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_2000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_990_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_880_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_770_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_550_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_6000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_3000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_95_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_85_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_75_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1700_mxp:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_3000_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_75_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_95_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_880_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_85_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_6000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_550_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_990_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1700_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_770_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_2000_mxp:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2159</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.070-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T12:23:55.550-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T12:23:55.317-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2160">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_2000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_990_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_880_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_770_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_550_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_6000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_3000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_95_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_85_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_75_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1700_mxp:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_3000_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_75_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_95_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_880_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_85_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_6000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_550_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_990_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1700_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_770_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_2000_mxp:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2160</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.100-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T12:40:58.290-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T12:40:57.930-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2161">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_2000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_990_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_880_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_770_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_550_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_6000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_3000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_95_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_85_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_75_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1700_mxp:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_3000_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_75_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_95_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_880_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_85_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_6000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_550_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_990_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1700_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_770_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_2000_mxp:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2161</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.117-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T12:43:40.373-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T12:43:40.200-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2162">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2162</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.147-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:14:17.070-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:14:14.103-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCud29566.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2163">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2163</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.180-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:13:53.820-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:13:50.697-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua64961.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2164">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2164</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.193-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:13:20.710-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:13:17.883-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCuj94651.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2165">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2165</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.227-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:12:54.537-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:12:52.367-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2166">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2166</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.240-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T13:41:32.207-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T13:41:31.647-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2167">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2167</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.273-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:12:16.380-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:12:14.223-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua86589.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2168">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2168</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.287-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:11:50.380-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:11:45.863-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2169">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2169</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.320-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:11:05.753-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:11:03.360-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal system scripts, aka Bug ID CSCue60211.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2170">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2170</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.337-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:00:25.717-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:00:25.403-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2171">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2171</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.367-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:10:31.783-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:10:29.673-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP packets, aka Bug ID CSCud81796.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2172">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2172</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.383-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:09:54.500-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:09:54.360-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2173">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2173</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.413-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:15:25.027-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:15:24.760-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2175">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2175</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.430-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:17:51.313-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:17:51.077-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2180">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_contact_center_enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_contact_center_express_editor_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_contact_center_enterprise</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_contact_center_express_editor_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2180</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.967-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T11:42:38.457-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T11:42:38.363-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2180" xml:lang="en">20140428 Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2182">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2182</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.997-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T11:46:24.903-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.1</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T11:46:24.870-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2182" xml:lang="en">20140428 Cisco ASA DHCPv6 Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun45520.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2183">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.2s"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.1s1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.1s"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.0s"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1001_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1002-x_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1002_fixed_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1002_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1004_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1006_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1013_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1023_router:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.1s1</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1006_router:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1023_router:-</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.0s</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1001_router:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1002-x_router:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1004_router:-</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1013_router:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1002_fixed_router:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1002_router:-</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.2s</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2183</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:04.013-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T12:19:28.250-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T12:19:27.877-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33971" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33971</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2183" xml:lang="en">20140428 Cisco IOS XE Software Malformed L2TP Packet Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2184">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2184</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:04.047-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T12:08:03.257-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T12:08:03.210-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2184" xml:lang="en">20140428 Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2185">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2185</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:04.077-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T12:08:08.930-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T12:08:08.900-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185" xml:lang="en">20140428 Cisco Unified Communications Manager CDR Management Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2186">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:webex_meetings_server:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:webex_meetings_server:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2186</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:05.207-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:56:16.513-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:56:16.467-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2186" xml:lang="en">20140429 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2205">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:epolicy_orchestrator:4.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:epolicy_orchestrator:4.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:epolicy_orchestrator:4.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:epolicy_orchestrator:4.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:epolicy_orchestrator:4.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:epolicy_orchestrator:4.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:epolicy_orchestrator:4.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:epolicy_orchestrator:4.6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mcafee:epolicy_orchestrator:4.6.5</vuln:product>
+      <vuln:product>cpe:/a:mcafee:epolicy_orchestrator:4.6.4</vuln:product>
+      <vuln:product>cpe:/a:mcafee:epolicy_orchestrator:4.6.7</vuln:product>
+      <vuln:product>cpe:/a:mcafee:epolicy_orchestrator:4.6.6</vuln:product>
+      <vuln:product>cpe:/a:mcafee:epolicy_orchestrator:4.6.2</vuln:product>
+      <vuln:product>cpe:/a:mcafee:epolicy_orchestrator:4.6.3</vuln:product>
+      <vuln:product>cpe:/a:mcafee:epolicy_orchestrator:4.6.1</vuln:product>
+      <vuln:product>cpe:/a:mcafee:epolicy_orchestrator:4.6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2205</vuln:cve-id>
+    <vuln:published-datetime>2014-02-26T10:55:08.983-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T23:51:01.877-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-27T11:06:08.767-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt" xml:lang="en">https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10065" xml:lang="en">https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10065</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65771" xml:lang="en">65771</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531255/100/0/threaded" xml:lang="en">20140225 [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57114" xml:lang="en">57114</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2206">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:getgosoft:getgo_download_manager:4.4.5.502"/>
+        <cpe-lang:fact-ref name="cpe:/a:getgosoft:getgo_download_manager:4.8.2.1346"/>
+        <cpe-lang:fact-ref name="cpe:/a:getgosoft:getgo_download_manager:4.9.0.1982"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:getgosoft:getgo_download_manager:4.9.0.1982</vuln:product>
+      <vuln:product>cpe:/a:getgosoft:getgo_download_manager:4.4.5.502</vuln:product>
+      <vuln:product>cpe:/a:getgosoft:getgo_download_manager:4.8.2.1346</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2206</vuln:cve-id>
+    <vuln:published-datetime>2014-03-05T11:37:40.500-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T15:05:24.417-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-05T15:05:24.387-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65913" xml:lang="en">65913</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531326/100/0/threaded" xml:lang="en">20140302 [CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.rcesecurity.com/2014/03/cve-2014-2206-getgo-download-manager-http-response-header-buffer-overflow-remote-code-execution" xml:lang="en">http://www.rcesecurity.com/2014/03/cve-2014-2206-getgo-download-manager-http-response-header-buffer-overflow-remote-code-execution</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2210">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ca:erwin_web_portal:9.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ca:erwin_web_portal:9.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2210</vuln:cve-id>
+    <vuln:published-datetime>2014-04-04T11:10:43.077-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-04T13:31:45.737-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-04T13:31:45.703-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B7F968A14-7407-4BCF-9EB1-EFE9F0E6D663%7D" xml:lang="en">https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B7F968A14-7407-4BCF-9EB1-EFE9F0E6D663%7D</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2211">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:posh_project:posh:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2211</vuln:cve-id>
+    <vuln:published-datetime>2014-03-03T11:55:04.380-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T15:32:54.630-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-04T13:46:23.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.sysdream.com/CVE-2014-2211_2214" xml:lang="en">http://www.sysdream.com/CVE-2014-2211_2214</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf" xml:lang="en">http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65817" xml:lang="en">65817</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/posh/svn/3540/" xml:lang="en">http://sourceforge.net/p/posh/svn/3540/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/444" xml:lang="en">[oss-security] 20140227 [CVE assignment notification] Multiple vulnerabilities in POSH</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2212">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.2:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.1:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.1:b"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.0:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.0:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.1:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.1:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.2:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.2:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.0:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:1.5:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:1.5:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:1.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:1.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:1.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:posh_project:posh:1.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:posh_project:posh:2.1:p2</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:1.3.2</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.1:p1</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.0:p1</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.1:b</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:1.5:beta</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:1.5:rc</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.0:rc</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.1:rc</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.2:rc</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.0:beta</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:1.4.2</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.2:-</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.0:-</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.0:beta</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.2:beta</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.0:-</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.1:-</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:1.5:-</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:posh_project:posh:2.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2212</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T13:55:05.670-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-02T11:03:51.423-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T11:03:14.860-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf" xml:lang="en">http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.sysdream.com/CVE-2014-2211_2214" xml:lang="en">http://www.sysdream.com/CVE-2014-2211_2214</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/444" xml:lang="en">[oss-security] 20140227 [CVE assignment notification] Multiple vulnerabilities in POSH</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2219">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cmsimple:cmsimple_classic:3.5.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cmsimple:cmsimple_classic:3.5.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2219</vuln:cve-id>
+    <vuln:published-datetime>2014-03-20T12:55:17.137-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:54:01.153-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T09:09:40.057-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23205" xml:lang="en">https://www.htbridge.com/advisory/HTB23205</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531527/100/0/threaded" xml:lang="en">20140319 Cross-Site Scripting (XSS) in CMSimple</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2231">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.1.1::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.1.2::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.2.1::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.2.2::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.2.3::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.2.4::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.0::~~pro~~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:i-doit:i-doit:1.0.2::~~pro~~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.1.2::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.1.1::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.0::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.0.2::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.2.4::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.2.1::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.2.2::~~pro~~~</vuln:product>
+      <vuln:product>cpe:/a:i-doit:i-doit:1.2.3::~~pro~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2231</vuln:cve-id>
+    <vuln:published-datetime>2014-02-27T10:55:15.687-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-02-28T10:27:20.240-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-02-28T10:27:17.663-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=141" xml:lang="en">http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=141</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56931" xml:lang="en">56931</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2234">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x:10.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:apple:mac_os_x:10.9.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2234</vuln:cve-id>
+    <vuln:published-datetime>2014-03-05T00:11:22.453-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T12:44:42.177-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-05T12:44:42.130-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://hynek.me/articles/apple-openssl-verification-surprises/" xml:lang="en">https://hynek.me/articles/apple-openssl-verification-surprises/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's documentation, which allows remote attackers to bypass extra verification within a custom application via a crafted certificate chain that is acceptable to TEA but not acceptable to that application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2235">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:askbot:askbot:0.7.48"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:askbot:askbot:0.7.48</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2235</vuln:cve-id>
+    <vuln:published-datetime>2014-03-05T11:37:40.703-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-05T15:15:24.680-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-05T15:15:24.540-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2" xml:lang="en">https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1070852" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1070852</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/28/8" xml:lang="en">[oss-security] 20140228 Re: CVE request: askbot xss</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57163" xml:lang="en">57163</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allows remote attackers to inject arbitrary web script or HTML via vectors related to the question search form.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2236">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:askbot:askbot:0.7.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:askbot:askbot:0.7.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:askbot:askbot:0.7.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:askbot:askbot:0.7.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:askbot:askbot:0.7.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:askbot:askbot:0.7.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:askbot:askbot:0.7.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:askbot:askbot:0.7.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:askbot:askbot:0.7.48"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:askbot:askbot:0.7.41</vuln:product>
+      <vuln:product>cpe:/a:askbot:askbot:0.7.40</vuln:product>
+      <vuln:product>cpe:/a:askbot:askbot:0.7.48</vuln:product>
+      <vuln:product>cpe:/a:askbot:askbot:0.7.46</vuln:product>
+      <vuln:product>cpe:/a:askbot:askbot:0.7.47</vuln:product>
+      <vuln:product>cpe:/a:askbot:askbot:0.7.45</vuln:product>
+      <vuln:product>cpe:/a:askbot:askbot:0.7.44</vuln:product>
+      <vuln:product>cpe:/a:askbot:askbot:0.7.43</vuln:product>
+      <vuln:product>cpe:/a:askbot:askbot:0.7.42</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2236</vuln:cve-id>
+    <vuln:published-datetime>2014-03-05T11:37:40.703-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:50:20.210-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T05:06:36.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/ASKBOT/askbot-devel/commit/a676a86b6b7a5737d4da4f59f71e037406f88d29" xml:lang="en">https://github.com/ASKBOT/askbot-devel/commit/a676a86b6b7a5737d4da4f59f71e037406f88d29</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2#diff-b693b4c02739be4b3231bece15b0eb87" xml:lang="en">https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2#diff-b693b4c02739be4b3231bece15b0eb87</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1070852" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1070852</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/02/28/8" xml:lang="en">[oss-security] 20140228 Re: CVE request: askbot xss</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57163" xml:lang="en">57163</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2237">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openstack:keystone:2013.1.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:keystone:2013.1.3</vuln:product>
+      <vuln:product>cpe:/a:openstack:keystone:2013.1.4</vuln:product>
+      <vuln:product>cpe:/a:openstack:keystone:2013.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:keystone:2013.1.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:keystone:2013.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2237</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:35:53.637-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T19:37:03.280-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T19:37:03.203-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.launchpad.net/keystone/+bug/1260080" xml:lang="en">https://bugs.launchpad.net/keystone/+bug/1260080</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/04/16" xml:lang="en">[oss-security] 20140304 [OSSA 2014-006] Trustee token revocation does not work with memcache  backend (CVE-2014-2237)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2238">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mantisbt:mantisbt:1.2.15"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.16</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.15</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.14</vuln:product>
+      <vuln:product>cpe:/a:mantisbt:mantisbt:1.2.13</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2238</vuln:cve-id>
+    <vuln:published-datetime>2014-03-05T11:37:41.047-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:49:32.693-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T10:16:00.663-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/490" xml:lang="en">[oss-security] 20140304 Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65903" xml:lang="en">65903</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mantisbt.org/blog/?p=288" xml:lang="en">http://www.mantisbt.org/blog/?p=288</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/456" xml:lang="en">[oss-security] 20140228 CVE request: MantisBT 1.2.13 SQL injection vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://mantisbt.domainunion.de/bugs/view.php?id=17055" xml:lang="en">http://mantisbt.domainunion.de/bugs/view.php?id=17055</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2240">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.1.8:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.1.8_rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.4.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.5</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.11</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.10</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.12</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.11</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.5</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.1.8:rc1</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.8</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:1.3.1</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.1</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.2</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.9</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.0</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.3.12</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.1.8_rc1</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2240</vuln:cve-id>
+    <vuln:published-datetime>2014-03-12T10:55:30.773-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:28.000-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-13T12:21:37.847-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.freetype.org/index.html" xml:lang="en">http://www.freetype.org/index.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2148-1" xml:lang="en">USN-2148-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029895" xml:lang="en">1029895</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66074" xml:lang="en">66074</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/projects/freetype/files/freetype2/2.5.3" xml:lang="en">http://sourceforge.net/projects/freetype/files/freetype2/2.5.3</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57447" xml:lang="en">57447</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57291" xml:lang="en">57291</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://savannah.nongnu.org/bugs/?41697" xml:lang="en">http://savannah.nongnu.org/bugs/?41697</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2241">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:freetype:freetype:2.5.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:13.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:freetype:freetype:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.5.1</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:13.10</vuln:product>
+      <vuln:product>cpe:/a:freetype:freetype:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2241</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T13:04:18.140-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:28.140-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T10:49:56.540-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969" xml:lang="en">http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2148-1" xml:lang="en">USN-2148-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/12/4" xml:lang="en">[oss-security] 20140312 Re: Two stack-based issues in freetype [NOT a request]</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57447" xml:lang="en">57447</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://savannah.nongnu.org/bugs/?41697" xml:lang="en">http://savannah.nongnu.org/bugs/?41697</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2242">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2242</vuln:cve-id>
+    <vuln:published-datetime>2014-03-01T23:57:25.887-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:56:56.677-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T11:55:46.820-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html" xml:lang="en">[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z" xml:lang="en">https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.wikimedia.org/show_bug.cgi?id=60771" xml:lang="en">https://bugzilla.wikimedia.org/show_bug.cgi?id=60771</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1071135" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1071135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/01/2" xml:lang="en">[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/28/1" xml:lang="en">[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release</vuln:reference>
+    </vuln:references>
+    <vuln:summary>includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2243">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2243</vuln:cve-id>
+    <vuln:published-datetime>2014-03-01T23:57:25.917-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:55:01.720-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T11:57:46.540-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html" xml:lang="en">[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z" xml:lang="en">https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.wikimedia.org/show_bug.cgi?id=61346" xml:lang="en">https://bugzilla.wikimedia.org/show_bug.cgi?id=61346</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1071136" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1071136</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/01/2" xml:lang="en">[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/28/1" xml:lang="en">[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release</vuln:reference>
+    </vuln:references>
+    <vuln:summary>includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2244">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2244</vuln:cve-id>
+    <vuln:published-datetime>2014-03-01T23:57:25.950-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:48:05.320-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T11:58:37.543-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html" xml:lang="en">[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb,n,z" xml:lang="en">https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb,n,z</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.wikimedia.org/show_bug.cgi?id=61362" xml:lang="en">https://bugzilla.wikimedia.org/show_bug.cgi?id=61362</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1071139" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1071139</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/01/2" xml:lang="en">[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/02/28/1" xml:lang="en">[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2245">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.11.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:cmsmadesimple:cms_made_simple:0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.2</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.6</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.9</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.8</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.7</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.0</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.4.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.11.2</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.5.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.11.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.13</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.2.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.12.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.12.2</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.11.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.10</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.11.2</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.11</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.11.3</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.12</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.11.4</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.6.3</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.11.5</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.6.2</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.11.9</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.3.2</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.10.2</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.10.3</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.10.4</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.3.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.11.7</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.11.6</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.11.8</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.11.2.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.10.3</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.1.3.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.3</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.4</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.5</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.10</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:1.11</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.8.1</vuln:product>
+      <vuln:product>cpe:/a:cmsmadesimple:cms_made_simple:0.8.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2245</vuln:cve-id>
+    <vuln:published-datetime>2014-03-05T11:37:41.063-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-07T14:43:02.667-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-06T05:26:26.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65953" xml:lang="en">65953</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56996" xml:lang="en">56996</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/467" xml:lang="en">[oss-security] 20140301 Re: CVE request: CMS Made Simple SQL injection fixed in 1.11.10</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://dev.cmsmadesimple.org/project/changelog/4602" xml:lang="en">http://dev.cmsmadesimple.org/project/changelog/4602</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php.  NOTE: some of these details are obtained from third party information.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2246">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2246</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.773-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T20:59:21.693-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T12:49:44.937-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2247">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2247</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.803-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T20:58:11.300-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T08:59:00.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2248">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2248</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.820-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T21:02:43.933-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T13:04:22.367-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2249">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2249</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.850-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T00:57:55.257-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T13:07:15.527-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2250">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1212c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1215c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1217c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1214c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu-1211c:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu-1211c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1212c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1217c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1215c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1214c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2250</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.557-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T11:47:18.813-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>8.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T11:47:16.733-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2251">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2251</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.867-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T21:01:16.883-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>8.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T13:10:57.127-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2252">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1212c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1215c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1217c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1214c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu-1211c:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu-1211c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1212c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1217c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1215c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1214c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2252</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.573-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T11:51:59.900-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.1</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T11:51:59.820-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2253">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2253</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.897-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T21:11:56.857-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.1</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T13:13:15.333-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2254">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1212c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1215c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1217c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1214c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu-1211c:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu-1211c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1212c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1217c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1215c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1214c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2254</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.590-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T11:59:15.897-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T11:59:15.757-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2255">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2255</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.913-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T21:15:25.617-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T13:16:56.790-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2256">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1212c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1215c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1217c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1214c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu-1211c:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu-1211c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1212c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1217c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1215c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1214c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2256</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.590-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T12:00:33.980-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T12:00:28.713-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2257">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2257</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.943-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T21:52:03.783-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T13:20:23.013-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2258">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1212c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1215c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1217c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1214c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu-1211c:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu-1211c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1212c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1217c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1215c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1214c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2258</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.607-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T12:01:21.230-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T12:01:21.153-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2259">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.2</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.0.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7-1500_cpu_firmware:1.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2259</vuln:cve-id>
+    <vuln:published-datetime>2014-03-16T10:06:45.960-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T21:02:54.153-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T13:21:42.187-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2260">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ajenti:ajenti:1.2.13"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ajenti:ajenti:1.2.13</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2260</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T19:58:26.733-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T11:42:19.917-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T11:42:19.870-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310" xml:lang="en">https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/Eugeny/ajenti/issues/233" xml:lang="en">https://github.com/Eugeny/ajenti/issues/233</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64982" xml:lang="en">64982</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102174" xml:lang="en">102174</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2262">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sas:base_sas:9.2:ts2m"/>
+        <cpe-lang:fact-ref name="cpe:/a:sas:base_sas:9.3:ts1m1"/>
+        <cpe-lang:fact-ref name="cpe:/a:sas:base_sas:9.3:ts1m2"/>
+        <cpe-lang:fact-ref name="cpe:/a:sas:base_sas:9.4:ts1m0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sas:base_sas:9.3:ts1m2</vuln:product>
+      <vuln:product>cpe:/a:sas:base_sas:9.4:ts1m0</vuln:product>
+      <vuln:product>cpe:/a:sas:base_sas:9.3:ts1m1</vuln:product>
+      <vuln:product>cpe:/a:sas:base_sas:9.2:ts2m</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2262</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T19:55:05.623-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T11:15:58.777-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T11:15:58.730-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140227-0_SAS_Buffer_overflow_v10.txt" xml:lang="en">https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140227-0_SAS_Buffer_overflow_v10.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65853" xml:lang="en">65853</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531283/100/0/threaded" xml:lang="en">20140227 SEC Consult SA-20140227-0 :: Local Buffer Overflow vulnerability in SAS for Windows (Statistical Analysis System)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.sas.com/kb/51/701.html" xml:lang="en">http://support.sas.com/kb/51/701.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57029" xml:lang="en">57029</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2263">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ffmpeg:ffmpeg:2.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:ffmpeg:ffmpeg:2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2263</vuln:cve-id>
+    <vuln:published-datetime>2014-02-28T19:55:05.657-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T11:28:20.810-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T11:28:20.763-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.videolan.org/?p=ffmpeg.git;a=commit;h=842b6c14bc" xml:lang="en">http://git.videolan.org/?p=ffmpeg.git;a=commit;h=842b6c14bc</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91174" xml:lang="en">ffmpeg-mpegtswritepmt-bo(91174)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65560" xml:lang="en">65560</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56971" xml:lang="en">56971</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2264">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:synology:diskstation_manager:4.3-3810:1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:synology:diskstation_manager:4.3-3810:1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2264</vuln:cve-id>
+    <vuln:published-datetime>2014-03-02T12:55:03.097-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-03T15:47:16.803-05:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-03T09:30:01.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/534284" xml:lang="en">VU#534284</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://forum.synology.com/enu/viewtopic.php?f=173&amp;t=77644" xml:lang="en">http://forum.synology.com/enu/viewtopic.php?f=173&amp;t=77644</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2265">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:rocklobster:contact_form_7:3.7.1::~~~wordpress~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:rocklobster:contact_form_7:3.6::~~~wordpress~~"/>
+          <cpe-lang:fact-ref name="cpe:/a:rocklobster:contact_form_7:3.7::~~~wordpress~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:rocklobster:contact_form_7:3.6::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:rocklobster:contact_form_7:3.7::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:rocklobster:contact_form_7:3.7.1::~~~wordpress~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2265</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.397-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T00:17:57.497-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T14:13:25.807-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://contactform7.com/2014/02/26/contact-form-7-372/" xml:lang="en">http://contactform7.com/2014/02/26/contact-form-7-372/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/" xml:lang="en">http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wordpress.org/plugins/contact-form-7/changelog" xml:lang="en">http://wordpress.org/plugins/contact-form-7/changelog</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2269">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:vtiger:vtiger_crm:6.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:vtiger:vtiger_crm:6.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2269</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T09:06:28.523-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T12:31:24.980-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-22T12:31:24.807-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html" xml:lang="en">[Vtigercrm-developers] 20140316 IMP: forgot password and re-installation security fix</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66758" xml:lang="en">66758</vuln:reference>
+    </vuln:references>
+    <vuln:summary>modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2270">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.09"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.08"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.07"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.06"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.05"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.04"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:christos_zoulas:file:5.00"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tim_robbins:libmagic:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.07</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.08</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.09</vuln:product>
+      <vuln:product>cpe:/a:tim_robbins:libmagic:-</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.06</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.14</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.05</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.04</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.13</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.03</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.16</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.02</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.15</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.01</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.10</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.00</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.12</vuln:product>
+      <vuln:product>cpe:/a:christos_zoulas:file:5.11</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2270</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T11:55:05.667-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:23.863-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T09:29:44.037-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801" xml:lang="en">https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://bugs.gw.com/view.php?id=313" xml:lang="en">http://bugs.gw.com/view.php?id=313</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2163-1" xml:lang="en">USN-2163-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2162-1" xml:lang="en">USN-2162-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.php.net/ChangeLog-5.php" xml:lang="en">http://www.php.net/ChangeLog-5.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2873" xml:lang="en">DSA-2873</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/505" xml:lang="en">[oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/504" xml:lang="en">[oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/473" xml:lang="en">[oss-security] 20140303 CVE Request: file: crashes when checking softmagic for some corrupt PE executables</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html" xml:lang="en">openSUSE-SU-2014:0435</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html" xml:lang="en">openSUSE-SU-2014:0367</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html" xml:lang="en">openSUSE-SU-2014:0364</vuln:reference>
+    </vuln:references>
+    <vuln:summary>softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2276">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:connectrix_manager:12.1.2:-:~-~converged_network_edition~~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:connectrix_manager:12.1.2:-:~-~converged_network_edition~~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2276</vuln:cve-id>
+    <vuln:published-datetime>2014-03-21T10:55:07.160-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:31.047-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T12:57:08.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91987" xml:lang="en">connectrix-cve20142276-info-disc(91987)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029939" xml:lang="en">1029939</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66308" xml:lang="en">66308</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57513" xml:lang="en">57513</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0115.html" xml:lang="en">20140318 ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2280">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:seeddms:seeddms:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:seeddms:seeddms:3.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:seeddms:seeddms:4.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:seeddms:seeddms:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:seeddms:seeddms:3.3.12</vuln:product>
+      <vuln:product>cpe:/a:seeddms:seeddms:3.4.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2280</vuln:cve-id>
+    <vuln:published-datetime>2014-03-20T12:55:17.260-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T19:03:18.233-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T09:22:49.083-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91830" xml:lang="en">seeddms-cve20142280-xss(91830)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG" xml:lang="en">http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57475" xml:lang="en">57475</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125726" xml:lang="en">http://packetstormsecurity.com/files/125726</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-03/0101.html" xml:lang="en">20140314 Multiple Vulnerabilities in SeedDMS &lt; = 4.3.3</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2281">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.2</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.10</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.1</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.12</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.0</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.11</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.6</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.7</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.5</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.8</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.9</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.3</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.4</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.4</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.5</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2281</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:01:10.077-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:24.270-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T11:54:18.083-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672" xml:lang="en">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://anonsvn.wireshark.org/viewvc?view=revision&amp;revision=54875" xml:lang="en">http://anonsvn.wireshark.org/viewvc?view=revision&amp;revision=54875</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875&amp;r2=54874&amp;pathrev=54875" xml:lang="en">http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875&amp;r2=54874&amp;pathrev=54875</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.wireshark.org/security/wnpa-sec-2014-01.html" xml:lang="en">http://www.wireshark.org/security/wnpa-sec-2014-01.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2871" xml:lang="en">DSA-2871</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57489" xml:lang="en">57489</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57480" xml:lang="en">57480</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0342.html" xml:lang="en">RHSA-2014:0342</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0341.html" xml:lang="en">RHSA-2014:0341</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" xml:lang="en">openSUSE-SU-2014:0383</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" xml:lang="en">openSUSE-SU-2014:0382</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2282">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.5</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.4</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.3</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2282</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:01:10.093-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:31.627-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T11:56:16.430-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://anonsvn.wireshark.org/viewvc?view=revision&amp;revision=51608" xml:lang="en">http://anonsvn.wireshark.org/viewvc?view=revision&amp;revision=51608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-m3ua.c?r1=51608&amp;r2=51607&amp;pathrev=51608" xml:lang="en">http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-m3ua.c?r1=51608&amp;r2=51607&amp;pathrev=51608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699" xml:lang="en">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.wireshark.org/security/wnpa-sec-2014-02.html" xml:lang="en">http://www.wireshark.org/security/wnpa-sec-2014-02.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57480" xml:lang="en">57480</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" xml:lang="en">openSUSE-SU-2014:0382</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2283">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.2</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.10</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.1</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.12</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.0</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.11</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.6</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.7</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.5</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.8</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.9</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.3</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.4</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.4</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.5</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2283</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:01:10.263-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:24.537-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T12:00:19.030-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=217293ba4a0353bf5d657e74fe8623dd3c86fe08" xml:lang="en">https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=217293ba4a0353bf5d657e74fe8623dd3c86fe08</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9802" xml:lang="en">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9802</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730" xml:lang="en">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.wireshark.org/security/wnpa-sec-2014-03.html" xml:lang="en">http://www.wireshark.org/security/wnpa-sec-2014-03.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2871" xml:lang="en">DSA-2871</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57489" xml:lang="en">57489</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57480" xml:lang="en">57480</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0342.html" xml:lang="en">RHSA-2014:0342</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" xml:lang="en">openSUSE-SU-2014:0383</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" xml:lang="en">openSUSE-SU-2014:0382</vuln:reference>
+    </vuln:references>
+    <vuln:summary>epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2284">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.5.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.7</vuln:product>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.6</vuln:product>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.5</vuln:product>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.7.1</vuln:product>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.7.2</vuln:product>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.6.1.1</vuln:product>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.5.1.1</vuln:product>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.6.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2284</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T12:43:02.177-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:05:56.453-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T14:45:57.530-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2166-1" xml:lang="en">USN-2166-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/" xml:lang="en">[net-snmp-announce] 20140225 Multiple Security-fix Net-SNMP Releases: 5.5.2.1, 5.6.2.1, and 5.7.2.1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57870" xml:lang="en">57870</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57583" xml:lang="en">57583</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57526" xml:lang="en">57526</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0321.html" xml:lang="en">RHSA-2014:0321</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html" xml:lang="en">openSUSE-SU-2014:0399</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html" xml:lang="en">openSUSE-SU-2014:0398</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://comments.gmane.org/gmane.comp.security.oss.general/12284" xml:lang="en">[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2285">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.7.3:pre1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.7.3:pre1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2285</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T18:55:05.990-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T15:43:31.097-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T15:43:31.067-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1072778" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1072778</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1072044" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1072044</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html" xml:lang="en">http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/net-snmp/patches/1275/" xml:lang="en">http://sourceforge.net/p/net-snmp/patches/1275/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html" xml:lang="en">openSUSE-SU-2014:0399</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html" xml:lang="en">openSUSE-SU-2014:0398</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://comments.gmane.org/gmane.comp.security.oss.general/12284" xml:lang="en">[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2286">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:11.8.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:11.8.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:11.8.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:11.8.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.26.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.26.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.25.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.25.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.25.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.24.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.24.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.24.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.23.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.23.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.23.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.23.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.23.0:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.22.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.22.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.22.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.21.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.21.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.21.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.2:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.2:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.1:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.0:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.19.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.18.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.17.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.17.0:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.16.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.15.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.1:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.0:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.1:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.0:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.13.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.13.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.15.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.16.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.16.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.17.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.17.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.17.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.18.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.19.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.19.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.5:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.6.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.6.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.7.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.7.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:fedoraproject:fedora:20"/>
+        <cpe-lang:fact-ref name="cpe:/o:fedoraproject:fedora:19"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:11.6:cert1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:11.6:cert1_rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:11.6:cert1_rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:11.6.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:11.6.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:11.6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.14.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.14.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.13.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.13.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.13.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.12.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.12.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.12.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.12.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.11.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.11.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.11.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.11.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.10.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.10.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.10.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.10.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.10.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.9.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.9.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.9.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.9.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.8.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.8.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.8.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.8.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.8.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.8.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.7.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.7.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.7.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.6.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.6.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.6.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.5.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.5.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.4.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.4.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.4.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.3.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.2.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.1.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:beta1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.24.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.23.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.19.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.21.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.19.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.19.0</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.13.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.15.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.15.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.5.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.23.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.8.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.16.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.8.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.8.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:11.8.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:11.8.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.8.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:11.8.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.8.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.6.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.13.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.13.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.6.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.15.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.5:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.25.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.25.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.19.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.19.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.7.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.17.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.17.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.3.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.24.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.17.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.24.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:11.6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:11.6.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.1:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.22.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.1:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.0:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.26.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.13.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.13.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.16.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.4.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.7.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.7.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.2.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.18.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.18.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:11.8.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.5</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.6.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.18.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.6.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.2.3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.2.4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.2.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.2.2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.22.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4.3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.8.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4.4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.23.0:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.7.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.7.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.17.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4.2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.22.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.6.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.9.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.6.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:-</vuln:product>
+      <vuln:product>cpe:/o:fedoraproject:fedora:19</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.0</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:11.6:cert1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.15.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.3.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.3.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.25.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.12.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.12.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.10.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.12.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.1.2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.11.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.1:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.1.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.13.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.1.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.7.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.7.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3.1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.5.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3.3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3.2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.0:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.1:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.18.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.2:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:11.6.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.21.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.21.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.9.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.9.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.9.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.5.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.23.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.17.0:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.23.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.26.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.24.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.1:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.4.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.4.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.2:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.4.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.13.0</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.1:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.0:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.11.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.10.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.11.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.10.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.16.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.10.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.16.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.12.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.10.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.11.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.14.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.14.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:11.6:cert1_rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:11.6:cert1_rc1</vuln:product>
+      <vuln:product>cpe:/o:fedoraproject:fedora:20</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.17.0:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2286</vuln:cve-id>
+    <vuln:published-datetime>2014-04-18T18:14:37.917-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T13:20:45.550-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T13:20:44.503-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://downloads.asterisk.org/pub/security/AST-2014-001.html" xml:lang="en">http://downloads.asterisk.org/pub/security/AST-2014-001.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff" xml:lang="en">http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://issues.asterisk.org/jira/browse/ASTERISK-23340" xml:lang="en">https://issues.asterisk.org/jira/browse/ASTERISK-23340</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66093" xml:lang="en">66093</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:078" xml:lang="en">MDVSA-2014:078</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html" xml:lang="en">FEDORA-2014-3762</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html" xml:lang="en">FEDORA-2014-3779</vuln:reference>
+    </vuln:references>
+    <vuln:summary>main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2287">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:11.6:cert1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:11.6:cert1_rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:11.6:cert1_rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:11.6.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:11.6.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:11.6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.15:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.14.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.14.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.13.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.13.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.13.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.12.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.12.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.12.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.12.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.11.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.11.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.11.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.11.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.10.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.10.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.10.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.10.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.10.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.9.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.9.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.9.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.9.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.8.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.8.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.8.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.8.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.8.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.8.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.7.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.7.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.7.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.6.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.6.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.6.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.5.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.5.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.4.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.4.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.4.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.3.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.2.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.1.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:certified_asterisk:1.8.0.0:beta1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:11.8.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:11.8.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:11.8.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:11.8.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.26.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.26.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.25.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.25.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.25.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.24.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.24.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.24.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.23.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.23.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.23.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.23.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.23.0:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.22.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.22.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.22.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.21.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.21.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.21.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.2:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.2:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.1:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.0:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.19.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.18.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.17.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.17.0:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.16.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.15.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.1:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.0:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.1:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.0:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:patch"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.12.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.13.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.13.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.15.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.16.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.16.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.17.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.17.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.17.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.18.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.19.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.19.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.20.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.5:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.6.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.6.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.7.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.7.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:1.8.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:fedoraproject:fedora:20"/>
+        <cpe-lang:fact-ref name="cpe:/o:fedoraproject:fedora:19"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.24.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.23.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.19.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.21.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.19.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.19.0</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.13.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.15.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.15.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.5.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.23.1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.8.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.16.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.8.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.8.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:11.8.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:11.8.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.8.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:11.8.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.8.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.6.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.13.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.13.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.6.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.15.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.5:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.25.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.25.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.19.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.19.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.7.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.17.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.17.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.3.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.24.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.17.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.24.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:11.6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:11.6.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.1:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.22.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.1:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.0:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.26.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.13.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.13.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.16.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.0</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.4.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.7.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.7.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.0.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.2.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.18.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.18.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.5</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:11.8.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.6.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.18.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.6.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.2.3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.2.4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.2.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.2.2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.22.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4.3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4.4</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.8.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.23.0:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.7.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.7.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.17.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4.2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.4.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.6.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.22.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.9.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.6.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:-</vuln:product>
+      <vuln:product>cpe:/o:fedoraproject:fedora:19</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.12.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:11.6:cert1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.15.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.3.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.9.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.3.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.10.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.25.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.12.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.12.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.10.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.12.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.1.2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.11.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.1:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.1.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.13.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.1.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.7.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.7.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3.3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.5.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.3.2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.0:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.1:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.18.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:11.6.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.2:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.21.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.21.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.9.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.9.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.5.0</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.9.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.23.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.17.0:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.23.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.26.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.24.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.1:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.4.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.4.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.20.2:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.4.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.13.0</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.1:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.14.0:patch</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.15:cert1_rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.11.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.10.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.11.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.10.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.10.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.16.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.12.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.10.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.16.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.11.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.11.1</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.8.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.14.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:1.8.14.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:11.6:cert1_rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:certified_asterisk:11.6:cert1_rc1</vuln:product>
+      <vuln:product>cpe:/o:fedoraproject:fedora:20</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:1.8.17.0:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2287</vuln:cve-id>
+    <vuln:published-datetime>2014-04-18T18:14:38.010-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T13:37:29.257-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T13:37:28.070-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://downloads.asterisk.org/pub/security/AST-2014-002.html" xml:lang="en">http://downloads.asterisk.org/pub/security/AST-2014-002.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff" xml:lang="en">http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://issues.asterisk.org/jira/browse/ASTERISK-23373" xml:lang="en">https://issues.asterisk.org/jira/browse/ASTERISK-23373</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66094" xml:lang="en">66094</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:078" xml:lang="en">MDVSA-2014:078</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html" xml:lang="en">FEDORA-2014-3762</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html" xml:lang="en">FEDORA-2014-3779</vuln:reference>
+    </vuln:references>
+    <vuln:summary>channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2288">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:rc3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:digium:asterisk:12.0.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:-</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2288</vuln:cve-id>
+    <vuln:published-datetime>2014-04-18T18:14:38.087-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T13:50:16.990-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T13:50:16.067-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff" xml:lang="en">http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://issues.asterisk.org/jira/browse/ASTERISK-23210" xml:lang="en">https://issues.asterisk.org/jira/browse/ASTERISK-23210</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html" xml:lang="en">FEDORA-2014-3762</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html" xml:lang="en">FEDORA-2014-3779</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://downloads.asterisk.org/pub/security/AST-2014-003.html" xml:lang="en">http://downloads.asterisk.org/pub/security/AST-2014-003.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2289">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:digium:asterisk:12.1.0:rc3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:digium:asterisk:12.0.0</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:digium:asterisk:12.1.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2289</vuln:cve-id>
+    <vuln:published-datetime>2014-04-18T18:14:38.137-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T13:50:19.630-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T13:50:19.583-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://downloads.asterisk.org/pub/security/AST-2014-004.html" xml:lang="en">http://downloads.asterisk.org/pub/security/AST-2014-004.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff" xml:lang="en">http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://issues.asterisk.org/jira/browse/ASTERISK-23139" xml:lang="en">https://issues.asterisk.org/jira/browse/ASTERISK-23139</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html" xml:lang="en">FEDORA-2014-3762</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html" xml:lang="en">FEDORA-2014-3779</vuln:reference>
+    </vuln:references>
+    <vuln:summary>res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2291">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:juniper:ive_os:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:ive_os:7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:ive_os:7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:ive_os:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:ive_os:8.0</vuln:product>
+      <vuln:product>cpe:/o:juniper:ive_os:7.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:ive_os:7.1</vuln:product>
+      <vuln:product>cpe:/o:juniper:ive_os:7.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2291</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T11:55:05.697-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:32.080-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T09:57:58.747-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10617" xml:lang="en">https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10617</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91770" xml:lang="en">juniper-junos-cve20142291-xss(91770)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57375" xml:lang="en">57375</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2292">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:juniper:ive_os:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:ive_os:7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:ive_os:7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:ive_os:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:ive_os:8.0</vuln:product>
+      <vuln:product>cpe:/o:juniper:ive_os:7.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:ive_os:7.1</vuln:product>
+      <vuln:product>cpe:/o:juniper:ive_os:7.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2292</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T11:55:05.713-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-17T09:57:50.153-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T09:57:43.857-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10616" xml:lang="en">https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10616</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2299">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.2</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.10</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.1</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.12</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.0</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.11</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.6</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.7</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.5</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.8</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.9</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.3</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.4</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.4</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.8.5</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2299</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:01:10.280-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:25.237-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T12:07:41.493-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f567435ac7140c96a5de56dbce3d5e7659af4d09" xml:lang="en">https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f567435ac7140c96a5de56dbce3d5e7659af4d09</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843" xml:lang="en">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.wireshark.org/security/wnpa-sec-2014-04.html" xml:lang="en">http://www.wireshark.org/security/wnpa-sec-2014-04.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2871" xml:lang="en">DSA-2871</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57489" xml:lang="en">57489</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57480" xml:lang="en">57480</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0342.html" xml:lang="en">RHSA-2014:0342</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0341.html" xml:lang="en">RHSA-2014:0341</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" xml:lang="en">openSUSE-SU-2014:0383</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" xml:lang="en">openSUSE-SU-2014:0382</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2309">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2309</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:01:10.297-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:32.360-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.1</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T12:11:14.123-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39" xml:lang="en">http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029894" xml:lang="en">1029894</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/08/1" xml:lang="en">[oss-security] 20140307 Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57250" xml:lang="en">57250</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2310">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2310</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:11.217-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-18T11:52:40.250-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-18T11:52:40.187-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://ubuntu.com/usn/usn-2166-1" xml:lang="en">USN-2166-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/net-snmp/patches/1113/" xml:lang="en">http://sourceforge.net/p/net-snmp/patches/1113/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/" xml:lang="en">http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57870" xml:lang="en">57870</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/527" xml:lang="en">[oss-security] 20140307 Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/513" xml:lang="en">[oss-security] 20140306 CVE request: net-snmp agentx incorrect handling of multi-object requests DoS</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2311">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.2:pl1"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.2:pl1</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2311</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T15:37:04.913-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-12T14:48:58.043-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-12T14:48:55.873-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/09/3" xml:lang="en">[oss-security] 20140308 Re: CVE request: SQL injection in MODX Revolution before 2.2.13</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://modx.com/blog/2014/03/07/revolution-2.2.13/" xml:lang="en">http://modx.com/blog/2014/03/07/revolution-2.2.13/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://forums.modx.com/thread/89486/modx-revolution-2-x-sql-injection" xml:lang="en">http://forums.modx.com/thread/89486/modx-revolution-2-x-sql-injection</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2313">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:atlassian:jira:6.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:atlassian:jira:6.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:atlassian:jira:6.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:atlassian:jira:6.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:atlassian:jira:6.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:atlassian:jira:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:atlassian:jira:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:atlassian:jira:6.0.4</vuln:product>
+      <vuln:product>cpe:/a:atlassian:jira:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:atlassian:jira:6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2313</vuln:cve-id>
+    <vuln:published-datetime>2014-03-09T09:16:57.117-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T12:38:26.140-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-10T12:38:22.907-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26" xml:lang="en">https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2314">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:atlassian:jira:6.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:atlassian:jira:6.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:atlassian:jira:6.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:atlassian:jira:6.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:atlassian:jira:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:atlassian:jira:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:atlassian:jira:6.0.3</vuln:product>
+      <vuln:product>cpe:/a:atlassian:jira:6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2314</vuln:cve-id>
+    <vuln:published-datetime>2014-03-09T09:16:57.130-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T12:37:31.123-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-10T12:37:31.063-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26" xml:lang="en">https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2315">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:shinephp:thank_you_counter_button:1.8.7::~~~wordpress~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:shinephp:thank_you_counter_button:1.8.7::~~~wordpress~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2315</vuln:cve-id>
+    <vuln:published-datetime>2014-03-09T09:16:57.130-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T13:06:35.213-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-10T13:06:34.870-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91474" xml:lang="en">thanks-you-wordpress-xss(91474)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125397" xml:lang="en">http://packetstormsecurity.com/files/125397</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2316">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:zemanta:search_everything:7.0.2::~~~wordpress~~"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:wordpress:wordpress:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:zemanta:search_everything:7.0.2::~~~wordpress~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2316</vuln:cve-id>
+    <vuln:published-datetime>2014-03-09T09:16:57.147-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T13:15:26.007-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-10T13:15:25.960-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wordpress.org/plugins/search-everything/changelog/" xml:lang="en">http://wordpress.org/plugins/search-everything/changelog/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56820" xml:lang="en">56820</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2317">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.7:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.7:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.3:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.3:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.2:b"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.2:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:opendocman:opendocman:1.2.6.2:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.5</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.7</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.6</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.7:-</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.2:-</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.3:a</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.2:a</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.7:beta</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.3:-</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.8</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.7.1</vuln:product>
+      <vuln:product>cpe:/a:opendocman:opendocman:1.2.6.2:b</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2317</vuln:cve-id>
+    <vuln:published-datetime>2014-03-09T09:16:57.163-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-10T12:25:26.653-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-10T12:25:26.590-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.opendocman.com/opendocman-v1-2-7-2-released" xml:lang="en">http://www.opendocman.com/opendocman-v1-2-7-2-released</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65775" xml:lang="en">65775</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56189" xml:lang="en">56189</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter.  NOTE: some of these details are obtained from third party information.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2318">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:atcom:netvolution:3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:atcom:netvolution:3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2318</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:00:38.013-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-11T10:06:01.783-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T10:06:01.533-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91543" xml:lang="en">netvolution-m-sql-injection(91543)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/65942" xml:lang="en">65942</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125507" xml:lang="en">http://packetstormsecurity.com/files/125507</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2319">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:powerarchiver:powerarchiver:14.02.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:powerarchiver:powerarchiver:14.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:powerarchiver:powerarchiver:14.00"/>
+        <cpe-lang:fact-ref name="cpe:/a:powerarchiver:powerarchiver:14.02"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:powerarchiver:powerarchiver:14.02</vuln:product>
+      <vuln:product>cpe:/a:powerarchiver:powerarchiver:14.00</vuln:product>
+      <vuln:product>cpe:/a:powerarchiver:powerarchiver:14.02.03</vuln:product>
+      <vuln:product>cpe:/a:powerarchiver:powerarchiver:14.01</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2319</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T06:55:06.410-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-14T12:37:29.433-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-14T12:37:29.370-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/" xml:lang="en">http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://int21.de/cve/CVE-2014-2319-powerarchiver.html" xml:lang="en">http://int21.de/cve/CVE-2014-2319-powerarchiver.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2321">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:zte:f660:-"/>
+        <cpe-lang:fact-ref name="cpe:/h:zte:f460:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:zte:f460:-</vuln:product>
+      <vuln:product>cpe:/h:zte:f660:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2321</vuln:cve-id>
+    <vuln:published-datetime>2014-03-11T09:01:19.140-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-11T12:22:42.157-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-11T12:22:35.437-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/600724" xml:lang="en">VU#600724</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor" xml:lang="en">https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.myxzy.com/post-411.html" xml:lang="en">http://www.myxzy.com/post-411.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2322">
+    <vuln:cve-id>CVE-2014-2322</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:07.217-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:07.217-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html" xml:lang="en">http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/12/6" xml:lang="en">[oss-security] 20140312 Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/10/8" xml:lang="en">[oss-security] 20140310 Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem</vuln:reference>
+    </vuln:references>
+    <vuln:summary>lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2323">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.3.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.3.16</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.34</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.20</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.21</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.22</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.28</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.29</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.26</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.27</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.5</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.4</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.3</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.23</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.25</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.6</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.24</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.8</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.11</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.9</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.30</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.31</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.7</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.32</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.33</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.10</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.19</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.12</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.13</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.14</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.15</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.16</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.17</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.18</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2323</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T11:55:05.743-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:27.897-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T09:52:26.443-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.lighttpd.net/2014/3/12/1.4.35/" xml:lang="en">http://www.lighttpd.net/2014/3/12/1.4.35/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2877" xml:lang="en">DSA-2877</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57514" xml:lang="en">57514</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57404" xml:lang="en">57404</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/564" xml:lang="en">[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/561" xml:lang="en">[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html" xml:lang="en">openSUSE-SU-2014:0496</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html" xml:lang="en">SUSE-SU-2014:0474</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html" xml:lang="en">openSUSE-SU-2014:0449</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt" xml:lang="en">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2324">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.3.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:lighttpd:lighttpd:1.4.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.3.16</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.34</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.20</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.21</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.22</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.28</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.29</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.26</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.27</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.5</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.4</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.3</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.23</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.25</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.6</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.24</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.8</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.11</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.9</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.30</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.31</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.7</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.32</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.33</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.10</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.19</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.12</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.13</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.14</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.15</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.16</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.17</vuln:product>
+      <vuln:product>cpe:/a:lighttpd:lighttpd:1.4.18</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2324</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T11:55:05.760-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:27.987-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T09:55:26.573-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.lighttpd.net/2014/3/12/1.4.35/" xml:lang="en">http://www.lighttpd.net/2014/3/12/1.4.35/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2877" xml:lang="en">DSA-2877</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57514" xml:lang="en">57514</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57404" xml:lang="en">57404</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/564" xml:lang="en">[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/561" xml:lang="en">[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html" xml:lang="en">openSUSE-SU-2014:0496</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html" xml:lang="en">SUSE-SU-2014:0474</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html" xml:lang="en">openSUSE-SU-2014:0449</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt" xml:lang="en">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2325">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:proxmox:mail_gateway:3.1-5670"/>
+        <cpe-lang:fact-ref name="cpe:/a:proxmox:mail_gateway:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:proxmox:mail_gateway:3.1-5741"/>
+        <cpe-lang:fact-ref name="cpe:/a:proxmox:mail_gateway:3.1-5673"/>
+        <cpe-lang:fact-ref name="cpe:/a:proxmox:mail_gateway:3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:proxmox:mail_gateway:3.1-5673</vuln:product>
+      <vuln:product>cpe:/a:proxmox:mail_gateway:3.1</vuln:product>
+      <vuln:product>cpe:/a:proxmox:mail_gateway:3.0</vuln:product>
+      <vuln:product>cpe:/a:proxmox:mail_gateway:3.1-5741</vuln:product>
+      <vuln:product>cpe:/a:proxmox:mail_gateway:3.1-5670</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2325</vuln:cve-id>
+    <vuln:published-datetime>2014-03-14T10:55:04.407-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T20:42:03.097-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-17T08:34:11.343-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://proxmox.com/news/archive/view/listid-1-proxmox-newsletter/mailid-48-proxmox-newsletter-march-2014-proxmox-ve-3-2-released/tmpl-component" xml:lang="en">http://proxmox.com/news/archive/view/listid-1-proxmox-newsletter/mailid-48-proxmox-newsletter-march-2014-proxmox-ve-3-2-released/tmpl-component</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66169" xml:lang="en">66169</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/110" xml:lang="en">20140312 Multiplus XSS in Proxmox Mail Gateway 3.1 (CVE-2014-2325)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2326">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7g"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7g</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2326</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T12:55:05.693-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-27T15:23:15.993-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-27T15:23:15.947-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66390" xml:lang="en">66390</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html" xml:lang="en">http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Cacti 0.8.7g allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2327">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7f"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7e"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7d"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7c"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.8a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.8b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7g"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7f</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7g</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.8</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7b</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.8b</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.8a</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7c</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7d</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7a</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7e</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2327</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:03.390-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T10:59:27.333-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T10:59:27.240-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66392" xml:lang="en">66392</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/531588" xml:lang="en">20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2328">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7f"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7e"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7d"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7c"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.8a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.8b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7g"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7f</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7g</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.8</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7b</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.8b</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.8a</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7c</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7d</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7a</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7e</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2328</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:03.767-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T11:12:51.857-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T11:12:51.777-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.cacti.net/viewvc?view=rev&amp;revision=7442" xml:lang="en">http://svn.cacti.net/viewvc?view=rev&amp;revision=7442</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66387" xml:lang="en">66387</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/531588" xml:lang="en">20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html" xml:lang="en">FEDORA-2014-4892</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html" xml:lang="en">FEDORA-2014-4928</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://bugs.cacti.net/view.php?id=2433" xml:lang="en">http://bugs.cacti.net/view.php?id=2433</vuln:reference>
+    </vuln:references>
+    <vuln:summary>lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2333">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.20::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.19.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.19::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.18::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.17.4::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.17.2::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.17.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.16::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.15::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.14::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.13::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.12::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.11::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.10.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.10::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.9.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.9::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.8.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.8::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.7.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.7::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.6::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.5::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.4::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.3.3::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.3.2::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.3.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.3::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.2.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.1.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1::~~~wordpress~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.19::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.18::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.19.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.20::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.9::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.7::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.9.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.8::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.5::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.6::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.3::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.4::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.3.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.7.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.3.3::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.8.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.3.2::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.10.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.2.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.16::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.17.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.1.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.17.2::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.14::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.15::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.12::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.13::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.10::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.17.4::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:marcel_brinkkemper:lazyest-gallery:1.1.11::~~~wordpress~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2333</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T10:55:05.710-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T10:17:42.417-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T10:17:42.150-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66756" xml:lang="en">66756</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wordpress.org/plugins/lazyest-gallery/changelog" xml:lang="en">http://wordpress.org/plugins/lazyest-gallery/changelog</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57746" xml:lang="en">57746</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag.  NOTE: some of these details are obtained from third party information.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2338">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:strongswan:strongswan:4.0.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.1.9</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.1.8</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.1.7</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.1.6</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.1.10</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.0.7</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.1.5</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.1.4</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.6.1</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.6.0</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.16</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.13</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.15</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.14</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.4.0</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.11</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.4.1</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.10</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.1.11</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.9</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.6</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.5.1</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.8</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.5.0</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.7</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.3.5</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.5.2</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.3.7</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.3.6</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:5.0.3</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:5.0.4</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.3.4</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.5.3</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.6.3</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.6.4</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.12</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.6.2</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.3.1</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.3.0</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.2.5</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.3.3</vuln:product>
+      <vuln:product>cpe:/a:strongswan:strongswan:4.3.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2338</vuln:cve-id>
+    <vuln:published-datetime>2014-04-16T14:37:14.240-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:06:04.343-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-17T10:48:51.017-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html" xml:lang="en">http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2903" xml:lang="en">DSA-2903</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57823" xml:lang="en">57823</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00010.html" xml:lang="en">SUSE-SU-2014:0529</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2339">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sir:gnuboard:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:sir:gnuboard:4.34.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:sir:gnuboard:4.31.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:sir:gnuboard:4.31.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:sir:gnuboard:4.33.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:sir:gnuboard:4.34.20"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sir:gnuboard:4.34.21</vuln:product>
+      <vuln:product>cpe:/a:sir:gnuboard:4.34.20</vuln:product>
+      <vuln:product>cpe:/a:sir:gnuboard:4.33.2</vuln:product>
+      <vuln:product>cpe:/a:sir:gnuboard:5.0</vuln:product>
+      <vuln:product>cpe:/a:sir:gnuboard:4.31.3</vuln:product>
+      <vuln:product>cpe:/a:sir:gnuboard:4.31.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2339</vuln:cve-id>
+    <vuln:published-datetime>2014-03-19T10:17:45.150-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-20T12:46:47.683-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-20T12:46:38.980-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91814" xml:lang="en">gnuboard-cve20142339-sql-injection(91814)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66228" xml:lang="en">66228</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/299" xml:lang="en">20140317 [CVE-2014-2339] GNUboard SQL Injection Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2340">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.1.0::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.0.7::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.0.5::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.0.3::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.0.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:2.2.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:2.1::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:2.1.2::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.0::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.0.2::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.0.4::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.0.6::~~~wordpress~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.0.8::~~~wordpress~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.1.0::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:xcloner:xcloner:2.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.0.7::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.0.6::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.0.5::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.0.4::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.0.3::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.0.2::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.0.1::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.0.8::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.0::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:xcloner:xcloner:2.1.2::~~~wordpress~~</vuln:product>
+      <vuln:product>cpe:/a:xcloner:xcloner:2.2.1::~~~wordpress~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2340</vuln:cve-id>
+    <vuln:published-datetime>2014-04-03T12:15:44.863-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:28.723-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-03T13:04:22.307-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23206" xml:lang="en">https://www.htbridge.com/advisory/HTB23206</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66280" xml:lang="en">66280</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531712/100/0/threaded" xml:lang="en">20140402 &amp;ETH;&amp;iexcl;ross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32701" xml:lang="en">32701</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wordpress.org/plugins/xcloner-backup-and-restore/changelog/" xml:lang="en">http://wordpress.org/plugins/xcloner-backup-and-restore/changelog/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57362" xml:lang="en">57362</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2341">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cubecart:cubecart:5.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:cubecart:cubecart:5.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cubecart:cubecart:5.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cubecart:cubecart:5.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cubecart:cubecart:5.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cubecart:cubecart:5.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cubecart:cubecart:5.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cubecart:cubecart:5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cubecart:cubecart:5.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cubecart:cubecart:5.2.5</vuln:product>
+      <vuln:product>cpe:/a:cubecart:cubecart:5.2.6</vuln:product>
+      <vuln:product>cpe:/a:cubecart:cubecart:5.2.7</vuln:product>
+      <vuln:product>cpe:/a:cubecart:cubecart:5.2.8</vuln:product>
+      <vuln:product>cpe:/a:cubecart:cubecart:5.2.4</vuln:product>
+      <vuln:product>cpe:/a:cubecart:cubecart:5.2.1</vuln:product>
+      <vuln:product>cpe:/a:cubecart:cubecart:5.2.0</vuln:product>
+      <vuln:product>cpe:/a:cubecart:cubecart:5.2.3</vuln:product>
+      <vuln:product>cpe:/a:cubecart:cubecart:5.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2341</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T09:06:29.367-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T13:04:20.927-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-22T13:04:20.847-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92526" xml:lang="en">cubecart-cve20142341-session-hijacking(92526)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030086" xml:lang="en">1030086</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66805" xml:lang="en">66805</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/105784" xml:lang="en">105784</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32830" xml:lang="en">32830</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57856" xml:lang="en">57856</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://forums.cubecart.com/topic/48427-cubecart-529-relased/" xml:lang="en">http://forums.cubecart.com/topic/48427-cubecart-529-relased/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2383">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:dompdf:dompdf:0.6.0:beta3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:dompdf:dompdf:0.6.0:beta3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2383</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:06.707-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T08:18:44.760-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T08:18:44.683-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/" xml:lang="en">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028" xml:lang="en">https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531912/100/0/threaded" xml:lang="en">20140423 CVE-2014-2383 - Arbitrary file read in dompdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/258" xml:lang="en">20140423 CVE-2014-2383 - Arbitrary file read in dompdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2384">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:vmware:workstation:10.0.1_build_1379776"/>
+        <cpe-lang:fact-ref name="cpe:/a:vmware:player:6.0.1_build_1379776"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:vmware:workstation:10.0.1_build_1379776</vuln:product>
+      <vuln:product>cpe:/a:vmware:player:6.0.1_build_1379776</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2384</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:15.697-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:23:41.180-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:23:41.150-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/" xml:lang="en">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/163" xml:lang="en">20140411 CVE-2014-2384 - Invalid Pointer Dereference in VMware Workstation and Player</vuln:reference>
+    </vuln:references>
+    <vuln:summary>vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call.  NOTE: the researcher reports "Vendor rated issue as non-exploitable."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2386">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:icinga:icinga:1.10.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:novell:opensuse:12.3</vuln:product>
+      <vuln:product>cpe:/o:novell:opensuse:13.1</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.10.0</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:icinga:icinga:1.10.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2386</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T12:55:28.630-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T14:05:53.903-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-25T14:05:53.747-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d" xml:lang="en">https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://dev.icinga.org/issues/5663" xml:lang="en">https://dev.icinga.org/issues/5663</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html" xml:lang="en">openSUSE-SU-2014:0420</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://comments.gmane.org/gmane.comp.security.oss.general/12355" xml:lang="en">[oss-security] 20140313 CVE request for icinga 1 byte \0 overflows</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2389">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:blackberry:blackberry_os:10.1.0.2312"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:blackberry:blackberry_z10:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:blackberry:blackberry_z10:-</vuln:product>
+      <vuln:product>cpe:/o:blackberry:blackberry_os:10.1.0.2312</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2389</vuln:cve-id>
+    <vuln:published-datetime>2014-04-12T00:37:31.907-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T14:24:56.873-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T14:24:49.747-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0036.html" xml:lang="en">20140408 BlackBerry Z 10 - Buffer Overflow in qconnDoor [MZ-13-05]</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in a certain decryption function in qconnDoor on Blackberry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2391">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.2.2</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.4.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2391</vuln:cve-id>
+    <vuln:published-datetime>2014-04-24T01:06:05.530-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T14:27:56.437-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T14:27:56.390-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/531762" xml:lang="en">20140408 Open-Xchange Security Advisory 2014-04-08</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2392">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.2.2</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.4.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2392</vuln:cve-id>
+    <vuln:published-datetime>2014-04-24T01:06:05.623-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T14:29:46.537-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T14:29:46.487-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/531762" xml:lang="en">20140408 Open-Xchange Security Advisory 2014-04-08</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2393">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:open-xchange:open-xchange_appsuite:7.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.2.2</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.4.1</vuln:product>
+      <vuln:product>cpe:/a:open-xchange:open-xchange_appsuite:7.4.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2393</vuln:cve-id>
+    <vuln:published-datetime>2014-04-24T01:06:05.670-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T14:32:17.087-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T14:32:17.040-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/531762" xml:lang="en">20140408 Open-Xchange Security Advisory 2014-04-08</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2397">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2397</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.273-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:55:51.300-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:55:51.253-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2398">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:javafx:2.2.51"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r27.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jrockit:r28.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r27.8.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_61</vuln:product>
+      <vuln:product>cpe:/a:oracle:jrockit:r28.3.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:javafx:2.2.51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_61</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2398</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.337-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:33:16.943-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:33:16.867-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2399">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:2.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:2.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2399</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.400-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:04:10.833-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:04:10.817-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2400">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:2.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:2.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2400</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.447-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:12:06.303-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:12:05.083-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2399.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2401">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:javafx:2.2.51"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_61</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:javafx:2.2.51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_61</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2401</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.510-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:38:34.453-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:38:34.297-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2402">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2402</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.557-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:57:36.243-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:57:36.147-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2403">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2403</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.617-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:07:46.777-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:07:46.670-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2404">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:10.1.4.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.2.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.2.1.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:10.1.4.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.5.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.7.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2404</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.680-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:18:50.143-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:18:49.987-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to WebGate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2406">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:12.1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:11.2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:11.2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:11.1.0.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:database_server:11.1.0.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:database_server:11.2.0.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:database_server:11.2.0.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:database_server:12.1.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2406</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.743-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:22:08.120-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>8.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:22:07.870-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to "Advisor" and "Select Any Dictionary" privileges.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2407">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2407</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.790-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:07:32.487-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:07:32.377-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2415, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2408">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:12.1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:11.2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:11.2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:database_server:11.1.0.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:database_server:11.1.0.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:database_server:11.2.0.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:database_server:11.2.0.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:database_server:12.1.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2408</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.837-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:56:25.047-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:56:24.957-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to the "Grant Any Object Privilege."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2409">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2409</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T21:55:10.900-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:58:50.073-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:58:50.027-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2410">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2410</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:14.913-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:59:17.043-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:59:17.010-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2411">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:sun_role_manager:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:identity_analytics:11.1.1.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:identity_analytics:11.1.1.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:sun_role_manager:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2411</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:14.973-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:00:41.277-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:00:41.213-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2412">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_61</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_61</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2412</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.037-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:09:35.063-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:09:34.970-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2413">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2413</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.083-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:09:23.250-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:09:23.203-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2414">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2414</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.147-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:00:41.030-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:00:40.890-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2415">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2415</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.193-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:05:38.527-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:05:38.513-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2416">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2416</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.240-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:02:15.740-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:02:15.317-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2417, and CVE-2014-2418.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2417">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2417</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.287-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:04:17.930-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:04:17.760-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2418.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2418">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2418</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.350-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:00:59.550-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:00:59.440-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2417.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2419">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.35"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.35</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2419</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.397-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:12:54.180-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:12:53.053-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2420">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2420</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.443-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:02:28.847-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:02:28.783-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2421">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:javafx:2.2.51"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_61</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:javafx:2.2.51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_61</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2421</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.490-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:39:46.220-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:39:46.173-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2422">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:javafx:2.2.51"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:javafx:2.2.51</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2422</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.553-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:42:13.570-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:42:13.523-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2423">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2423</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.600-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:05:30.103-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:05:30.057-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2424">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.7.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2424</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.663-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:54:50.437-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:54:50.327-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2425">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:8.0:update2_patch5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:8.0:update2_patch5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2425</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.710-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:58:16.207-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:58:16.177-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect confidentiality via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2426">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:8.0:update2_patch5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:8.0:update2_patch5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2426</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.770-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:59:09.947-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:59:09.837-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors related to Admin Console.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2427">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.5.0:update_61"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.5.0:update_61</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.5.0:update_61</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2427</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.817-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:10:48.940-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:10:48.863-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2428">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.6.0:update_71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.7.0:update_51"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jre:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:jdk:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:jre:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.6.0:update_71</vuln:product>
+      <vuln:product>cpe:/a:oracle:jre:1.7.0:update_51</vuln:product>
+      <vuln:product>cpe:/a:oracle:jdk:1.6.0:update_71</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2428</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.867-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:17:26.673-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:17:26.453-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2429">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:9.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:9.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2429</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.913-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:09:31.637-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:09:31.607-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self Service component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Campus Mobile.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2430">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.35"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.35</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.36</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2430</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:15.973-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:13:48.770-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:13:46.350-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2431">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.35"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.35</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.36</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2431</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.037-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:14:15.397-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:14:12.677-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2432">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.35"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.35</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2432</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.100-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:15:11.073-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>MULTIPLE_INSTANCES</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:15:10.607-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2433">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2433</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.147-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:10:45.250-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:10:45.187-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote attackers to affect availability via unknown vectors related to Integration Broker.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2434">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2434</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.193-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:00:05.947-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:00:05.633-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2435">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2435</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.257-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:00:50.120-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:00:50.010-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2436">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.35"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.35</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.36</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2436</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.303-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:07:20.773-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:07:19.993-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2437">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2437</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.333-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:13:10.050-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:13:10.020-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker, a different vulnerability than CVE-2014-2447.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2438">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.35"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.35</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2438</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.367-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:17:24.517-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:17:23.593-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2439">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:virtualization:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:virtualization:5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:virtualization:5.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:virtualization:5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2439</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.397-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:15:54.633-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:15:54.603-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Workspace Web Application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2440">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.36"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mysql:mysql:5.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.25:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.33"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.34"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.5.35"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.7</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.8</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.5</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.17</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.18</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.19</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.15</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.3</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.11</vuln:product>
+      <vuln:product>cpe:/a:mysql:mysql:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.27</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.29</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.23</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.21</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.31</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.33</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.32</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.35</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.34</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.36</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.30</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.5.25:a</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2440</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.427-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:12:51.440-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:12:50.987-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2441">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:vm_virtualbox:4.1.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.16</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.20</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.22</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.8</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.28</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.30</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.26</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.24</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.18</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:vm_virtualbox:4.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2441</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.460-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:23:49.120-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:23:48.993-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2442">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2442</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.473-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:20:33.773-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:20:33.663-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2443">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2443</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.507-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:19:14.577-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:19:14.500-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2444">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2444</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.537-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:21:27.367-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:21:27.057-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2445">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:9.3.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:9.3.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2445</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.567-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:23:21.820-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:23:21.790-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2467.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2446">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2446</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.583-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:18:49.250-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:18:49.217-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via vectors related to QAS.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2447">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2447</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.617-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:18:24.483-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:18:24.453-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker, a different vulnerability than CVE-2014-2437.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2448">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.53"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:8.52"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.53</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:8.52</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2448</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.647-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:17:57.857-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:17:57.827-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Install and Packaging.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2449">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:peoplesoft_products:9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:9.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:9.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:peoplesoft_products:9.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2449</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.677-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T13:59:14.013-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:22:16.600-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the PeopleSoft Enterprise HRMS Talent Acquisition Manager component in Oracle PeopleSoft Products 9.0, 9.1, and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2450">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2450</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.693-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:53:24.107-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:53:23.950-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2451">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:mysql:5.6.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.5</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.4</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.7</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.9</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.10</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.12</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.11</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.14</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.13</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.15</vuln:product>
+      <vuln:product>cpe:/a:oracle:mysql:5.6.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2451</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.723-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T13:19:39.723-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T13:19:39.630-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2452">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:11.1.1.5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:11.1.1.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2452</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.757-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:22:38.820-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:22:37.913-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2453">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:hyperion:11.1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:hyperion:11.1.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:hyperion:11.1.2.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:hyperion:11.1.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2453</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.787-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:32:31.520-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:32:31.317-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to User Interface.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2454">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:hyperion:11.1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:hyperion:11.1.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:hyperion:11.1.2.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:hyperion:11.1.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2454</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.817-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:33:44.663-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:33:44.630-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via unknown vectors related to User Interface.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2455">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:hyperion:11.1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:hyperion:11.1.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:hyperion:11.1.2.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:hyperion:11.1.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2455</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.850-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T12:34:37.507-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T12:34:37.493-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to User Interface.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2457">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2457</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.867-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:24:34.543-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:24:34.510-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.0 and 6.1.0 allows remote attackers to affect integrity via unknown vectors related to Install.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2458">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.1.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.1.1.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.1.0.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2458</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.897-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:34:57.203-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:34:57.127-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.1.0.3 and 6.1.1.3 allows remote attackers to affect integrity via unknown vectors related to Install.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2459">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2459</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.927-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:31:04.930-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.7</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:31:04.853-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.2 and 6.3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2460">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:5.5.06"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.1.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:5.5.06</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.1.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2460</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.960-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:33:40.107-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:33:40.047-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2, and 6.3.3 allows remote authenticated users to affect confidentiality via vectors related to CSV Management.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2461">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:6.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:5.5.06"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.1.2.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.3</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:5.5.06</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.1.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:6.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2461</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:16.990-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:34:44.283-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:34:44.220-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2, and 6.3.3 allows remote attackers to affect confidentiality via unknown vectors related to Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2463">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:virtualization:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:virtualization:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:virtualization:4.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:virtualization:4.63"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:virtualization:4.63</vuln:product>
+      <vuln:product>cpe:/a:oracle:virtualization:5.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:virtualization:5.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:virtualization:4.71</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2463</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:17.037-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:37:40.163-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:37:40.053-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related to Workspace Web Application.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2464">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:9.3.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:9.3.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2464</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:17.067-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:15:16.570-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:15:16.507-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2465">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:9.3.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:9.3.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2465</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:17.100-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:17:36.387-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:17:36.357-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2466">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:9.3.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:9.3.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2466</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:17.130-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:19:17.110-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:19:17.047-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2467">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:supply_chain_products_suite:9.3.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:supply_chain_products_suite:9.3.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2467</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:17.163-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:21:01.097-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:21:00.987-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2445.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2468">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:siebel_crm:8.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:siebel_crm:8.2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:siebel_crm:8.1.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:siebel_crm:8.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2468</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:17.193-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:32:31.153-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:32:30.887-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2469">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:oracle:sunos:5.11.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:oracle:sunos:5.11.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2469</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:11.277-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-18T11:53:55.363-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-18T11:53:55.317-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://blogs.oracle.com/sunsecurity/entry/cve_2014_2469_denial_of" xml:lang="en">https://blogs.oracle.com/sunsecurity/entry/cve_2014_2469_denial_of</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66599" xml:lang="en">66599</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/105298" xml:lang="en">105298</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://securitytracker.com/id?1029999" xml:lang="en">1029999</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Lighthttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2470">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:12.1.2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:12.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:10.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:fusion_middleware:10.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:12.1.2.0.0</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:10.3.6</vuln:product>
+      <vuln:product>cpe:/a:oracle:fusion_middleware:12.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2470</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:17.223-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T11:49:24.587-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T11:49:24.433-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2471">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:ilearning:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:oracle:ilearning:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:ilearning:6.1</vuln:product>
+      <vuln:product>cpe:/a:oracle:ilearning:6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2471</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T22:55:17.257-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T14:26:30.687-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T14:26:30.607-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" xml:lang="en">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Pages.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2497">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.12:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.12:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.13:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.14:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.15:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.16:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:php:php:5.4.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:php:php:5.3.5</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.6</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.4</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.9</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.7</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.14</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.8</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.26</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.19</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.17</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.18</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.11</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.12</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.13</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.14</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.10</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.25</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.16:rc1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.13:rc1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.12:rc1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.12:rc2</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.19</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.3</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.25</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.18</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.24</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.23</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.5</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.22</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.4</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.21</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.15</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.10</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.20</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.14:rc1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.17</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.12</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.15:rc1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.16</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.11</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.14</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.11</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.10</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.16</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.13</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.15</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.12</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.17</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.2</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.0</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.4</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.3</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.2</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.13</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.3</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.0</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.27</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.26</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.0</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.1</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.2</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.20</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.24</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.23</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.22</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.3.21</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.3</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.4</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.5</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.6</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.7</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.8</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.4.9</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.5</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.7</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.6</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.9</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.2.8</vuln:product>
+      <vuln:product>cpe:/a:php:php:5.0.0:beta1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2497</vuln:cve-id>
+    <vuln:published-datetime>2014-03-21T10:55:12.567-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-27T17:57:45.100-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T07:04:50.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1076676" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1076676</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.php.net/bug.php?id=66901" xml:lang="en">https://bugs.php.net/bug.php?id=66901</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2522">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.35.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.36.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.32.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.33.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.34.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.31.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.30.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.29.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.28.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.28.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:libcurl:7.27.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.35.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.34.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.33.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.32.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.31.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.30.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.29.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.28.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.28.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:haxx:curl:7.27.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:haxx:curl:7.27.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.28.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.27.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.30.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.30.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.28.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.29.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.32.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.32.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.35.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.36.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.33.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.35.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.29.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.28.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.33.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.34.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.34.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:curl:7.31.0</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.28.1</vuln:product>
+      <vuln:product>cpe:/a:haxx:libcurl:7.31.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2522</vuln:cve-id>
+    <vuln:published-datetime>2014-04-18T18:14:38.587-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T14:11:41.500-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T14:11:38.857-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://curl.haxx.se/docs/adv_20140326D.html" xml:lang="en">http://curl.haxx.se/docs/adv_20140326D.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66296" xml:lang="en">66296</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57968" xml:lang="en">57968</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57966" xml:lang="en">57966</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57836" xml:lang="en">57836</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/586" xml:lang="en">[oss-security] 20140317 Re: CVE request: flaw in curl's Windows SSL backend</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/585" xml:lang="en">[oss-security] 20140317 CVE request: flaw in curl's Windows SSL backend</vuln:reference>
+    </vuln:references>
+    <vuln:summary>curl and libcurl 7.27.0 through 7.35.0, when runnning on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2523">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2523</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T12:40:48.140-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:36.423-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T09:44:43.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92" xml:lang="en">https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1077343" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1077343</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91910" xml:lang="en">linux-kernel-cve20142523-code-exec(91910)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029945" xml:lang="en">1029945</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66279" xml:lang="en">66279</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/17/7" xml:lang="en">[oss-security] 20140317 Re: CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/grsecurity/statuses/445496197399461888" xml:lang="en">http://twitter.com/grsecurity/statuses/445496197399461888</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57446" xml:lang="en">57446</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92</vuln:reference>
+    </vuln:references>
+    <vuln:summary>net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2525">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:pyyaml:libyaml:0.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:pyyaml:libyaml:0.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:pyyaml:libyaml:0.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:pyyaml:libyaml:0.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pyyaml:libyaml:0.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pyyaml:libyaml:0.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:pyyaml:libyaml:0.1.1</vuln:product>
+      <vuln:product>cpe:/a:pyyaml:libyaml:0.1.4</vuln:product>
+      <vuln:product>cpe:/a:pyyaml:libyaml:0.1.5</vuln:product>
+      <vuln:product>cpe:/a:pyyaml:libyaml:0.0.1</vuln:product>
+      <vuln:product>cpe:/a:pyyaml:libyaml:0.1.2</vuln:product>
+      <vuln:product>cpe:/a:pyyaml:libyaml:0.1.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2525</vuln:cve-id>
+    <vuln:published-datetime>2014-03-28T11:55:08.670-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:06:17.750-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T11:10:18.953-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.ocert.org/advisories/ocert-2014-003.html" xml:lang="en">http://www.ocert.org/advisories/ocert-2014-003.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048" xml:lang="en">https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2160-1" xml:lang="en">USN-2160-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" xml:lang="en">http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2885" xml:lang="en">DSA-2885</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2884" xml:lang="en">DSA-2884</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57968" xml:lang="en">57968</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57966" xml:lang="en">57966</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57836" xml:lang="en">57836</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0355.html" xml:lang="en">RHSA-2014:0355</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0354.html" xml:lang="en">RHSA-2014:0354</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0353.html" xml:lang="en">RHSA-2014:0353</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html" xml:lang="en">openSUSE-SU-2014:0500</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2526">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:barracudadrive:barracudadrive:3.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.0.2</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.6.1</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.1</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.5.2</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.4.1</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.4.2</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:3.8</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.4.3</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:6.3</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:3.9</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:6.4</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:3.6</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.9.2</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:6.5</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:3.7</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:6.6</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.5.1</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:3.4</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.5.5</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:3.5</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.9.1</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:6.0</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.5.4</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:6.1</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.5.3</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:6.2</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.4.5</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.4.6</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.4.4</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.8.4</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.4.7</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.4.8</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:3.7.2</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.2</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:5.1</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.4</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:5.3</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.3</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:5.2</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.6</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.5</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.8</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.7</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:5.0</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.9</vuln:product>
+      <vuln:product>cpe:/a:barracudadrive:barracudadrive:4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2526</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T14:21:48.263-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T10:53:17.300-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T10:53:16.643-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91920" xml:lang="en">barracudadrive-multiple-scripts-xss(91920)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57451" xml:lang="en">57451</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://secpod.org/blog/?p=2158" xml:lang="en">http://secpod.org/blog/?p=2158</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://secpod.org/advisories/SecPod_BarracudaDrive_Mult_XSS_Vuln.txt" xml:lang="en">http://secpod.org/advisories/SecPod_BarracudaDrive_Mult_XSS_Vuln.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125766" xml:lang="en">http://packetstormsecurity.com/files/125766</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://barracudadrive.com/readme.txt" xml:lang="en">http://barracudadrive.com/readme.txt</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to Forum/manage/ForumManager.lsp; (3) sHint, (4) sWord, or (5) nId parameter to Forum/manage/hangman.lsp; (6) user parameter to rtl/protected/admin/wizard/setuser.lsp; (7) name or (8) email parameter to feedback.lsp; (9) lname or (10) url parameter to private/manage/PageManager.lsp; (11) cmd parameter to fs; (12) newname, (13) description, (14) firstname, (15) lastname, or (16) id parameter to rtl/protected/mail/manage/list.lsp; or (17) PATH_INFO to fs/.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2532">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openbsd:openssh:6.4</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.5</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.0</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2532</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T01:18:19.000-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:38.693-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-18T14:35:14.743-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91986" xml:lang="en">openssh-cve20142532-sec-bypass(91986)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2155-1" xml:lang="en">USN-2155-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029925" xml:lang="en">1029925</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66355" xml:lang="en">66355</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2894" xml:lang="en">DSA-2894</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57574" xml:lang="en">57574</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57488" xml:lang="en">57488</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://marc.info/?l=openbsd-security-announce&amp;m=139492048027313&amp;w=2" xml:lang="en">[security-announce] 20140315 Announce: OpenSSH 6.6 released</vuln:reference>
+    </vuln:references>
+    <vuln:summary>sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2533">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:blackberry:qnx_neutrino_rtos:6.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:blackberry:qnx_neutrino_rtos:6.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:blackberry:qnx_neutrino_rtos:6.5.0:sp1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:blackberry:qnx_neutrino_rtos:6.4.1</vuln:product>
+      <vuln:product>cpe:/o:blackberry:qnx_neutrino_rtos:6.5.0:sp1</vuln:product>
+      <vuln:product>cpe:/o:blackberry:qnx_neutrino_rtos:6.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2533</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T01:18:19.143-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:37.047-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-18T15:25:04.803-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32153/" xml:lang="en">32153</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/98" xml:lang="en">20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/124" xml:lang="en">20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://seclists.org/bugtraq/2014/Mar/88" xml:lang="en">20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://seclists.org/bugtraq/2014/Mar/66" xml:lang="en">20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS</vuln:reference>
+    </vuln:references>
+    <vuln:summary>/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2534">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:blackberry:qnx_neutrino_rtos:6.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:blackberry:qnx_neutrino_rtos:6.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:blackberry:qnx_neutrino_rtos:6.5.0:sp1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:blackberry:qnx_neutrino_rtos:6.4.1</vuln:product>
+      <vuln:product>cpe:/o:blackberry:qnx_neutrino_rtos:6.5.0:sp1</vuln:product>
+      <vuln:product>cpe:/o:blackberry:qnx_neutrino_rtos:6.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2534</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T01:18:19.157-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:37.140-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-18T15:36:23.023-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32156/" xml:lang="en">32156</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/98" xml:lang="en">20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/124" xml:lang="en">20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://seclists.org/bugtraq/2014/Mar/88" xml:lang="en">20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://seclists.org/bugtraq/2014/Mar/66" xml:lang="en">20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS</vuln:reference>
+    </vuln:references>
+    <vuln:summary>/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2535">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:web_gateway:7.2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:web_gateway:7.3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:web_gateway:7.4.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mcafee:web_gateway:7.2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mcafee:web_gateway:7.3.2.4</vuln:product>
+      <vuln:product>cpe:/a:mcafee:web_gateway:7.4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2535</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T13:04:18.407-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:37.220-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T11:01:43.510-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10063" xml:lang="en">https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10063</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91772" xml:lang="en">mcafee-gateway-filtering-dir-traversal(91772)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66193" xml:lang="en">66193</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56958" xml:lang="en">56958</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2536">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:cloud_identity_manager:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:cloud_identity_manager:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:cloud_identity_manager:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:cloud_single_sign_on:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:intel:expressway_cloud_access_360:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:intel:expressway_cloud_access_360:2.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mcafee:cloud_identity_manager:3.1</vuln:product>
+      <vuln:product>cpe:/a:mcafee:cloud_identity_manager:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:intel:expressway_cloud_access_360:2.1</vuln:product>
+      <vuln:product>cpe:/a:mcafee:cloud_single_sign_on:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:intel:expressway_cloud_access_360:2.5</vuln:product>
+      <vuln:product>cpe:/a:mcafee:cloud_identity_manager:3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2536</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T13:04:18.467-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:37.313-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T11:19:34.600-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10066" xml:lang="en">https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10066</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66181" xml:lang="en">66181</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57381" xml:lang="en">57381</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57368" xml:lang="en">57368</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2537">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:sophos:unified_threat_management_software:9.107"/>
+          <cpe-lang:fact-ref name="cpe:/a:sophos:unified_threat_management_software:9.108"/>
+          <cpe-lang:fact-ref name="cpe:/a:sophos:unified_threat_management_software:8.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:sophos:unified_threat_management_software:9.007"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:sophos:unified_threat_management:110"/>
+          <cpe-lang:fact-ref name="cpe:/h:sophos:unified_threat_management:120"/>
+          <cpe-lang:fact-ref name="cpe:/h:sophos:unified_threat_management:220"/>
+          <cpe-lang:fact-ref name="cpe:/h:sophos:unified_threat_management:320"/>
+          <cpe-lang:fact-ref name="cpe:/h:sophos:unified_threat_management:425"/>
+          <cpe-lang:fact-ref name="cpe:/h:sophos:unified_threat_management:525"/>
+          <cpe-lang:fact-ref name="cpe:/h:sophos:unified_threat_management:625"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:sophos:unified_threat_management:425</vuln:product>
+      <vuln:product>cpe:/h:sophos:unified_threat_management:120</vuln:product>
+      <vuln:product>cpe:/a:sophos:unified_threat_management_software:9.108</vuln:product>
+      <vuln:product>cpe:/h:sophos:unified_threat_management:220</vuln:product>
+      <vuln:product>cpe:/a:sophos:unified_threat_management_software:9.107</vuln:product>
+      <vuln:product>cpe:/h:sophos:unified_threat_management:625</vuln:product>
+      <vuln:product>cpe:/h:sophos:unified_threat_management:110</vuln:product>
+      <vuln:product>cpe:/a:sophos:unified_threat_management_software:9.007</vuln:product>
+      <vuln:product>cpe:/h:sophos:unified_threat_management:525</vuln:product>
+      <vuln:product>cpe:/h:sophos:unified_threat_management:320</vuln:product>
+      <vuln:product>cpe:/a:sophos:unified_threat_management_software:8.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2537</vuln:cve-id>
+    <vuln:published-datetime>2014-03-18T13:04:18.813-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:37.407-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-19T14:23:43.637-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/" xml:lang="en">http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029920" xml:lang="en">1029920</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66231" xml:lang="en">66231</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57344" xml:lang="en">57344</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2538">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:joshua_peek:rack-ssl:1.3.3::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:joshua_peek:rack-ssl:1.3.1::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:joshua_peek:rack-ssl:1.2.0::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:joshua_peek:rack-ssl:1.0.0::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:joshua_peek:rack-ssl:1.1.0::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:joshua_peek:rack-ssl:1.3.0::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:joshua_peek:rack-ssl:1.3.2::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:joshua_peek:rack-ssl:1.3.4::~~~ruby~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:joshua_peek:rack-ssl:1.2.0::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:joshua_peek:rack-ssl:1.3.1::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:joshua_peek:rack-ssl:1.3.0::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:joshua_peek:rack-ssl:1.0.0::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:joshua_peek:rack-ssl:1.3.3::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:joshua_peek:rack-ssl:1.3.2::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:joshua_peek:rack-ssl:1.3.4::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:joshua_peek:rack-ssl:1.1.0::~~~ruby~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2538</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T14:21:48.357-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:39.317-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T11:04:22.103-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b" xml:lang="en">https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/19/20" xml:lang="en">[oss-security] 20140319 Re: CVE Request: rack-ssl rubygem: XSS in error page</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57466" xml:lang="en">57466</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-04/msg00032.html" xml:lang="en">openSUSE-SU-2014:0515</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2540">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:orbitscripts:orbit_open_ad_server:1.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:orbitscripts:orbit_open_ad_server:1.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2540</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T10:55:05.803-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T10:27:34.500-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T10:27:34.453-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23208" xml:lang="en">https://www.htbridge.com/advisory/HTB23208</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66667" xml:lang="en">66667</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531781/100/0/threaded" xml:lang="en">20140409 SQL Injection in Orbit Open Ad Server</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32792" xml:lang="en">32792</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2541">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:substantiation_es:2.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/h:tibco:messaging_appliance:8.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.10</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.3.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.4.11</vuln:product>
+      <vuln:product>cpe:/h:tibco:messaging_appliance:8.7.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.5.4</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.5.3</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.5.2</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.5.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:substantiation_es:2.8.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.3.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2541</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:47:28.667-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T10:13:38.093-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T10:13:32.703-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt" xml:lang="en">http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/mk/advisory.jsp" xml:lang="en">http://www.tibco.com/mk/advisory.jsp</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2542">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:substantiation_es:2.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/h:tibco:messaging_appliance:8.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.10</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.3.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.4.11</vuln:product>
+      <vuln:product>cpe:/h:tibco:messaging_appliance:8.7.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.5.4</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.5.3</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.5.2</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.5.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:substantiation_es:2.8.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.3.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2542</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:47:28.697-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T10:14:13.127-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T10:14:12.987-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt" xml:lang="en">http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/mk/advisory.jsp" xml:lang="en">http://www.tibco.com/mk/advisory.jsp</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2543">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:substantiation_es:2.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/h:tibco:messaging_appliance:8.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:7.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:rendezvous:8.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.10</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.3.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.4.11</vuln:product>
+      <vuln:product>cpe:/h:tibco:messaging_appliance:8.7.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.5.4</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.5.3</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.5.2</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:7.5.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.4.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:substantiation_es:2.8.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.3.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:rendezvous:8.2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2543</vuln:cve-id>
+    <vuln:published-datetime>2014-04-08T19:47:28.727-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-09T10:15:57.147-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-09T10:14:50.643-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt" xml:lang="en">http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/mk/advisory.jsp" xml:lang="en">http://www.tibco.com/mk/advisory.jsp</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2544">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:web_player:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:web_player:4.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:web_player:4.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:web_player:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:web_player:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:web_player:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:web_player:6.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:automation_services:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:automation_services:4.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:automation_services:4.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:automation_services:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:automation_services:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:automation_services:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:automation_services:6.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_server:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_server:4.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_server:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_server:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_server:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_server:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_server:6.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_professional:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_professional:4.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_professional:4.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_professional:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_professional:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_professional:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:spotfire_professional:6.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:analyst:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:desktop:6.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:deployment_kit:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:deployment_kit:4.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:deployment_kit:4.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:deployment_kit:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:deployment_kit:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:deployment_kit:5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:deployment_kit:6.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:tibco:spotfire_professional:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:web_player:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:automation_services:4.5.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:web_player:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_server:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:tibco:automation_services:4.5.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:web_player:4.5.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_server:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:web_player:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:analyst:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:web_player:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:tibco:web_player:4.5.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:deployment_kit:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_server:4.5.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_server:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:desktop:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_server:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:automation_services:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:tibco:deployment_kit:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_professional:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_professional:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_server:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_server:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_professional:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:tibco:deployment_kit:4.0.3</vuln:product>
+      <vuln:product>cpe:/a:tibco:deployment_kit:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:deployment_kit:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:automation_services:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:automation_services:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_professional:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:automation_services:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:automation_services:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:web_player:5.5.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:deployment_kit:4.5.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:deployment_kit:4.5.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_professional:4.5.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:spotfire_professional:4.5.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2544</vuln:cve-id>
+    <vuln:published-datetime>2014-04-09T20:55:09.937-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-10T11:13:37.177-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-10T11:13:36.880-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt" xml:lang="en">http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/mk/advisory.jsp" xml:lang="en">http://www.tibco.com/mk/advisory.jsp</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2545">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:slingshot:1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:slingshot:1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:slingshot:1.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:slingshot:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:vault:1.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_command_center:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_command_center:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_command_center:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_command_center:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_command_center:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_command_center:6.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_internet_server:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_internet_server:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_internet_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_internet_server:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_internet_server:6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_internet_server:7.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_internet_server:7.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:slingshot:1.9.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_command_center:6.7</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_command_center:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_command_center:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:slingshot:1.7.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:vault:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_command_center:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_internet_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_internet_server:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_internet_server:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_internet_server:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_internet_server:6.7</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_command_center:7.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:slingshot:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:slingshot:1.8.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_command_center:7.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2545</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:05.380-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T15:15:07.567-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T14:17:44.543-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/multimedia/mft_advisory_20140429_tcm8-21013.txt" xml:lang="en">http://www.tibco.com/multimedia/mft_advisory_20140429_tcm8-21013.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/mk/advisory.jsp" xml:lang="en">http://www.tibco.com/mk/advisory.jsp</vuln:reference>
+    </vuln:references>
+    <vuln:summary>TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2553">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.7</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.19</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.9</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.8</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.12</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.13</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.14</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.11</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.15</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.20</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.18</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.16</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2553</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:05:57.207-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-02T15:08:55.373-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T15:08:47.200-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.otrs.com/security-advisory-2014-04-xss-issue" xml:lang="en">https://www.otrs.com/security-advisory-2014-04-xss-issue</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57616" xml:lang="en">57616</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2554">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:novell:opensuse:13.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.1.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.2.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:otrs:otrs:3.3.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.19</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.12</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.13</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.14</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.10</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:novell:opensuse:13.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.11</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.15</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.20</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:beta5</vuln:product>
+      <vuln:product>cpe:/o:novell:opensuse:12.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.6</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.18</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.3</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.4</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.2.5</vuln:product>
+      <vuln:product>cpe:/a:otrs:otrs:3.3.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2554</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:04.017-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T11:19:28.307-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T11:19:28.027-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/" xml:lang="en">http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html" xml:lang="en">openSUSE-SU-2014:0561</vuln:reference>
+    </vuln:references>
+    <vuln:summary>OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2565">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:bluecoat:content_analysis_system_software:1.1.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:bluecoat:content_analysis_system_software:1.1.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:bluecoat:content_analysis_system_software:1.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:bluecoat:content_analysis_system:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:bluecoat:content_analysis_system_software:1.1.2.1</vuln:product>
+      <vuln:product>cpe:/h:bluecoat:content_analysis_system:-</vuln:product>
+      <vuln:product>cpe:/a:bluecoat:content_analysis_system_software:1.1</vuln:product>
+      <vuln:product>cpe:/a:bluecoat:content_analysis_system_software:1.1.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2565</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:06.377-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T09:49:31.517-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T09:49:31.437-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kb.bluecoat.com/index?page=content&amp;id=SA78&amp;actp=LIST" xml:lang="en">https://kb.bluecoat.com/index?page=content&amp;id=SA78&amp;actp=LIST</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2567">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.3.96"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.3.93"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.3.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.3.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.3.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.2.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.2.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.2.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:trojita_project:trojita:0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.3.96</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.3.91</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.3.92</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.3.93</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.3.90</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.3</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.2.9.3</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.4</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.2.9.2</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.2.9.1</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.2.9</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.1</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.2</vuln:product>
+      <vuln:product>cpe:/a:trojita_project:trojita:0.2.9.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2567</vuln:cve-id>
+    <vuln:published-datetime>2014-03-21T06:55:05.580-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-25T20:20:34.740-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-21T08:50:48.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/jktjkt/trojita/commit/25fffa3e25cbad85bbca804193ad336b090a9ce1" xml:lang="en">https://github.com/jktjkt/trojita/commit/25fffa3e25cbad85bbca804193ad336b090a9ce1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html" xml:lang="en">http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2568">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2568</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T12:40:48.403-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:38.720-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.9</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T13:35:35.553-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/20/16" xml:lang="en">[oss-security] 20140320 Re: CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://lkml.org/lkml/2014/3/20/421" xml:lang="en">[linux-kernel] 20140320 [PATCH v3] core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle errors</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1079012" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1079012</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91922" xml:lang="en">linux-kernel-cve20142568-info-disclosure(91922)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66348" xml:lang="en">66348</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/627" xml:lang="en">[oss-sec] 20140320 CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2571">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.3.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.11</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.0</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.7</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4.8</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1.9</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.3.10</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.4</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2571</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.620-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:24:29.983-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T11:55:41.627-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://moodle.org/mod/forum/discuss.php?d=256416" xml:lang="en">https://moodle.org/mod/forum/discuss.php?d=256416</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/17/1" xml:lang="en">[oss-security] 20140317 Moodle security notifications public</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43690" xml:lang="en">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43690</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2572">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:moodle:moodle:2.6.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:moodle:moodle:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:moodle:moodle:2.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2572</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T10:20:39.650-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:29:58.227-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T12:00:29.167-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://moodle.org/mod/forum/discuss.php?d=256425" xml:lang="en">https://moodle.org/mod/forum/discuss.php?d=256425</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/17/1" xml:lang="en">[oss-security] 20140317 Moodle security notifications public</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43468" xml:lang="en">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43468</vuln:reference>
+    </vuln:references>
+    <vuln:summary>mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2573">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openstack:compute:2013.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:compute:2013.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:compute:2013.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openstack:compute:2013.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:compute:2013.2.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:compute:2013.2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2573</vuln:cve-id>
+    <vuln:published-datetime>2014-03-25T12:55:28.677-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-26T09:41:06.717-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.3</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-26T09:41:05.607-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.launchpad.net/nova/+bug/1269418" xml:lang="en">https://bugs.launchpad.net/nova/+bug/1269418</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/21/2" xml:lang="en">[oss-security] 20140321 Re: CVE request for vulnerability in OpenStack Nova</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/21/1" xml:lang="en">[oss-security] 20140321 CVE request for vulnerability in OpenStack Nova</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57498" xml:lang="en">57498</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2578">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:splunk:splunk:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:splunk:splunk:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:splunk:splunk:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:splunk:splunk:5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:splunk:splunk:5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:splunk:splunk:5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:splunk:splunk:5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:splunk:splunk:5.0.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:splunk:splunk:5.0.6</vuln:product>
+      <vuln:product>cpe:/a:splunk:splunk:5.0.7</vuln:product>
+      <vuln:product>cpe:/a:splunk:splunk:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:splunk:splunk:5.0.3</vuln:product>
+      <vuln:product>cpe:/a:splunk:splunk:5.0</vuln:product>
+      <vuln:product>cpe:/a:splunk:splunk:5.0.4</vuln:product>
+      <vuln:product>cpe:/a:splunk:splunk:5.0.5</vuln:product>
+      <vuln:product>cpe:/a:splunk:splunk:5.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2578</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:06:02.190-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-02T14:19:07.710-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-02T14:19:07.647-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92126" xml:lang="en">splunk-cve20142578-xss(92126)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.splunk.com/view/SP-CAAAKQX" xml:lang="en">http://www.splunk.com/view/SP-CAAAKQX</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029966" xml:lang="en">1029966</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57554" xml:lang="en">57554</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2579">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.5::standalone"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.5::standalone</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2579</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T16:55:03.007-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T08:01:35.070-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T08:01:34.070-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23207" xml:lang="en">https://www.htbridge.com/advisory/HTB23207</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531780/100/0/threaded" xml:lang="en">20140409 &amp;ETH;&amp;iexcl;ross-Site Request Forgery (CSRF) in XCloner Standalone</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32790" xml:lang="en">32790</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php.  NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin.  NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2580">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2580</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:13.337-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T09:57:39.067-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T09:57:38.987-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-90.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-90.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029949" xml:lang="en">1029949</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66386" xml:lang="en">66386</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/24/8" xml:lang="en">[oss-security] 20140324 Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/24/6" xml:lang="en">[oss-security] 20140324 Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" error and host crash) via a malformed packet, which causes a mutex to be taken when trying to disable the interface.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2583">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:kernel:linux-pam:1.1.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:kernel:linux-pam:1.1.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2583</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T16:29:20.707-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T11:51:15.167-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T11:50:40.357-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8" xml:lang="en">https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66493" xml:lang="en">66493</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/31/6" xml:lang="en">[oss-security] 20140331 Re: pam_timestamp internals</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/26/10" xml:lang="en">[oss-security] 20140326 Re: pam_timestamp internals</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/24/5" xml:lang="en">[oss-security] 20140324 pam_timestamp internals</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57317" xml:lang="en">57317</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2585">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.14:a"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:owncloud:owncloud:5.0.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:owncloud:owncloud:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.13</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.14</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.12</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.14:a</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.10</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.6</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.9</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.5</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.8</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.4</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.7</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.3</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.11</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:owncloud:owncloud:6.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2585</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T12:35:49.380-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T13:10:35.567-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T13:10:16.630-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://owncloud.org/about/security/advisories/oC-SA-2014-008/" xml:lang="en">http://owncloud.org/about/security/advisories/oC-SA-2014-008/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2586">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:cloud_single_sign_on:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mcafee:cloud_single_sign_on:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2586</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T12:38:59.713-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T18:15:40.043-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T13:20:15.733-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://twitter.com/BrandonPrry/status/445969380656943104" xml:lang="en">https://twitter.com/BrandonPrry/status/445969380656943104</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66302" xml:lang="en">66302</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32368" xml:lang="en">32368</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/325" xml:lang="en">20140318 McAfee Cloud SSO and McAfee Asset Manager vulns</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html" xml:lang="en">http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2587">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:asset_manager:6.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mcafee:asset_manager:6.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2587</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T12:38:59.947-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:39.203-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T13:17:08.823-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91929" xml:lang="en">mcafee-asset-reportsaudit-sql-injection(91929)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029927" xml:lang="en">1029927</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66302" xml:lang="en">66302</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/104634" xml:lang="en">104634</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32368" xml:lang="en">32368</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/325" xml:lang="en">20140318 McAfee Cloud SSO and McAfee Asset Manager vulns</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html" xml:lang="en">http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2588">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mcafee:asset_manager:6.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mcafee:asset_manager:6.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2588</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T12:38:59.963-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T02:29:39.283-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T13:19:18.983-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91930" xml:lang="en">mcafee-asset-dir-traversal(91930)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029927" xml:lang="en">1029927</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66302" xml:lang="en">66302</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/104633" xml:lang="en">104633</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32368" xml:lang="en">32368</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/325" xml:lang="en">20140318 McAfee Cloud SSO and McAfee Asset Manager vulns</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html" xml:lang="en">http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2589">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/h:dell:sonicwall_network_security_appliance_2400:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:dell:sonicwall_network_security_appliance_2400:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2589</vuln:cve-id>
+    <vuln:published-datetime>2014-03-24T12:39:00.353-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-24T13:40:13.407-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-24T13:40:01.640-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91766" xml:lang="en">sonicwall-nsa-dashboard-xss(91766)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.vulnerability-lab.com/get_content.php?id=1100" xml:lang="en">http://www.vulnerability-lab.com/get_content.php?id=1100</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029884" xml:lang="en">1029884</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66042" xml:lang="en">66042</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531364/100/0/threaded" xml:lang="en">20140306 SonicWall Dashboard Backend Server - Client Side Cross Site Scripting Web Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/104089" xml:lang="en">104089</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57275" xml:lang="en">57275</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2590">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:4.0::~~~~rsg2488~"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.11::~~~~rs950g~"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:siemens:ruggedcom_rugged_operating_system:3.9.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:4.0::~~~~rsg2488~</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.12</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.11::~~~~rs950g~</vuln:product>
+      <vuln:product>cpe:/o:siemens:ruggedcom_rugged_operating_system:3.2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2590</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:29:39.423-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-01T10:25:17.387-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T10:25:14.103-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2597">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:remote-rac:rac_server:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:remote-rac:rac_server:4.0.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:remote-rac:rac_server:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:remote-rac:rac_server:4.0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2597</vuln:cve-id>
+    <vuln:published-datetime>2014-04-18T18:14:38.730-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T14:15:30.817-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T14:15:30.770-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2597/" xml:lang="en">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2597/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58090" xml:lang="en">58090</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/221" xml:lang="en">20140416 CVE-2014-2597 - Denial of Service in PCNetSoftware RAC Server</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled keyboard or crash) via a large input buffer to unspecified IOCTL requests in RACDriver.sys, which triggers a buffer over-read.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2599">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.6.1::~~x86~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.5::~~x86~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.4::~~x86~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.3::~~x86~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.2::~~x86~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.1::~~x86~~~"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.1.0::~~x86~~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:4.1.5</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.4</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.3.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.6.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.2.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.3.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.3.1</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.6.1::~~x86~~~</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.4.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.5::~~x86~~~</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.3::~~x86~~~</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.4::~~x86~~~</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.1::~~x86~~~</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.2</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.2::~~x86~~~</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.3</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.0</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.0::~~x86~~~</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2599</vuln:cve-id>
+    <vuln:published-datetime>2014-03-28T11:55:08.890-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T11:49:18.393-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T11:49:18.250-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-89.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-89.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029956" xml:lang="en">1029956</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66407" xml:lang="en">66407</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/25/2" xml:lang="en">[oss-security] 20140325 Re: Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/25/1" xml:lang="en">[oss-security] 20140325 Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2600">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:hp:icewall_identity_manager:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:icewall_identity_manager:4.0:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:icewall_identity_manager:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:hp:icewall_sso_password_reset_option:10.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:hp:icewall_identity_manager:5.0</vuln:product>
+      <vuln:product>cpe:/a:hp:icewall_identity_manager:4.0:sp1</vuln:product>
+      <vuln:product>cpe:/a:hp:icewall_identity_manager:4.0</vuln:product>
+      <vuln:product>cpe:/a:hp:icewall_sso_password_reset_option:10.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2600</vuln:cve-id>
+    <vuln:published-datetime>2014-04-05T10:55:03.823-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-07T10:57:43.837-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-07T10:57:43.773-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04214298" xml:lang="en">SSRT101450</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04214298" xml:lang="en">HPSBGN02986</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2601">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:1.00"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:1.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:1.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:1.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:1.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:2.12"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:1.75</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:1.30</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:1.20</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:1.00</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:1.10</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:2.22</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:2.23</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:2.20</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:2.12</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:2.15</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:1.70</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2601</vuln:cve-id>
+    <vuln:published-datetime>2014-04-24T19:55:05.580-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:20:31.153-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T09:20:31.043-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787" xml:lang="en">SSRT101509</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787" xml:lang="en">HPSBHF03006</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2653">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openbsd:openssh:6.4</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.5</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.6</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.0</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.1</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.2</vuln:product>
+      <vuln:product>cpe:/a:openbsd:openssh:6.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2653</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T06:55:04.513-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:42.270-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-27T11:42:34.657-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2164-1" xml:lang="en">USN-2164-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2894" xml:lang="en">DSA-2894</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/26/7" xml:lang="en">[oss-security] 20140326 CVE request: openssh client does not check SSHFP if server offers certificate</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2654">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mobfox:madserve:2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mobfox:madserve:2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2654</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T10:23:35.440-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T08:41:39.547-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T08:41:39.500-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23209" xml:lang="en">https://www.htbridge.com/advisory/HTB23209</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92545" xml:lang="en">madserve-cve20142654-sql-injection(92545)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66661" xml:lang="en">66661</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531848/100/0/threaded" xml:lang="en">20140416 SQL Injection in mAdserve</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58003" xml:lang="en">58003</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2655">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:postfix_admin_project:postfix_admin:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix_admin_project:postfix_admin:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix_admin_project:postfix_admin:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix_admin_project:postfix_admin:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix_admin_project:postfix_admin:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix_admin_project:postfix_admin:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix_admin_project:postfix_admin:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postfix_admin_project:postfix_admin:2.2.1.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:postfix_admin_project:postfix_admin:2.2.1.1</vuln:product>
+      <vuln:product>cpe:/a:postfix_admin_project:postfix_admin:2.3</vuln:product>
+      <vuln:product>cpe:/a:postfix_admin_project:postfix_admin:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:postfix_admin_project:postfix_admin:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:postfix_admin_project:postfix_admin:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:postfix_admin_project:postfix_admin:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:postfix_admin_project:postfix_admin:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:postfix_admin_project:postfix_admin:2.3.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2655</vuln:cve-id>
+    <vuln:published-datetime>2014-04-02T12:06:02.253-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:42.380-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-03T10:12:09.657-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/postfixadmin/code/1650" xml:lang="en">http://sourceforge.net/p/postfixadmin/code/1650</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66455" xml:lang="en">66455</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/26/6" xml:lang="en">[oss-security] 20140326 CVE request: postfixadmin SQL injection vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/26/11" xml:lang="en">[oss-security] 20140326 Re: CVE request: postfixadmin SQL injection vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2889" xml:lang="en">DSA-2889</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2657">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:14.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:papercut:papercut_mf:14.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2657</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:07.080-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:08:14.863-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:08:14.817-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92650" xml:lang="en">papercut-cve20142657-unspec(92650)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.papercut-mf.com/release-history/" xml:lang="en">http://www.papercut-mf.com/release-history/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the print release functionality in PaperCut MF 14.1 (Build 26983) has unknown impact and remote vectors, related to embedded MFPs.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2658">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:papercut:papercut_mf:14.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:14.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.5</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.2</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.4</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.4</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.2</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.3</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.3</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.5</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:14.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:14.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.2</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.4</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.2</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.3</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.3</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.5</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.5</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2658</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:07.517-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:03:33.383-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:03:33.070-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92649" xml:lang="en">papercut-cve20142658-dos(92649)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.papercut.com/release-history/" xml:lang="en">http://www.papercut.com/release-history/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.papercut-mf.com/release-history/" xml:lang="en">http://www.papercut-mf.com/release-history/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58037" xml:lang="en">58037</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a denial of service via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2659">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:papercut:papercut_mf:14.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:14.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.5</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.2</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.4</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.4</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.2</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.3</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.3</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.5</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:14.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:14.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.2</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.4</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.2</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.3</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.3</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.5</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.5</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2659</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T10:23:35.910-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T08:55:54.260-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T08:55:53.790-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92648" xml:lang="en">papercut-cve20142659-csrf(92648)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.papercut.com/release-history/" xml:lang="en">http://www.papercut.com/release-history/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.papercut-mf.com/release-history/" xml:lang="en">http://www.papercut-mf.com/release-history/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58037" xml:lang="en">58037</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2665">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.12</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.13</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2665</vuln:cve-id>
+    <vuln:published-datetime>2014-04-19T21:55:06.987-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:06:23.157-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T19:23:37.350-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php" xml:lang="en">https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html" xml:lang="en">[mediawiki-announce] 20140328 MediaWiki Security and Maintenance Releases: 1.22.5, 1.21.8 and 1.19.14</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.wikimedia.org/show_bug.cgi?id=62497" xml:lang="en">https://bugzilla.wikimedia.org/show_bug.cgi?id=62497</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/01/7" xml:lang="en">[oss-security] 20140401 Re: CVE request: MediaWiki 1.22.5 login csrf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/03/28/1" xml:lang="en">[oss-security] 20140327 CVE request: MediaWiki 1.22.5 login csrf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2668">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:couchdb:1.5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:couchdb:1.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2668</vuln:cve-id>
+    <vuln:published-datetime>2014-03-28T12:51:06.127-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:42.490-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T11:16:39.827-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92161" xml:lang="en">apache-couchdb-cve20142668-dos(92161)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029967" xml:lang="en">1029967</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66474" xml:lang="en">66474</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32519" xml:lang="en">32519</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57572" xml:lang="en">57572</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125889" xml:lang="en">http://packetstormsecurity.com/files/125889</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2669">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:postgresql:postgresql:9.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.15</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.12</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.13</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.14</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.1</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.3.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.7</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.2</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.4</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.5</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.11</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.3</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.1.10</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.8</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.9</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.6</vuln:product>
+      <vuln:product>cpe:/a:postgresql:postgresql:9.0.7</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2669</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:19.600-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T14:02:04.160-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T14:01:51.693-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a" xml:lang="en">https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.postgresql.org/support/security/" xml:lang="en">http://www.postgresql.org/support/security/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.postgresql.org/about/news/1506/" xml:lang="en">http://www.postgresql.org/about/news/1506/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2865" xml:lang="en">DSA-2865</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2864" xml:lang="en">DSA-2864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://wiki.postgresql.org/wiki/20140220securityrelease" xml:lang="en">http://wiki.postgresql.org/wiki/20140220securityrelease</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow.  NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2670">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:zohocorp:manageengine_opstor:8.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:zohocorp:manageengine_opstor:8.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2670</vuln:cve-id>
+    <vuln:published-datetime>2014-03-29T16:55:04.157-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-31T13:36:05.170-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-03-31T13:36:03.360-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/140886" xml:lang="en">VU#140886</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2671">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:windows_media_player:11.0.5721.5230"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:windows_media_player:11.0.5721.5230</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2671</vuln:cve-id>
+    <vuln:published-datetime>2014-03-31T10:58:57.977-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T10:29:09.940-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T10:29:08.973-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92080" xml:lang="en">ms-media-player-wav-code-exec(92080)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66403" xml:lang="en">66403</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32477/" xml:lang="en">32477</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125834" xml:lang="en">http://packetstormsecurity.com/files/125834</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2672">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2672</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:35:53.747-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:43.037-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T15:15:34.473-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/21f8aaee0c62708654988ce092838aa7df4d25d8" xml:lang="en">https://github.com/torvalds/linux/commit/21f8aaee0c62708654988ce092838aa7df4d25d8</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21f8aaee0c62708654988ce092838aa7df4d25d8" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21f8aaee0c62708654988ce092838aa7df4d25d8</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15" xml:lang="en">https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.kernel.org/show_bug.cgi?id=70551" xml:lang="en">https://bugzilla.kernel.org/show_bug.cgi?id=70551</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66492" xml:lang="en">66492</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/30/5" xml:lang="en">[oss-security] 20140330 Re: CVE request: Linux Kernel, two security issues</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57468" xml:lang="en">57468</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2673">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2673</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:35:53.780-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:43.147-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.7</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T15:17:37.303-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/621b5060e823301d0cba4cb52a7ee3491922d291" xml:lang="en">https://github.com/torvalds/linux/commit/621b5060e823301d0cba4cb52a7ee3491922d291</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=621b5060e823301d0cba4cb52a7ee3491922d291" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=621b5060e823301d0cba4cb52a7ee3491922d291</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15" xml:lang="en">https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92113" xml:lang="en">linux-kernel-cve20142673-dos(92113)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66477" xml:lang="en">66477</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/30/5" xml:lang="en">[oss-security] 20140330 Re: CVE request: Linux Kernel, two security issues</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57436" xml:lang="en">57436</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2678">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2678</vuln:cve-id>
+    <vuln:published-datetime>2014-04-01T02:35:53.810-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:43.270-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.7</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-01T19:47:21.940-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://lkml.org/lkml/2014/3/29/188" xml:lang="en">[linux-kernel] 20140329 [PATCH v2] rds: prevent dereference of a NULL device in rds_iw_laddr_check</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66543" xml:lang="en">66543</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/31/10" xml:lang="en">[oss-security] 20140331 CVE-2013-7348 CVE-2014-2678 Linux kernel aio and rds issues</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html" xml:lang="en">FEDORA-2014-4844</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2690">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:citrix:vdi-in-a-box:5.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:citrix:vdi-in-a-box:5.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:citrix:vdi-in-a-box:5.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:citrix:vdi-in-a-box:5.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:citrix:vdi-in-a-box:5.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:citrix:vdi-in-a-box:5.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:citrix:vdi-in-a-box:5.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:citrix:vdi-in-a-box:5.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:citrix:vdi-in-a-box:5.4.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:citrix:vdi-in-a-box:5.3.5</vuln:product>
+      <vuln:product>cpe:/a:citrix:vdi-in-a-box:5.3.4</vuln:product>
+      <vuln:product>cpe:/a:citrix:vdi-in-a-box:5.4.2</vuln:product>
+      <vuln:product>cpe:/a:citrix:vdi-in-a-box:5.3.0</vuln:product>
+      <vuln:product>cpe:/a:citrix:vdi-in-a-box:5.4.1</vuln:product>
+      <vuln:product>cpe:/a:citrix:vdi-in-a-box:5.4.0</vuln:product>
+      <vuln:product>cpe:/a:citrix:vdi-in-a-box:5.3.3</vuln:product>
+      <vuln:product>cpe:/a:citrix:vdi-in-a-box:5.3.1</vuln:product>
+      <vuln:product>cpe:/a:citrix:vdi-in-a-box:5.3.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2690</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T10:55:04.827-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T09:07:38.793-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T09:07:38.590-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030068" xml:lang="en">1030068</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.citrix.com/article/CTX140106" xml:lang="en">http://support.citrix.com/article/CTX140106</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57734" xml:lang="en">57734</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2706">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2706</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T19:55:07.700-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T11:12:39.970-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T11:12:37.143-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba" xml:lang="en">https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1d147bfa64293b2723c4fec50922168658e613ba" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1d147bfa64293b2723c4fec50922168658e613ba</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1083512" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1083512</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18" xml:lang="en">https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/01/8" xml:lang="en">[oss-security] 20140401 Re: CVE request: Linux Kernel, two security issues</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2707">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:linuxfoundation:cups-filters:1.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/a:linuxfoundation:cups-filters:1.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/a:linuxfoundation:cups-filters:1.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/a:linuxfoundation:cups-filters:1.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/a:linuxfoundation:cups-filters:1.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:linuxfoundation:cups-filters:1.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/a:linuxfoundation:cups-filters:1.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/a:linuxfoundation:cups-filters:1.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/a:linuxfoundation:cups-filters:1.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/a:linuxfoundation:cups-filters:1.0.48"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:linuxfoundation:cups-filters:1.0.41</vuln:product>
+      <vuln:product>cpe:/a:linuxfoundation:cups-filters:1.0.42</vuln:product>
+      <vuln:product>cpe:/a:linuxfoundation:cups-filters:1.0.43</vuln:product>
+      <vuln:product>cpe:/a:linuxfoundation:cups-filters:1.0.44</vuln:product>
+      <vuln:product>cpe:/a:linuxfoundation:cups-filters:1.0.45</vuln:product>
+      <vuln:product>cpe:/a:linuxfoundation:cups-filters:1.0.46</vuln:product>
+      <vuln:product>cpe:/a:linuxfoundation:cups-filters:1.0.49</vuln:product>
+      <vuln:product>cpe:/a:linuxfoundation:cups-filters:1.0.47</vuln:product>
+      <vuln:product>cpe:/a:linuxfoundation:cups-filters:1.0.48</vuln:product>
+      <vuln:product>cpe:/a:linuxfoundation:cups-filters:1.0.50</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2707</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:11.700-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-18T13:40:13.767-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-18T13:40:13.673-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1083326" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1083326</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57530" xml:lang="en">57530</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/13" xml:lang="en">[oss-security] 20140402 Re: cups-browsed remote exploit</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html" xml:lang="en">FEDORA-2014-4708</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS" xml:lang="en">http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS</vuln:reference>
+    </vuln:references>
+    <vuln:summary>cups-browsed in cups-filters 1.0.41 before 1.0.51 in allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2708">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.8b"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.8b</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2708</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T16:29:21.050-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T12:05:53.480-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T12:05:49.713-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.cacti.net/viewvc?view=rev&amp;revision=7439" xml:lang="en">http://svn.cacti.net/viewvc?view=rev&amp;revision=7439</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1084258" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1084258</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92278" xml:lang="en">cacti-cve20142708-sql-injection(92278)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66555" xml:lang="en">66555</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/2" xml:lang="en">[oss-security] 20140401 CVE request: cacti "bug#0002405: SQL injection in graph_xport.php"</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/15" xml:lang="en">[oss-security] 20140403 Re: CVE request: cacti "bug#0002405: SQL injection in graph_xport.php"</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in graph_xport.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2709">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7f"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7e"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7d"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7c"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.8a"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.8b"/>
+        <cpe-lang:fact-ref name="cpe:/a:cacti:cacti:0.8.7g"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7f</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7g</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.8</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7b</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.8b</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.8a</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7c</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7d</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7a</vuln:product>
+      <vuln:product>cpe:/a:cacti:cacti:0.8.7e</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2709</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:04.360-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T11:24:00.673-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T11:24:00.610-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.cacti.net/viewvc?view=rev&amp;revision=7439" xml:lang="en">http://svn.cacti.net/viewvc?view=rev&amp;revision=7439</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66630" xml:lang="en">66630</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57647" xml:lang="en">57647</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/15" xml:lang="en">[oss-security] 20140403 Re: CVE request: cacti "bug#0002405: SQL injection in graph_xport.php"</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html" xml:lang="en">FEDORA-2014-4892</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html" xml:lang="en">FEDORA-2014-4928</vuln:reference>
+    </vuln:references>
+    <vuln:summary>lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2711">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x44"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x45"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x46"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:11.4x27"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:junos:12.3</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.2</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x44</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x46</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:11.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x45</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:11.4x27</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.2</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.1</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2711</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T11:09:06.333-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:43.723-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T09:34:06.177-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10619" xml:lang="en">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10619</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2712">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x44"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x45"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x46"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:10.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:junos:12.2</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x44</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x46</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:11.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x45</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:10.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:10.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2712</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T11:09:06.367-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:43.833-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T09:37:15.950-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10521" xml:lang="en">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10521</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2713">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:11.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:junos:12.3</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.2</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:11.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.2</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.1</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:13.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2713</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T11:09:06.397-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T09:52:50.513-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T09:52:50.027-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10621" xml:lang="en">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10621</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of service (PFE restart) via a crafted IP packet to certain (1) Trio or (2) Cassis-based Packet Forwarding Engine (PFE) modules.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2714">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x44"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x45"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:12.1x46"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:junos:10.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:junos:12.1x44</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x46</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:11.4</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1x45</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:12.1</vuln:product>
+      <vuln:product>cpe:/o:juniper:junos:10.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2714</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T11:09:06.413-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T10:06:06.460-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T10:06:06.397-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66760" xml:lang="en">66760</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://securitytracker.com/id?1030060" xml:lang="en">1030060</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57835" xml:lang="en">57835</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10622" xml:lang="en">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10622</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows remote attackers to cause a denial of service (flow daemon crash and restart) via a crafted URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2715">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:videowhisper:7.x-1.3::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:videowhisper:7.x-1.1::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:videowhisper:7.x-1.0::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:videowhisper:7.x-1.x:dev:~~~drupal~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:videowhisper:videowhisper:7.x-1.3::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:videowhisper:7.x-1.0::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:videowhisper:7.x-1.1::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:videowhisper:7.x-1.x:dev:~~~drupal~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2715</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:07.643-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T08:57:40.247-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T08:57:40.170-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531935/100/0/threaded" xml:lang="en">20140425 [CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2719">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.140"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.220"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.246"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.260"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.270"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.354"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n10e_firmware:2.0.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n10e_firmware:2.0.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n10e_firmware:2.0.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n10e_firmware:2.0.0.20"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n10e_firmware:2.0.0.24"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n10e_firmware:2.0.0.25"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n10e_firmware:2.0.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n14u_firmware:3.0.0.4.322"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n14u_firmware:3.0.0.4.356"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n16_firmware:1.0.1.9"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n16_firmware:1.0.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n16_firmware:3.0.0.3.108"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n16_firmware:3.0.0.3.162"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n16_firmware:3.0.0.3.178"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n16_firmware:3.0.0.4.220"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n16_firmware:3.0.0.4.246"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n16_firmware:3.0.0.4.260"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n16_firmware:3.0.0.4.354"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n16_firmware:7.0.2.38b"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:1.0.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:1.0.1.4o"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:1.0.1.7c"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:1.0.1.7f"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:1.0.1.8j"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:1.0.1.8l"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:1.0.1.8n"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:3.0.0.4.318"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:3.0.0.4.334"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:3.0.0.4.342"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:3.0.0.4.360"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:7.0.1.21"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:7.0.1.32"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n56u_firmware:8.1.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n65u_firmware:3.0.0.3.134"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n65u_firmware:3.0.0.3.176"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n65u_firmware:3.0.0.4.260"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n65u_firmware:3.0.0.4.334"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n65u_firmware:3.0.0.4.342"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n65u_firmware:3.0.0.4.346"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n66u_firmware:3.0.0.4.272"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-n66u_firmware:3.0.0.4.370"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.374_4561"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.374.4755"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.374_4887"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:asus:rt-ac68u:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.220</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n16_firmware:3.0.0.4.354</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n16_firmware:1.0.2.3</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n10e_firmware:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n16_firmware:3.0.0.3.178</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:1.0.1.4o</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n10e_firmware:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n16_firmware:3.0.0.4.260</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.354</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:1.0.1.7c</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:1.0.1.4</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n65u_firmware:3.0.0.3.134</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:7.0.1.21</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.246</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n16_firmware:3.0.0.3.108</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n10e_firmware:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:3.0.0.4.318</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.374.4755</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:1.0.1.7f</vuln:product>
+      <vuln:product>cpe:/h:asus:rt-ac68u:-</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n16_firmware:1.0.1.9</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n66u_firmware:3.0.0.4.272</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n16_firmware:3.0.0.3.162</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:8.1.1.4</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.270</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n14u_firmware:3.0.0.4.356</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n10e_firmware:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n10e_firmware:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n66u_firmware:3.0.0.4.370</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.140</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n10e_firmware:2.0.0.24</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n10e_firmware:2.0.0.25</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n65u_firmware:3.0.0.4.334</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:3.0.0.4.342</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n65u_firmware:3.0.0.3.176</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:1.0.1.8l</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n65u_firmware:3.0.0.4.260</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:1.0.1.8j</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n16_firmware:3.0.0.4.246</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:1.0.1.8n</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n14u_firmware:3.0.0.4.322</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:7.0.1.32</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.374_4561</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-ac66u_firmware:3.0.0.4.260</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n16_firmware:7.0.2.38b</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n65u_firmware:3.0.0.4.342</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:3.0.0.4.334</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n65u_firmware:3.0.0.4.346</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.374_4887</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n16_firmware:3.0.0.4.220</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-n56u_firmware:3.0.0.4.360</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2719</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T09:06:29.493-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T15:20:09.963-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-22T15:20:09.587-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29" xml:lang="en">http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/225" xml:lang="en">20140416 ASUS RT-XXXX SOHO routers expose admin password, fixed in 3.0.0.4.374.5517</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html" xml:lang="en">http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2729">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ektron:ektron_content_management_system:8.7.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ektron:ektron_content_management_system:8.7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2729</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T10:15:30.517-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T13:51:50.370-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T13:51:50.260-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531853/100/0/threaded" xml:lang="en">20140416 [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531852/100/0/threaded" xml:lang="en">20140416 [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2730">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office:2011::mac"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office:2013:-:~-~-~-~x64~"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office:2013:-:~-~-~-~x86~"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office:2010:sp1:x64"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office:2010:sp1:x86"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office:2010:sp2:x64"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office:2010:sp2:x86"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:office:2007:sp3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:office:2013:-:~-~-~-~x64~</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office:2010:sp1:x64</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office:2013:-:~-~-~-~x86~</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office:2010:sp2:x64</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office:2011::mac</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office:2010:sp2:x86</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office:2007:sp3</vuln:product>
+      <vuln:product>cpe:/a:microsoft:office:2010:sp1:x86</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2730</vuln:cve-id>
+    <vuln:published-datetime>2014-04-05T10:55:04.993-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-07T11:16:02.327-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-07T11:16:02.093-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531722/100/0/threaded" xml:lang="en">20140403 [softScheck] Denial of Service in Microsoft Office 2007-2013</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption and persistent application hang) via a crafted XML document containing a large number of nested entity references, as demonstrated by a crafted text/plain e-mail message to Outlook, a similar issue to CVE-2003-1564.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2731">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:siemens:sinema_server:12.0:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:siemens:sinema_server:12.0:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2731</vuln:cve-id>
+    <vuln:published-datetime>2014-04-19T15:55:07.763-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T15:28:08.697-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T15:28:08.650-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2732">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:siemens:sinema_server:12.0:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:siemens:sinema_server:12.0:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2732</vuln:cve-id>
+    <vuln:published-datetime>2014-04-19T15:55:07.797-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T15:29:42.513-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T15:29:42.497-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2733">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:siemens:sinema_server:12.0:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:siemens:sinema_server:12.0:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2733</vuln:cve-id>
+    <vuln:published-datetime>2014-04-19T15:55:07.810-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T15:31:57.517-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T15:31:57.203-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2734">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:p0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:p195"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:p247"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:preview1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:preview2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.1:preview1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:p247</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.1:preview1</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:p195</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:p0</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:preview2</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:preview1</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.1:-</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2734</vuln:cve-id>
+    <vuln:published-datetime>2014-04-24T19:55:05.707-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:30:18.403-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T09:30:13.623-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gist.github.com/10446549" xml:lang="en">https://gist.github.com/10446549</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/231" xml:lang="en">20140416 Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html" xml:lang="en">http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2735">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:winscp:winscp:5.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:winscp:winscp:5.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:winscp:winscp:5.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:winscp:winscp:5.5.2</vuln:product>
+      <vuln:product>cpe:/a:winscp:winscp:5.5.1</vuln:product>
+      <vuln:product>cpe:/a:winscp:winscp:5.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2735</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T09:06:29.853-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T15:25:03.607-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-22T15:25:03.500-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531847/100/0/threaded" xml:lang="en">20140416 CVE-2014-2735 - WinSCP: missing X.509 validation</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://winscp.net/tracker/show_bug.cgi?id=1152" xml:lang="en">http://winscp.net/tracker/show_bug.cgi?id=1152</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://winscp.net/eng/docs/history" xml:lang="en">http://winscp.net/eng/docs/history</vuln:reference>
+    </vuln:references>
+    <vuln:summary>WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2736">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.2:pl1"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:modx:modx_revolution:2.2.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.2:pl1</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.9</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.8</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.10</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.7</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.6</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.11</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.13</vuln:product>
+      <vuln:product>cpe:/a:modx:modx_revolution:2.2.12</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2736</vuln:cve-id>
+    <vuln:published-datetime>2014-04-24T10:55:04.387-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T15:09:30.747-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T15:09:30.323-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66990" xml:lang="en">66990</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58036" xml:lang="en">58036</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://forums.modx.com/thread/90173/modx-revolution-2-2-13-and-prior-blind-sql-injection" xml:lang="en">http://forums.modx.com/thread/90173/modx-revolution-2-2-13-and-prior-blind-sql-injection</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0124.html" xml:lang="en">20140419 Multiple Vulnerabilities in MODX Revolution &lt; = MODX 2.2.13-pl</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2737">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:knowledgetree:knowledgetree:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:knowledgetree:knowledgetree:3.7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:knowledgetree:knowledgetree:3.7.0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:knowledgetree:knowledgetree:3.7</vuln:product>
+      <vuln:product>cpe:/a:knowledgetree:knowledgetree:3.7.0.1</vuln:product>
+      <vuln:product>cpe:/a:knowledgetree:knowledgetree:3.7.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2737</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T10:23:35.923-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T09:31:20.493-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T09:31:20.370-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531886/100/0/threaded" xml:lang="en">20140419 Blind SQL Injection Vulnerability in KnowledgeTree &lt;= 3.7.0.2</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2739">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14:rc8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14:rc1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14:rc8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14:rc3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2739</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T19:55:07.747-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:06:26.623-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T11:29:33.177-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/10/9" xml:lang="en">[oss-security] 20140410 Re: CVE request Linux kernel: IB/core: crash while resolving passive side RoCE L2 address in cma_req_handler</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b2853fd6c2d0f383dbdf7427e263eb576a633867" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b2853fd6c2d0f383dbdf7427e263eb576a633867</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867" xml:lang="en">https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1085415" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1085415</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66716" xml:lang="en">66716</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2741">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:openfire:3.9.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:igniterealtime:openfire:3.9.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2741</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T21:55:05.473-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T15:26:44.920-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T15:26:44.857-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" xml:lang="en">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/09/1" xml:lang="en">[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/07/7" xml:lang="en">[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2742">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:isode:m-link:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:isode:m-link:14.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:isode:m-link:14.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:isode:m-link:15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:isode:m-link:15.1.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:isode:m-link:16.0</vuln:product>
+      <vuln:product>cpe:/a:isode:m-link:15.1.10</vuln:product>
+      <vuln:product>cpe:/a:isode:m-link:15.1</vuln:product>
+      <vuln:product>cpe:/a:isode:m-link:14.6</vuln:product>
+      <vuln:product>cpe:/a:isode:m-link:14.6.14</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2742</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T21:55:05.520-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T15:49:44.030-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T15:49:39.343-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" xml:lang="en">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/09/1" xml:lang="en">[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/07/7" xml:lang="en">[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2743">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:lightwitch:metronome:3.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:lightwitch:metronome:3.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2743</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T21:55:06.413-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T15:36:08.330-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T15:36:08.267-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://code.lightwitch.org/metronome/rev/49f47277a411" xml:lang="en">http://code.lightwitch.org/metronome/rev/49f47277a411</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" xml:lang="en">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/09/1" xml:lang="en">[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/07/7" xml:lang="en">[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</vuln:reference>
+    </vuln:references>
+    <vuln:summary>plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2744">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:lightwitch:metronome:3.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:prosody:prosody:0.7.0</vuln:product>
+      <vuln:product>cpe:/a:lightwitch:metronome:3.4</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.5.2</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.6.2</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.6.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.2.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.1.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.8.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.8.1</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.5.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.8.2</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.5.1</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.4.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.9.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.4.1</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.4.2</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2744</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T21:55:06.663-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:47.833-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T15:34:03.467-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://hg.prosody.im/0.9/rev/b3b1c9da38fb" xml:lang="en">http://hg.prosody.im/0.9/rev/b3b1c9da38fb</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://code.lightwitch.org/metronome/rev/49f47277a411" xml:lang="en">http://code.lightwitch.org/metronome/rev/49f47277a411</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" xml:lang="en">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2895" xml:lang="en">DSA-2895</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57710" xml:lang="en">57710</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/09/1" xml:lang="en">[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/07/7" xml:lang="en">[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://blog.prosody.im/prosody-0-9-4-released/" xml:lang="en">http://blog.prosody.im/prosody-0-9-4-released/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2745">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:prosody:prosody:0.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:prosody:prosody:0.7.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.5.2</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.6.2</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.6.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.2.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.1.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.8.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.8.1</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.5.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.8.2</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.5.1</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.4.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.9.0</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.4.1</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.4.2</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:prosody:prosody:0.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2745</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T21:55:06.693-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:47.973-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T15:31:12.227-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" xml:lang="en">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2895" xml:lang="en">DSA-2895</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57710" xml:lang="en">57710</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/09/1" xml:lang="en">[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/07/7" xml:lang="en">[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://hg.prosody.im/0.9/rev/a97591d2e1ad" xml:lang="en">http://hg.prosody.im/0.9/rev/a97591d2e1ad</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://hg.prosody.im/0.9/rev/1107d66d2ab2" xml:lang="en">http://hg.prosody.im/0.9/rev/1107d66d2ab2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://blog.prosody.im/prosody-0-9-4-released/" xml:lang="en">http://blog.prosody.im/prosody-0-9-4-released/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2746">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tigase:tigase:5.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:tigase:tigase:5.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2746</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T21:55:07.007-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T15:39:45.337-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T15:39:45.150-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://projects.tigase.org/projects/tigase-server/repository/revisions/7f5af2f8c5b97bbf9def66fbb9dd47746a7ac292" xml:lang="en">https://projects.tigase.org/projects/tigase-server/repository/revisions/7f5af2f8c5b97bbf9def66fbb9dd47746a7ac292</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://projects.tigase.org/issues/1780" xml:lang="en">https://projects.tigase.org/issues/1780</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" xml:lang="en">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tigase.org/content/uncontrolled-resource-consumption-highly-compressed-xmpp-messages" xml:lang="en">http://www.tigase.org/content/uncontrolled-resource-consumption-highly-compressed-xmpp-messages</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/09/1" xml:lang="en">[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/07/7" xml:lang="en">[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</vuln:reference>
+    </vuln:references>
+    <vuln:summary>net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2748">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:sap:enhancement_package:6.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:sap:erp:6.0"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:enhancement_package:6.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2748</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T16:55:06.307-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:06:31.030-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T14:27:48.520-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1926485" xml:lang="en">https://service.sap.com/sap/support/notes/1926485</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92334" xml:lang="en">sap-ehp-log-sec-bypass(92334)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/research-advisories.php" xml:lang="en">http://www.onapsis.com/research-advisories.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/get.php?resid=adv_onapsis-2014-002" xml:lang="en">http://www.onapsis.com/get.php?resid=adv_onapsis-2014-002</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57741" xml:lang="en">57741</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors.  NOTE: some of these details are obtained from third party information.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2749">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:hana:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:hana:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2749</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T16:55:06.337-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T01:06:31.157-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T14:31:20.357-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1914778" xml:lang="en">https://service.sap.com/sap/support/notes/1914778</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92325" xml:lang="en">sap-hana-icm-info-disc(92325)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66675" xml:lang="en">66675</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/research-advisories.php" xml:lang="en">http://www.onapsis.com/research-advisories.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/get.php?resid=adv_onapsis-2014-001" xml:lang="en">http://www.onapsis.com/get.php?resid=adv_onapsis-2014-001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57443" xml:lang="en">57443</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2750">
+    <vuln:cve-id>CVE-2014-2750</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T16:55:06.773-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-19T00:48:48.863-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-2744, CVE-2014-2745.  Reason: This candidate is a duplicate of CVE-2014-2744 and/or CVE-2014-2745.  Notes: All CVE users should reference CVE-2014-2744 and/or CVE-2014-2745 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2751">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:print_and_output_management:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:print_and_output_management:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2751</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T16:55:14.337-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T14:56:30.047-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T14:56:29.967-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/research-advisories.php" xml:lang="en">http://www.onapsis.com/research-advisories.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/get.php?resid=adv_onapsis-2014-004" xml:lang="en">http://www.onapsis.com/get.php?resid=adv_onapsis-2014-004</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2752">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:business_object_processing_framework_for_abap:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:business_object_processing_framework_for_abap:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2752</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T16:55:14.367-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T15:09:08.213-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T15:09:08.150-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/research-advisories.php" xml:lang="en">http://www.onapsis.com/research-advisories.php</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/get.php?resid=adv_onapsis-2014-003" xml:lang="en">http://www.onapsis.com/get.php?resid=adv_onapsis-2014-003</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2828">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:keystone:2013.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openstack:keystone:2013.1.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:keystone:2013.1.3</vuln:product>
+      <vuln:product>cpe:/a:openstack:keystone:2013.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:keystone:2013.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:keystone:2013.1.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:keystone:2013.2.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:keystone:2013.2.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:keystone:2013.2.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2828</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T10:55:04.857-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T09:21:02.553-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T09:21:02.477-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.launchpad.net/keystone/+bug/1300274" xml:lang="en">https://bugs.launchpad.net/keystone/+bug/1300274</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/10/20" xml:lang="en">[oss-security] 20140410 [OSSA 2014-013] Keystone DoS through V3 API authentication chaining  (CVE-2014-2828)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2829">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:erlang-solutions:mongooseim:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:erlang-solutions:mongooseim:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:erlang-solutions:mongooseim:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:erlang-solutions:mongooseim:1.3.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:erlang-solutions:mongooseim:1.3.1:rev2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:erlang-solutions:mongooseim:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:erlang-solutions:mongooseim:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:erlang-solutions:mongooseim:1.3.1:-</vuln:product>
+      <vuln:product>cpe:/a:erlang-solutions:mongooseim:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:erlang-solutions:mongooseim:1.3.1:rev2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2829</vuln:cve-id>
+    <vuln:published-datetime>2014-04-10T21:55:07.083-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-11T15:45:00.537-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-11T15:45:00.473-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/esl/MongooseIM/commit/586d96cc12ef218243a3466354b4d208b5472a6c" xml:lang="en">https://github.com/esl/MongooseIM/commit/586d96cc12ef218243a3466354b4d208b5472a6c</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" xml:lang="en">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2842">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:juniper:screenos:6.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:screenos:6.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:screenos:6.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:screenos:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:juniper:screenos:5.4.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:juniper:screenos:6.3.0</vuln:product>
+      <vuln:product>cpe:/o:juniper:screenos:6.2.0</vuln:product>
+      <vuln:product>cpe:/o:juniper:screenos:5.4.0</vuln:product>
+      <vuln:product>cpe:/o:juniper:screenos:6.1.0</vuln:product>
+      <vuln:product>cpe:/o:juniper:screenos:6.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2842</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T10:55:05.047-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T09:28:58.163-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T09:28:58.117-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10624" xml:lang="en">https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10624</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66802" xml:lang="en">66802</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57910" xml:lang="en">57910</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2844">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:f-secure:secure_messaging_secure_gateway:7.5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:f-secure:secure_messaging_secure_gateway:7.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2844</vuln:cve-id>
+    <vuln:published-datetime>2014-04-18T10:55:25.977-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T11:08:53.003-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T11:08:52.957-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.f-secure.com/en/web/labs_global/fsc-2014-2" xml:lang="en">http://www.f-secure.com/en/web/labs_global/fsc-2014-2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58038" xml:lang="en">58038</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/223" xml:lang="en">20140416 Reflected XSS Attacks vulnerabilities F-Secure Messaging Security Gateway V7.5.0.892 (CVE-2014-2844)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2846">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:wdc:arkeia_virtual_appliance_firmware:10.2.7"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:wdc:arkeia_virtual_appliance:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:wdc:arkeia_virtual_appliance:-</vuln:product>
+      <vuln:product>cpe:/o:wdc:arkeia_virtual_appliance_firmware:10.2.7</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2846</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:07.877-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:07:44.203-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:07:44.127-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531910/100/0/threaded" xml:lang="en">20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/257" xml:lang="en">20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2847">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:construtiva:cis_manager_cms:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:construtiva:cis_manager_cms:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2847</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T11:55:22.160-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T11:15:59.880-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T11:15:59.847-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66590" xml:lang="en">66590</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/105364" xml:lang="en">105364</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32660" xml:lang="en">32660</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2848">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tenable:nessus:5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tenable:plugin-set:201402092115"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:tenable:nessus:5.2.1</vuln:product>
+      <vuln:product>cpe:/a:tenable:plugin-set:201402092115</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2848</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T11:55:22.257-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T11:21:17.733-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T11:21:09.733-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.nccgroup.com/en/learning-and-research-centre/technical-advisories/nessus-authenticated-scan-local-privilege-escalation/" xml:lang="en">https://www.nccgroup.com/en/learning-and-research-centre/technical-advisories/nessus-authenticated-scan-local-privilege-escalation/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://discussions.nessus.org/thread/7195" xml:lang="en">https://discussions.nessus.org/thread/7195</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029946" xml:lang="en">1029946</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57403" xml:lang="en">57403</vuln:reference>
+    </vuln:references>
+    <vuln:summary>A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2849">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.8.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.8.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.8.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.9.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.9"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.8.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.8.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:sophos:web_appliance_firmware:3.7.8"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.7"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.4.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.4.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.2.4.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.2.4.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.8"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.7"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.6.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.7"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:sophos:web_appliance:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.5.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.1.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.8.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.8.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.3.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.2.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.2.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.2.1</vuln:product>
+      <vuln:product>cpe:/a:sophos:web_appliance_firmware:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.1.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.8.1.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.5.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.2.4.0</vuln:product>
+      <vuln:product>cpe:/h:sophos:web_appliance:-</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.3.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.1.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.9.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.6.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.1.0.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.1.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.4.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.1.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.2.4.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.4.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2849</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T11:55:27.660-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T11:38:12.317-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>8.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T11:38:11.597-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.zerodayinitiative.com/advisories/ZDI-14-069/" xml:lang="en">http://www.zerodayinitiative.com/advisories/ZDI-14-069/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.sophos.com/en-us/support/knowledgebase/120230.aspx" xml:lang="en">http://www.sophos.com/en-us/support/knowledgebase/120230.aspx</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66734" xml:lang="en">66734</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32789" xml:lang="en">32789</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57706" xml:lang="en">57706</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2850">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.8.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.8.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.8.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.9.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.9"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.8.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.8.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:sophos:web_appliance_firmware:3.7.8"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.7"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.7.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.4.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.4.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.2.4.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.2.4.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.6.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.5.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.8"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.7"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.4.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.6.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.3.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.7"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.6"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/o:sophos:web_appliance_firmware:3.0.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:sophos:web_appliance:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.5.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.1.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.8.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.8.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.3.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.2.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.2.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.2.1</vuln:product>
+      <vuln:product>cpe:/a:sophos:web_appliance_firmware:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.1.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.8.1.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.5.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.2.4.0</vuln:product>
+      <vuln:product>cpe:/h:sophos:web_appliance:-</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.0</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.3.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.0.1.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.7.9.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.3.6.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.1.0.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.1.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.4.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.5.1.2</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.2.4.1</vuln:product>
+      <vuln:product>cpe:/o:sophos:web_appliance_firmware:3.6.4.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2850</vuln:cve-id>
+    <vuln:published-datetime>2014-04-11T11:55:27.693-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-14T11:38:38.787-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>8.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-14T11:38:35.473-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.zerodayinitiative.com/advisories/ZDI-14-069/" xml:lang="en">http://www.zerodayinitiative.com/advisories/ZDI-14-069/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.sophos.com/en-us/support/knowledgebase/120230.aspx" xml:lang="en">http://www.sophos.com/en-us/support/knowledgebase/120230.aspx</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66734" xml:lang="en">66734</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32789" xml:lang="en">32789</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57706" xml:lang="en">57706</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2851">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2851</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T19:55:07.920-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T11:56:13.027-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T11:56:10.607-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac" xml:lang="en">https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/11/4" xml:lang="en">[oss-security] 20140411 Re: CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() function</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://lkml.org/lkml/2014/4/10/736" xml:lang="en">[linux-kernel] 20140411 net: ipv4: current group_info should be put after using.</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1086730" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1086730</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2852">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openafs:openafs:1.6.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.3</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.5.1</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.2.1</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.5.2</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.4</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.6</vuln:product>
+      <vuln:product>cpe:/a:openafs:openafs:1.6.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2852</vuln:cve-id>
+    <vuln:published-datetime>2014-04-14T11:09:06.443-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-15T10:35:42.303-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-15T10:35:42.223-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog" xml:lang="en">http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2899" xml:lang="en">DSA-2899</vuln:reference>
+    </vuln:references>
+    <vuln:summary>OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2853">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.12</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.13</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.14</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.8.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.8.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.8.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.7.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.7.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.14</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.15</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.12</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.14</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.13</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.12</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.13</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.8.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:rc4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.8.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:rc3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.12</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4:beta4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4:beta5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4:beta6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2853</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T14:55:08.723-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T08:44:58.270-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T08:44:57.067-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5" xml:lang="en">https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8" xml:lang="en">https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6" xml:lang="en">https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.wikimedia.org/show_bug.cgi?id=63251" xml:lang="en">https://bugzilla.wikimedia.org/show_bug.cgi?id=63251</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1091967" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1091967</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67068" xml:lang="en">67068</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58262" xml:lang="en">58262</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html" xml:lang="en">[MediaWiki-announce] 20140424 MediaWiki Security and Maintenance Releases: 1.22.6 and 1.21.9</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2855">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:2.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:samba:rsync:3.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:samba:rsync:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.6.9</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.9.0</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.7.3</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.8.2</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.7.4</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.8.3</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.9.2</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.7.9</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.9.4</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.8.8</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.9.3</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.8.9</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.9.6</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.9.5</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.7.5</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.9.8</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.8.4</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.7.6</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.9.7</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.8.5</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.7.7</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.8.6</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.7.8</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.8.7</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.7.0</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.8.0</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:samba:rsync:2.9.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2855</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:04.593-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T11:44:19.740-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T11:44:19.507-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a" xml:lang="en">https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.samba.org/show_bug.cgi?id=10551" xml:lang="en">https://bugzilla.samba.org/show_bug.cgi?id=10551</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230" xml:lang="en">https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/15/1" xml:lang="en">[oss-security] 20140415 Re: CVE Request: rsync denial of service</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/14/5" xml:lang="en">[oss-security] 20140414 CVE Request: rsync denial of service</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57948" xml:lang="en">57948</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FEDORA</vuln:source>
+      <vuln:reference href="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html" xml:lang="en">FEDORA-2014-5315</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2856">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.10-1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.19:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.19:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.19:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.19:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.19:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.20:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.20:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.20:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.20:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.20:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.20:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.21:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.21:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.22:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.22:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.23:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.5-1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.5-2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.6-1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.6-2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.6-3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.1.9-1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2:b2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4:b2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4:b3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.5:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.5:b2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.5:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.6:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.6:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.7.1:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apple:cups:1.7:rc1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apple:cups:1.3.2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3.3</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3.4</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.7.1:b1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3.5</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3.1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3.7</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3.6</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.16</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.12</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.15</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.10</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.11</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.6.3</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.6.4</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.10-1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4.6</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4.5</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.9</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.23:rc1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.22:rc1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.20:rc3</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.22:rc2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.21:rc1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.20:rc4</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.21:rc2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.20:rc1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.20:rc2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.20:rc5</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.19:rc3</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.20:rc6</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.19:rc4</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.19:rc1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.19:rc2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.19:rc5</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4.3</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4.4</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4.2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3.8</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3.9</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.6:b1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.5:b1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.5-1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4:b1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3:b1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2:b1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.6</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4.8</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4.7</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.5:b2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4:b3</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2:b2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4:b2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.8</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.7</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3.10</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3.11</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.14</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.13</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.12</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.11</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.10</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.6-2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.7</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.6-1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.5-2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.6-3</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.9-1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.19</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.5:rc1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.7:rc1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.6:rc1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.9</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.18</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.7.0</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.8</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.17</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.23</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.22</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.21</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1.20</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2:rc1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3:rc2</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.3:rc1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2:rc3</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.4:rc1</vuln:product>
+      <vuln:product>cpe:/a:apple:cups:1.2:rc2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2856</vuln:cve-id>
+    <vuln:published-datetime>2014-04-18T10:55:26.040-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-21T11:20:41.407-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-21T11:20:39.923-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/15/3" xml:lang="en">[oss-security] 20140415 Re: CVE request: cross-site scripting issue fixed in CUPS 1.7.2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/14/2" xml:lang="en">[oss-security] 20140414 CVE request: cross-site scripting issue fixed in CUPS 1.7.2</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.cups.org/str.php?L4356" xml:lang="en">http://www.cups.org/str.php?L4356</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.cups.org/documentation.php/relnotes.html" xml:lang="en">http://www.cups.org/documentation.php/relnotes.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57880" xml:lang="en">57880</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2857">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.5"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.5"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2857</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:55:08.720-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T13:54:17.127-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T07:41:10.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531281/100/0/threaded" xml:lang="en">20140227 Update: CVE-2014-0053 Information Disclosure when using Grails</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.gopivotal.com/security/cve-2014-0053" xml:lang="en">http://www.gopivotal.com/security/cve-2014-0053</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html" xml:lang="en">20140227 Update: CVE-2014-0053 Information Disclosure when using Grails</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request.  NOTE: this issue was SPLIT from CVE-2014-0053 due to different researchers per ADT5.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2858">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.1.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails-resources:1.2.5"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.2.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:gopivotal:grails:2.3.5"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails-resources:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.4</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.5</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.6</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:gopivotal:grails:2.3.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2858</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:55:08.780-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T13:53:35.503-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T07:42:10.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531281/100/0/threaded" xml:lang="en">20140227 Update: CVE-2014-0053 Information Disclosure when using Grails</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.gopivotal.com/security/cve-2014-0053" xml:lang="en">http://www.gopivotal.com/security/cve-2014-0053</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html" xml:lang="en">20140227 Update: CVE-2014-0053 Information Disclosure when using Grails</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2859">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2859</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.290-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T09:58:02.410-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T09:58:02.347-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2860">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2860</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.320-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T09:58:48.520-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T09:58:48.427-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request to a (1) ColdFusion or (2) JavaScript component.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2861">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2861</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.353-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:08:34.570-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:08:34.527-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert" string.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2862">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2862</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.367-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:14:08.223-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:14:08.177-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2863">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2863</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.400-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:16:32.620-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:16:32.573-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2864">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2864</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.430-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:18:06.887-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:18:06.827-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2865">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2865</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.447-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:20:16.377-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:20:16.330-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2866">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2866</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.477-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:22:52.837-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:22:52.803-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2867">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2867</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.507-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:26:37.170-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:26:36.920-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2868">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2868</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.540-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:35:23.470-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:35:23.360-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2869">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2869</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.557-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:37:18.287-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:37:18.270-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2870">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2870</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.587-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:38:27.273-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:38:27.180-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2871">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2871</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.617-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:40:20.010-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:40:17.150-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2872">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2872</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.633-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:41:32.937-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:41:32.887-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2873">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2873</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.663-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:43:17.970-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:43:17.797-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2874">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:paperthin:commonspot_content_server:8.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.0</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.2</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:paperthin:commonspot_content_server:8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2874</vuln:cve-id>
+    <vuln:published-datetime>2014-04-15T19:13:17.697-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-16T10:47:39.103-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-16T10:47:37.793-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/437385" xml:lang="en">VU#437385</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2879">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:dell:sonicwall_email_security:7.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:dell:sonicwall_email_security:7.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2879</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:12.323-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-18T14:03:19.900-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-18T14:03:19.883-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.vulnerability-lab.com/get_content.php?id=1191" xml:lang="en">http://www.vulnerability-lab.com/get_content.php?id=1191</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf" xml:lang="en">http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029965" xml:lang="en">1029965</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/409" xml:lang="en">20140328 Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities (Bulletin)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2880">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:oracle:identity_manager:11.1.2.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:oracle:identity_manager:11.1.2.1.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2880</vuln:cve-id>
+    <vuln:published-datetime>2014-04-17T10:55:12.357-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-18T14:02:38.163-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-18T14:02:38.133-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66615" xml:lang="en">66615</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/105384" xml:lang="en">105384</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32670" xml:lang="en">32670</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125992/Oracle-Identity-Manager-11g-R2-SP1-Unvalidated-Redirect.html" xml:lang="en">http://packetstormsecurity.com/files/125992/Oracle-Identity-Manager-11g-R2-SP1-Unvalidated-Redirect.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Open redirect vulnerability in Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2881">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_access_gateway_firmware:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_access_gateway_firmware:10.1.e"/>
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_application_delivery_controller_firmware:9.3.e"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:citrix:netscaler_application_delivery_controller_firmware:9.3.e</vuln:product>
+      <vuln:product>cpe:/o:citrix:netscaler_access_gateway_firmware:9.3</vuln:product>
+      <vuln:product>cpe:/o:citrix:netscaler_access_gateway_firmware:10.1.e</vuln:product>
+      <vuln:product>cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2881</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:28:36.367-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T15:06:13.173-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T15:06:11.737-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030180" xml:lang="en">1030180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.citrix.com/article/CTX140651" xml:lang="en">http://support.citrix.com/article/CTX140651</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2882">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_access_gateway_firmware:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_access_gateway_firmware:10.1.e"/>
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_application_delivery_controller_firmware:9.3.e"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:citrix:netscaler_application_delivery_controller_firmware:9.3.e</vuln:product>
+      <vuln:product>cpe:/o:citrix:netscaler_access_gateway_firmware:9.3</vuln:product>
+      <vuln:product>cpe:/o:citrix:netscaler_access_gateway_firmware:10.1.e</vuln:product>
+      <vuln:product>cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2882</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:28:36.383-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T15:06:15.627-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T15:06:15.517-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030180" xml:lang="en">1030180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.citrix.com/article/CTX140651" xml:lang="en">http://support.citrix.com/article/CTX140651</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2888">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.14::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.13::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.12::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.11::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.10::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.9::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.8::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.7::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.6::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.5::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.4::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.3::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.2::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.1::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.4.0::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.3.10::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.3.9::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.3.8::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.3.7::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.3.6::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.3.5::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.3.4::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.3.3::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.3.2::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.3.1::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.3.0::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.2.10::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.2.9::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.2.8::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.2.7::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.2.6::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.2.5::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.2.4::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.2.3::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.2.2::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.2.1::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.2.0::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.14::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.13::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.12::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.11::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.10::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.9::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.8::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.7::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.6::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.5::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.4::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.3::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.2::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.1::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.1.0::~~~ruby~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:herry:sfpagent:0.0.1::~~~ruby~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:herry:sfpagent:0.3.1::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.3.2::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.3.3::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.2.1::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.3.4::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.2.0::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.3.5::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.3.6::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.3.7::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.9::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.3.8::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.8::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.2.6::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.2.7::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.2.8::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.2.9::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.2.2::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.2.3::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.3.0::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.2.4::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.2.5::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.3.9::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.0::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.2::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.1::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.6::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.7::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.4::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.5::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.2::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.3::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.0::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.1::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.3::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.4::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.5::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.6::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.7::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.8::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.9::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.3.10::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.11::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.12::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.13::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.14::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.4.10::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.0.1::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.2.10::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.14::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.13::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.12::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.11::~~~ruby~~</vuln:product>
+      <vuln:product>cpe:/a:herry:sfpagent:0.1.10::~~~ruby~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2888</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:04.860-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T13:08:17.750-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T13:08:17.000-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html" xml:lang="en">http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/18/4" xml:lang="en">[oss-security] 20140418 Re: Remote Command Injection in Ruby Gem sfpagent 0.4.14</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/16/1" xml:lang="en">[oss-security] 20140415 Remote Command Injection in Ruby Gem sfpagent 0.4.14</vuln:reference>
+    </vuln:references>
+    <vuln:summary>lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2889">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2889</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T20:55:05.780-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T11:47:57.460-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T11:47:57.083-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa" xml:lang="en">https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/18/6" xml:lang="en">[oss-security] 20140418 Re: CVE request Linux kernel: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2890">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:siege:phpmyid:0.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:siege:phpmyid:0.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2890</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T10:23:35.923-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T09:37:01.207-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T09:37:01.113-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66665" xml:lang="en">66665</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/141" xml:lang="en">[oss-security] 20140418 Re: CVE Request - XXS in phpMyID (openid_error)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/122" xml:lang="en">[oss-security] 20140417 CVE Request - XXS in phpMyID (openid_error)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error message.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2892">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:libmms_project:libmms:0.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:libmms_project:libmms:0.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:libmms_project:libmms:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:libmms_project:libmms:0.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:libmms_project:libmms:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:libmms_project:libmms:0.6.2</vuln:product>
+      <vuln:product>cpe:/a:libmms_project:libmms:0.6</vuln:product>
+      <vuln:product>cpe:/a:libmms_project:libmms:0.6.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2892</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T10:23:35.940-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T09:41:56.637-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T09:41:56.577-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/18/14" xml:lang="en">[oss-security] 20140418 Re: libmms heap-based buffer overflow fix</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8" xml:lang="en">http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92640" xml:lang="en">libmms-getanswer-bo(92640)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66933" xml:lang="en">66933</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog" xml:lang="en">http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57875" xml:lang="en">57875</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2893">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:llvm:clang:3.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:llvm:clang:3.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2893</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:05.033-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T12:53:39.490-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>1.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T12:53:39.457-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-59"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/20/1" xml:lang="en">[oss-security] 20140420 Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/16/2" xml:lang="en">[oss-security] 20140416 CVE request: insecure temporary file handling in clang's scan-build utility</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2894">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.6.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.6.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.4.0:rc0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.3.0:rc0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.2.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.2.0:rc0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.9.1-5"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.15.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.15.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.14.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.14.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.14.0:rc0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.13.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.13.0:rc0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0-rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0-rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0-rc0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0:rc0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:qemu:qemu:0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:qemu:qemu:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.2.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.3.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.9.1-5</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.4.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.3.0:rc0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.9.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0-rc0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0-rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.2.0:rc0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0-rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.8.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.8.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.8.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.5.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.5.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.5.5</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.5.4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.5.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.5.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.14.0:rc0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.14.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.14.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.4.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.4.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.4.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1.4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1.5</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1.6</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.15.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.15.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0:rc0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.13.0:rc0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.13.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.4.0:rc0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.5</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.10.6</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.1:rc4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.5.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.1:rc3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.6.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.7.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.6.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.6.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.11.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.14.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.14.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.5</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.4.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.4</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.13.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.3</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.12.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.15.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:0.15.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:qemu:qemu:1.3.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2894</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:05.157-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T13:02:58.990-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T13:02:58.427-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html" xml:lang="en">[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html" xml:lang="en">[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html" xml:lang="en">[Qemu-devel] 20140412 [PATCH for 2.0] ide: Correct improper smart self test c</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66932" xml:lang="en">66932</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/18/5" xml:lang="en">[oss-security] 20140418 Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/15/4" xml:lang="en">[oss-security] 20140415 CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57945" xml:lang="en">57945</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2899">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.0.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.0.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:yassl:cyassl:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.9.6</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.5.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.9.8</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.8.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.9.9</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.6.5</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.6.3</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.6.2</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.9.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.6.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.4.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.3.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.7.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.8.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.6.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.9.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.0.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.9.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.2.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.0.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.5.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2899</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T10:23:36.317-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T08:34:57.897-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T08:34:57.677-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html" xml:lang="en">http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html" xml:lang="en">http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57743" xml:lang="en">57743</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/130" xml:lang="en">[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/126" xml:lang="en">[oss-security] 20140417 CVE ids for CyaSSL 2.9.4?</vuln:reference>
+    </vuln:references>
+    <vuln:summary>wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2900">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:0.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.0.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:1.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.0.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:yassl:cyassl:2.5.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:yassl:cyassl:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.9.6</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.5.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.9.8</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.8.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.9.9</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.6.5</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.6.3</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.6.2</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.9.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.6.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.4.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.3.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.7.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.8.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.6.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.9.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.0.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.9.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.2.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.0.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.4.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.4.6</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:yassl:cyassl:0.5.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2900</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T10:23:36.317-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-23T08:39:11.667-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-23T08:39:11.043-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html" xml:lang="en">http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html" xml:lang="en">http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57743" xml:lang="en">57743</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/130" xml:lang="en">[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/126" xml:lang="en">[oss-security] 20140417 CVE ids for CyaSSL 2.9.4?</vuln:reference>
+    </vuln:references>
+    <vuln:summary>wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2905">
+    <vuln:cve-id>CVE-2014-2905</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:07.260-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:07.260-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/fish-shell/fish-shell/issues/1436" xml:lang="en">https://github.com/fish-shell/fish-shell/issues/1436</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/28/4" xml:lang="en">[oss-security] 20140428 Upcoming security release of fish 2.1.1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2907">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:wireshark:wireshark:1.10.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.6</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.5</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.4</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.3</vuln:product>
+      <vuln:product>cpe:/a:wireshark:wireshark:1.10.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2907</vuln:cve-id>
+    <vuln:published-datetime>2014-04-24T06:55:02.397-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T14:56:58.507-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T14:56:58.427-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=30ba425e7e95f7b61b3a3e5ff0c46e4be9d3d8d7" xml:lang="en">https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=30ba425e7e95f7b61b3a3e5ff0c46e4be9d3d8d7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885" xml:lang="en">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.wireshark.org/security/wnpa-sec-2014-06.html" xml:lang="en">http://www.wireshark.org/security/wnpa-sec-2014-06.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2908">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:2.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu-1211c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1212c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1214c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1215c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1217c:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu-1211c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1212c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:2.0</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1217c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1215c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1214c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2908</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T01:12:07.847-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T13:08:33.573-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T13:08:33.480-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2909">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:2.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu-1211c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1212c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1214c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1215c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1217c:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu-1211c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1212c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:2.0</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1217c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1215c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1214c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2909</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T01:12:07.863-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T13:10:47.627-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T13:10:47.530-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2915">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.4.0:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:4.4.0:-</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.4.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2915</vuln:cve-id>
+    <vuln:published-datetime>2014-04-24T10:55:04.467-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T15:18:10.307-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T15:18:10.260-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-93.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-93.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030135" xml:lang="en">1030135</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/23/2" xml:lang="en">[oss-security] 20140423 Xen Security Advisory 93 (CVE-2014-2915) - Hardware features  unintentionally exposed to guests on ARM</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/22/10" xml:lang="en">[oss-security] 20140422 Re: Xen Security Advisory 93 - Hardware features unintentionally exposed to guests on ARM</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2921">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:pimcore:pimcore:1.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:pimcore:pimcore:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pimcore:pimcore:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pimcore:pimcore:2.2.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:pimcore:pimcore:1.4.9</vuln:product>
+      <vuln:product>cpe:/a:pimcore:pimcore:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:pimcore:pimcore:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:pimcore:pimcore:2.2.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2921</vuln:cve-id>
+    <vuln:published-datetime>2014-04-21T18:55:08.397-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T11:04:07.283-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-22T11:04:07.143-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442" xml:lang="en">http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt" xml:lang="en">https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/21/1" xml:lang="en">[oss-security] 20140421 Re: Remote code execution in Pimcore CMS</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a Zend_Pdf_ElementFactory_Proxy object and a pathname with a trailing \0 character.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2922">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:pimcore:pimcore:1.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:pimcore:pimcore:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pimcore:pimcore:2.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:pimcore:pimcore:1.4.9</vuln:product>
+      <vuln:product>cpe:/a:pimcore:pimcore:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:pimcore:pimcore:1.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2922</vuln:cve-id>
+    <vuln:published-datetime>2014-04-21T18:55:08.473-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T11:06:56.257-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-22T11:06:48.740-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt" xml:lang="en">https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442" xml:lang="en">http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://openwall.com/lists/oss-security/2014/04/21/1" xml:lang="en">[oss-security] 20140421 Re: Remote code execution in Pimcore CMS</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors involving a Zend_Http_Response_Stream object.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2925">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.374_4983"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.374.4755"/>
+          <cpe-lang:fact-ref name="cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.374_4887"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:asus:rt-ac68u:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.374_4983</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.374.4755</vuln:product>
+      <vuln:product>cpe:/h:asus:rt-ac68u:-</vuln:product>
+      <vuln:product>cpe:/o:asus:rt-ac68u_firmware:3.0.0.4.374_4887</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2925</vuln:cve-id>
+    <vuln:published-datetime>2014-04-22T09:06:30.743-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-22T15:29:04.440-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-22T15:29:04.393-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/" xml:lang="en">http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29" xml:lang="en">http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/59" xml:lang="en">20140404 Reflected Cross-Site Scripting within the ASUS RT-AC68U Managing Web Interface</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2976">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sixnet:sixview_manager:2.4.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sixnet:sixview_manager:2.4.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2976</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:05.517-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T13:15:57.687-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T13:15:57.590-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32973" xml:lang="en">32973</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2980">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gnustep:base:1.24.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gnustep:base:1.24.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2980</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:08.253-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:16:01.830-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:16:01.660-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&amp;r2=37755&amp;pathrev=37756" xml:lang="en">http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&amp;r2=37755&amp;pathrev=37756</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://savannah.gnu.org/bugs/?41751" xml:lang="en">https://savannah.gnu.org/bugs/?41751</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92688" xml:lang="en">gnustep-cve20142980-dos(92688)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66992" xml:lang="en">66992</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&amp;r2=37755&amp;pathrev=37756" xml:lang="en">http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&amp;r2=37755&amp;pathrev=37756</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58104" xml:lang="en">58104</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/152" xml:lang="en">[oss-security] 20140421 Re: CVE request / advisory: gdomap (GNUstep core package &lt;= 1.24.6)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/143" xml:lang="en">[oss-security] 20140419 CVE request / advisory: gdomap (GNUstep core package &lt;= 1.24.6)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2983">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:dev"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:6.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha4"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha5"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha6"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:alpha7"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:dev"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:7.24"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:drupal:drupal:6.21</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.29</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.20</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.24</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.23</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.22</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.28</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.27</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.26</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.25</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.11</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.10</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.17</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.18</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.18</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.15</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.16</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.13</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.14</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.12</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.11</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.10</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.13</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.12</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.15</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha7</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.14</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha6</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.19</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.17</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.16</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha4</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.22</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha5</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:alpha1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:dev</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.23</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.24</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.25</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:dev</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.26</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.20</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.21</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.19</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.0</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:7.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.3</vuln:product>
+      <vuln:product>cpe:/a:drupal:drupal:6.30</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2983</vuln:cve-id>
+    <vuln:published-datetime>2014-04-23T11:55:05.890-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-24T13:26:33.140-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-24T13:26:32.283-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://drupal.org/SA-CORE-2014-002" xml:lang="en">https://drupal.org/SA-CORE-2014-002</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/22/2" xml:lang="en">[oss-security] 20140421 Re: CVE Request for Drupal Core</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2984">
+    <vuln:cve-id>CVE-2014-2984</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T01:12:07.897-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T01:12:07.990-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-2650.  Reason: This candidate is a reservation duplicate of CVE-2014-2650.  Notes: All CVE users should reference CVE-2014-2650 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2986">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.4.0:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:4.4.0:-</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.4.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2986</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:08.487-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:38:02.563-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:38:02.533-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-94.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-94.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030146" xml:lang="en">1030146</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67047" xml:lang="en">67047</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/23/5" xml:lang="en">[oss-security] 20140423 Xen Security Advisory 94 (CVE-2014-2986) - ARM hypervisor crash on guest interrupt controller access</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/23/4" xml:lang="en">[oss-security] 20140423 Re: Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/23/3" xml:lang="en">[oss-security] 20140423 Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2992">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:misli:misli.com_app:-::~~~~android~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:misli:misli.com_app:-::~~~~android~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2992</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T21:55:05.027-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T09:21:00.697-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T09:21:00.573-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://sceptive.com/p/mislicom-android-app-ssl-certificate-validation-weakness-" xml:lang="en">http://sceptive.com/p/mislicom-android-app-ssl-certificate-validation-weakness-</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/current/0152.html" xml:lang="en">20140424 Misli.com Android App SSL certificate validation weakness</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2993">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:birebin:birebin.com_app:-::~~~~android~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:birebin:birebin.com_app:-::~~~~android~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2993</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T21:55:05.060-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T09:33:19.593-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T09:33:19.563-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness-" xml:lang="en">http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness-</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/current/0153.html" xml:lang="en">20140424 Birebin.com Android App SSL certificate validation weakness</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2994">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:acunetix:web_vulnerability_scanner:8:build_20120704"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:acunetix:web_vulnerability_scanner:8:build_20120704</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2994</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T00:32:01.717-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:06:13.133-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:06:13.087-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.youtube.com/watch?v=RHaMx8K1GeM" xml:lang="en">https://www.youtube.com/watch?v=RHaMx8K1GeM</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32997" xml:lang="en">32997</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/" xml:lang="en">http://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html" xml:lang="en">http://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html" xml:lang="en">http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/" xml:lang="en">http://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html" xml:lang="en">http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2996">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.5::standalone"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.5::standalone</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2996</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T16:55:03.040-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T08:03:04.260-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T08:03:04.230-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23207" xml:lang="en">https://www.htbridge.com/advisory/HTB23207</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531780/100/0/threaded" xml:lang="en">20140409 &amp;ETH;&amp;iexcl;ross-Site Request Forgery (CSRF) in XCloner Standalone</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32790" xml:lang="en">32790</vuln:reference>
+    </vuln:references>
+    <vuln:summary>XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php.  NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code.  NOTE: this can be leveraged by remote attackers using CVE-2014-2579.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3000">
+    <vuln:cve-id>CVE-2014-3000</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:07.433-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:07.433-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030172" xml:lang="en">1030172</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67153" xml:lang="en">67153</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FREEBSD</vuln:source>
+      <vuln:reference href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc" xml:lang="en">FreeBSD-SA-14:08</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58293" xml:lang="en">58293</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3001">
+    <vuln:cve-id>CVE-2014-3001</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:07.510-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:07.510-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030171" xml:lang="en">1030171</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67158" xml:lang="en">67158</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FREEBSD</vuln:source>
+      <vuln:reference href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:07.devfs.asc" xml:lang="en">FreeBSD-SA-14:07</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3006">
+    <vuln:cve-id>CVE-2014-3006</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:07.590-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:07.590-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.lsexperts.de/advisories/lse-2014-04-10.txt" xml:lang="en">https://www.lsexperts.de/advisories/lse-2014-04-10.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67165" xml:lang="en">67165</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531986/100/0/threaded" xml:lang="en">20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/317" xml:lang="en">20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3007">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:python:pillow:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pythonware:python_imaging_library:1.1.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:python:pillow:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:pythonware:python_imaging_library:1.1.7</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3007</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T16:55:23.697-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T13:51:13.663-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T13:51:13.617-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html" xml:lang="en">http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3008">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:unitrends:enterprise_backup:7.3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:unitrends:enterprise_backup:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3008</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:08.940-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:37:14.843-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:37:14.797-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gist.github.com/brandonprry/10745756" xml:lang="en">https://gist.github.com/brandonprry/10745756</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92642" xml:lang="en">unitrends-snmpod-command-exec(92642)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66928" xml:lang="en">66928</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32885" xml:lang="en">32885</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58001" xml:lang="en">58001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/204" xml:lang="en">20140415 Unitrends enterprise backup remote unauthenticated root</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3125">
+    <vuln:cve-id>CVE-2014-3125</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:07.807-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:07.807-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-91.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-91.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030184" xml:lang="en">1030184</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67157" xml:lang="en">67157</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/30/5" xml:lang="en">[oss-security] 20140430 Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/30/11" xml:lang="en">[oss-security] 20140430 Re: Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58347" xml:lang="en">58347</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3129">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver_software_lifecycle_manager:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:netweaver_software_lifecycle_manager:7.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3129</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.203-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T08:51:41.993-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T08:51:41.960-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1894049" xml:lang="en">https://service.sap.com/sap/support/notes/1894049</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030157" xml:lang="en">1030157</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-005" xml:lang="en">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-005</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/294" xml:lang="en">20140428 [Onapsis Security Advisory 2014-005] Information disclosure in SAP Software Lifeclycle Manager</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3130">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver_abap_application_server:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:netweaver_abap_application_server:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3130</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.250-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T09:06:15.100-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T09:06:15.007-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:security-protection>ALLOWS_OTHER_ACCESS</vuln:security-protection>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1910914" xml:lang="en">https://service.sap.com/sap/support/notes/1910914</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009" xml:lang="en">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/302" xml:lang="en">20140428 [Onapsis Security Advisory 2014-009] SAP BASIS Missing Authorization Check</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3131">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:profile_maintenance:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:profile_maintenance:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3131</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.283-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T10:06:43.287-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T10:06:43.113-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1917381" xml:lang="en">https://service.sap.com/sap/support/notes/1917381</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007" xml:lang="en">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/300" xml:lang="en">20140428 [Onapsis Security Advisory 2014-007] Missing authorization check in SAP Profile Maintenance</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3132">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:background_processing:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:background_processing:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3132</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.313-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T10:18:20.887-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T10:18:20.827-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1918333" xml:lang="en">https://service.sap.com/sap/support/notes/1918333</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-006" xml:lang="en">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-006</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/299" xml:lang="en">20140428 [Onapsis Security Advisory 2014-006] Missing authorization check in SAP Background Processing RFC</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3133">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver_java_application_server:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:netweaver_java_application_server:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3133</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.343-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T10:29:16.487-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T10:29:16.363-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1922547" xml:lang="en">https://service.sap.com/sap/support/notes/1922547</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008" xml:lang="en">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/301" xml:lang="en">20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3134">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:businessobjects:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:businessobjects:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3134</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.377-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T10:36:42.830-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T10:36:42.003-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1931399" xml:lang="en">https://service.sap.com/sap/support/notes/1931399</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-010" xml:lang="en">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-010</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/303" xml:lang="en">20140428 [Onapsis Security Advisory 2014-010] SAP BusinessObjects InfoView Reflected Cross Site Scripting</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3135">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:vbulletin:vbulletin:5.1.1:alpha9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:vbulletin:vbulletin:5.1.1:alpha9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3135</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.610-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T11:42:56.497-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T11:42:56.467-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92664" xml:lang="en">vbulletin-multiple-scripts-xss(92664)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66972" xml:lang="en">66972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3138">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:xerox:docushare:6.5.3:patch6"/>
+        <cpe-lang:fact-ref name="cpe:/a:xerox:docushare:6.5.3:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:xerox:docushare:6.6.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:xerox:docushare:6.6.1:update1"/>
+        <cpe-lang:fact-ref name="cpe:/a:xerox:docushare:6.6.1:update2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:xerox:docushare:6.6.1:update2</vuln:product>
+      <vuln:product>cpe:/a:xerox:docushare:6.6.1:update1</vuln:product>
+      <vuln:product>cpe:/a:xerox:docushare:6.6.1:-</vuln:product>
+      <vuln:product>cpe:/a:xerox:docushare:6.5.3:patch6</vuln:product>
+      <vuln:product>cpe:/a:xerox:docushare:6.5.3:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3138</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T20:55:07.587-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:38:12.993-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T10:38:12.917-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92548" xml:lang="en">xerox-docushare-sql-injection(92548)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf" xml:lang="en">http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66922" xml:lang="en">66922</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/105972" xml:lang="en">105972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32886" xml:lang="en">32886</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57996" xml:lang="en">57996</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/205" xml:lang="en">20140415 Xerox DocuShare authenticated SQL injection</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html" xml:lang="en">http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/.  NOTE: some of these details are obtained from third party information.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3139">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:unitrends:enterprise_backup:7.3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:unitrends:enterprise_backup:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3139</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.507-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:24:56.593-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:24:56.530-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gist.github.com/brandonprry/10745756" xml:lang="en">https://gist.github.com/brandonprry/10745756</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32885" xml:lang="en">32885</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/204" xml:lang="en">20140415 Unitrends enterprise backup remote unauthenticated root</vuln:reference>
+    </vuln:references>
+    <vuln:summary>recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-5795">
+    <vuln:cve-id>CVE-2014-5795</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T13:56:21.050-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-27T13:56:21.143-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5795.  Reason: This candidate is a duplicate of CVE-2013-5795.  A typo caused the wrong ID to be used.  Notes: All CVE users should reference CVE-2013-5795 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-5880">
+    <vuln:cve-id>CVE-2014-5880</vuln:cve-id>
+    <vuln:published-datetime>2014-03-27T14:55:06.357-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-03-27T14:55:21.297-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5880.  Reason: This candidate is a duplicate of CVE-2013-5880.  A typo caused the wrong ID to be used.  Notes: All CVE users should reference CVE-2013-5880 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+</nvd>
\ No newline at end of file
diff --git a/dependency-check-core/src/test/resources/nvdcve-2.0-modified.xml b/dependency-check-core/src/test/resources/nvdcve-2.0-modified.xml
new file mode 100644
index 000000000..c957ed736
--- /dev/null
+++ b/dependency-check-core/src/test/resources/nvdcve-2.0-modified.xml
@@ -0,0 +1,25227 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<nvd xmlns:cpe-lang="http://cpe.mitre.org/language/2.0" xmlns:vuln="http://scap.nist.gov/schema/vulnerability/0.4" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:scap-core="http://scap.nist.gov/schema/scap-core/0.1" xmlns="http://scap.nist.gov/schema/feed/vulnerability/2.0" xmlns:patch="http://scap.nist.gov/schema/patch/0.1" xmlns:cvss="http://scap.nist.gov/schema/cvss-v2/0.2" nvd_xml_version="2.0" pub_date="2014-05-03T08:01:20" xsi:schemaLocation="http://scap.nist.gov/schema/patch/0.1 http://nvd.nist.gov/schema/patch_0.1.xsd http://scap.nist.gov/schema/scap-core/0.1 http://nvd.nist.gov/schema/scap-core_0.1.xsd http://scap.nist.gov/schema/feed/vulnerability/2.0 http://nvd.nist.gov/schema/nvd-cve-feed_2.0.xsd">
+  <entry id="CVE-2001-1593">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gnu:a2ps:4.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:a2ps:4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:a2ps:4.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:a2ps:4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:a2ps:4.13b"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnu:a2ps:4.13"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gnu:a2ps:4.13</vuln:product>
+      <vuln:product>cpe:/a:gnu:a2ps:4.10.4</vuln:product>
+      <vuln:product>cpe:/a:gnu:a2ps:4.12</vuln:product>
+      <vuln:product>cpe:/a:gnu:a2ps:4.10.3</vuln:product>
+      <vuln:product>cpe:/a:gnu:a2ps:4.13b</vuln:product>
+      <vuln:product>cpe:/a:gnu:a2ps:4.14</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2001-1593</vuln:cve-id>
+    <vuln:published-datetime>2014-04-05T17:55:06.097-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T21:20:51.027-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-07T11:31:06.027-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-59"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1060630" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1060630</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2892" xml:lang="en">DSA-2892</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/257" xml:lang="en">[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/253" xml:lang="en">[oss-security] 20140204 Re: CVE request: a2ps insecure temporary file use</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/237" xml:lang="en">[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch" xml:lang="en">http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2010-5105">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:blender:blender:2.63a"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:blender:blender:2.63a</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2010-5105</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T16:55:23.383-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T13:07:11.647-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.3</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T13:07:11.413-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-59"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://developer.blender.org/T22509" xml:lang="en">https://developer.blender.org/T22509</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584621</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2012/09/07/13" xml:lang="en">[oss-security] 20120907 Re: CVE-2010 Request -- blender: Insecure temporary  file use by creating file string in undo save quit Blender kernel routine  (re-occurrence of CVE-2008-1103)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2012/09/06/3" xml:lang="en">[oss-security] 20120906 CVE-2010 Request -- blender: Insecure temporary  file use by creating file string in undo save quit Blender kernel routine  (re-occurrence of CVE-2008-1103)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file.  NOTE: this issue might be a regression of CVE-2008-1103.</vuln:summary>
+  </entry>
+  <entry id="CVE-2011-3152">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:8.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:10.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:11.04"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:11.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:canonical:update-manager:1%3a0.87.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:canonical:update-manager:1%3a0.134.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:canonical:update-manager:1%3a0.142.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:canonical:update-manager:1%3a0.150"/>
+        <cpe-lang:fact-ref name="cpe:/a:canonical:update-manager:1%3a0.152.25"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:canonical:update-manager:1%3a0.87.24</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:11.04</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:11.10</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:10.04:-:lts</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:10.10</vuln:product>
+      <vuln:product>cpe:/a:canonical:update-manager:1%3a0.142.19</vuln:product>
+      <vuln:product>cpe:/a:canonical:update-manager:1%3a0.152.25</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:8.04:-:lts</vuln:product>
+      <vuln:product>cpe:/a:canonical:update-manager:1%3a0.134.7</vuln:product>
+      <vuln:product>cpe:/a:canonical:update-manager:1%3a0.150</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2011-3152</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T16:55:23.463-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T13:31:19.020-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T13:31:18.910-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548" xml:lang="en">https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/71494" xml:lang="en">ubuntu-update-gpg-sec-bypass(71494)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-1284-1" xml:lang="en">USN-1284-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/50833" xml:lang="en">50833</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/77642" xml:lang="en">77642</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/47024" xml:lang="en">47024</vuln:reference>
+    </vuln:references>
+    <vuln:summary>DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2011-3602">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:litech:router_advertisement_daemon:1.8.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:litech:router_advertisement_daemon:1.8.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2011-3602</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T17:55:05.430-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T14:30:28.767-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T14:30:28.733-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc" xml:lang="en">https://github.com/reubenhwk/radvd/commit/92e22ca23e52066da2258df8c76a2dca8a428bcc</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-1257-1" xml:lang="en">USN-1257-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2011/10/06/3" xml:lang="en">[oss-security] 20111007 radvd 1.8.2 released with security fixes</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.litech.org/radvd/CHANGES" xml:lang="en">http://www.litech.org/radvd/CHANGES</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2011/dsa-2323" xml:lang="en">DSA-2323</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name.  NOTE: this can be leveraged with a symlink to overwrite arbitrary files.</vuln:summary>
+  </entry>
+  <entry id="CVE-2011-3603">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:litech:router_advertisement_daemon:1.8.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:litech:router_advertisement_daemon:1.8.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2011-3603</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T17:55:05.507-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T15:12:37.730-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T15:12:37.653-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://access.redhat.com/security/cve/CVE-2011-3603" xml:lang="en">https://access.redhat.com/security/cve/CVE-2011-3603</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2011/10/06/3" xml:lang="en">[oss-security] 20111007 radvd 1.8.2 released with security fixes</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.litech.org/radvd/CHANGES" xml:lang="en">http://www.litech.org/radvd/CHANGES</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact.</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-3415">
+    <vuln:cve-id>CVE-2012-3415</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T18:55:05.723-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-27T18:55:05.817-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2012-2401.  Reason: This candidate is a duplicate of CVE-2012-2401.  Notes: All CVE users should reference CVE-2012-2401 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-4230">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tinymce:tinymce:3.5.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:tinymce:tinymce:3.5.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2012-4230</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T10:15:30.360-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T13:19:18.890-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T13:19:18.827-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/82744" xml:lang="en">tinymce-htmlentities-xss(82744)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/58424" xml:lang="en">58424</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.madirish.net/554" xml:lang="en">http://www.madirish.net/554</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2013/Mar/114" xml:lang="en">20130311 XSS Vulnerability in TinyMCE</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/120750/TinyMCE-3.5.8-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/120750/TinyMCE-3.5.8-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/91130" xml:lang="en">91130</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element.</vuln:summary>
+  </entry>
+  <entry id="CVE-2012-4410">
+    <vuln:cve-id>CVE-2012-4410</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T20:55:05.530-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-26T20:55:05.717-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-0296">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:zlib:pigz:2.2.4-1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:zlib:pigz:2.2.4-1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-0296</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T17:55:05.570-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T15:28:07.040-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.4</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T15:28:06.977-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/02/16/3" xml:lang="en">[oss-security] 20130215 Re: CVE# request: pigz creates temp file with insecure  permissions</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/02/15/4" xml:lang="en">[oss-security] 20130215 CVE# request: pigz creates temp file with insecure permissions</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mail.zlib.net/pipermail/pigz-announce_zlib.net/2012-July/000006.html" xml:lang="en">[pigz-announce] 20120728 pigz version 2.2.5 released</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2013-03/msg00106.html" xml:lang="en">openSUSE-SU-2013:0540</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-1804">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.04"/>
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.05"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.01</vuln:product>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.05</vuln:product>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.04</vuln:product>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.03</vuln:product>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.02</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-1804</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T16:55:08.747-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T08:03:32.140-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T08:03:32.077-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.waraxe.us/advisory-97.html" xml:lang="en">http://www.waraxe.us/advisory-97.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.php-fusion.co.uk/news.php?readmore=569" xml:lang="en">http://www.php-fusion.co.uk/news.php?readmore=569</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/03/03/2" xml:lang="en">[oss-security] 20130302 Re: CVE request: PHP-Fusion waraxe-2013-SA#097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/03/03/1" xml:lang="en">[oss-security] 20130303 CVE request: PHP-Fusion waraxe-2013-SA#097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/52403" xml:lang="en">52403</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2013/Feb/154" xml:lang="en">20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html" xml:lang="en">http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/90708" xml:lang="en">90708</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/90707" xml:lang="en">90707</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (2) user_list or (3) user_types parameter to messages.php; (4) message parameter to infusions/shoutbox_panel/shoutbox_admin.php; (5) message parameter to administration/news.php; (6) panel_list parameter to administration/panel_editor.php; (7) HTTP User Agent string to administration/phpinfo.php; (8) "__BBCODE__" parameter to administration/bbcodes.php; errorMessage parameter to (9) article_cats.php, (10) download_cats.php, (11) news_cats.php, or (12) weblink_cats.php in administration/, when error is 3; or (13) body or (14) body2 parameter to administration/articles.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-1805">
+    <vuln:cve-id>CVE-2013-1805</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T19:58:26.217-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T19:58:26.313-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1806. Reason: This issue was MERGED into CVE-2013-1806 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions.  Notes: All CVE users should reference CVE-2013-1806 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-1806">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.05"/>
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.04"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.01</vuln:product>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.05</vuln:product>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.04</vuln:product>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.03</vuln:product>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.02</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-1806</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T19:58:26.547-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T11:27:44.810-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T11:27:44.747-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.php-fusion.co.uk/news.php?readmore=569" xml:lang="en">http://www.php-fusion.co.uk/news.php?readmore=569</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.waraxe.us/advisory-97.html" xml:lang="en">http://www.waraxe.us/advisory-97.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/90696" xml:lang="en">90696</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/90694" xml:lang="en">90694</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/90692" xml:lang="en">90692</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/03/03/2" xml:lang="en">[oss-security] 20130302 Re: CVE request: PHP-Fusion waraxe-2013-SA#097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/03/03/1" xml:lang="en">[oss-security] 20130303 CVE request: PHP-Fusion waraxe-2013-SA#097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2013/Feb/154" xml:lang="en">20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html" xml:lang="en">http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable parameter to administration/user_fields.php or (3) file parameter to administration/db_backup.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-1807">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.05"/>
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:php-fusion:php-fusion:7.02.04"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.01</vuln:product>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.05</vuln:product>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.04</vuln:product>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.03</vuln:product>
+      <vuln:product>cpe:/a:php-fusion:php-fusion:7.02.02</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-1807</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T19:58:26.593-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T11:35:01.293-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T11:35:01.247-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.php-fusion.co.uk/news.php?readmore=569" xml:lang="en">http://www.php-fusion.co.uk/news.php?readmore=569</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.waraxe.us/advisory-97.html" xml:lang="en">http://www.waraxe.us/advisory-97.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/90691" xml:lang="en">90691</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/03/03/2" xml:lang="en">[oss-security] 20130302 Re: CVE request: PHP-Fusion waraxe-2013-SA#097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/03/03/1" xml:lang="en">[oss-security] 20130303 CVE request: PHP-Fusion waraxe-2013-SA#097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2013/Feb/154" xml:lang="en">20130228 [waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html" xml:lang="en">http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-2025">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ushahidi:ushahidi_platform:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ushahidi:ushahidi_platform:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ushahidi:ushahidi_platform:2.6.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ushahidi:ushahidi_platform:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:ushahidi:ushahidi_platform:2.5</vuln:product>
+      <vuln:product>cpe:/a:ushahidi:ushahidi_platform:2.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-2025</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T13:12:02.957-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T14:01:53.777-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T14:01:53.513-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://wiki.ushahidi.com/display/WIKI/1+May+2013+-+CVE-2013-2025" xml:lang="en">https://wiki.ushahidi.com/display/WIKI/1+May+2013+-+CVE-2013-2025</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/rjmackay/Ushahidi_Web/commit/593719ff805a302e3ab2f2e535c875f90a04ea56" xml:lang="en">https://github.com/rjmackay/Ushahidi_Web/commit/593719ff805a302e3ab2f2e535c875f90a04ea56</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/ushahidi/Ushahidi_Web/pull/1056" xml:lang="en">https://github.com/ushahidi/Ushahidi_Web/pull/1056</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/ushahidi/Ushahidi_Web/issues/1009" xml:lang="en">https://github.com/ushahidi/Ushahidi_Web/issues/1009</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/59410" xml:lang="en">59410</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-2073">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:transifex:transifex:0.4</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.3</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.2</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.1</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.8</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.7</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.6</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-2073</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T21:59:22.203-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:49:01.703-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T10:49:01.483-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/05/22/14" xml:lang="en">[oss-security] 20130522 CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://blog.transifex.com/post/51072109836/new-version-of-the-transifex-client-has-been-released" xml:lang="en">http://blog.transifex.com/post/51072109836/new-version-of-the-transifex-client-has-been-released</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=952194" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=952194</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-3069">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:netgear:wndr4700_firmware:1.0.0.34"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:netgear:wndr4700:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:netgear:wndr4700_firmware:1.0.0.34</vuln:product>
+      <vuln:product>cpe:/h:netgear:wndr4700:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-3069</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T13:12:03.097-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T14:07:16.803-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T14:07:16.757-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf" xml:lang="en">http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/92557" xml:lang="en">92557</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-4121">
+    <vuln:cve-id>CVE-2013-4121</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T06:55:05.973-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T06:55:16.863-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was a site-specific issue.  Notes: none.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-4145">
+    <vuln:cve-id>CVE-2013-4145</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T00:32:01.577-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-27T00:32:01.670-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2012-3414.  Reason: This candidate is a duplicate of CVE-2012-3414.  Notes: All CVE users should reference CVE-2012-3414 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-4285">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:dkorunic:pam_s%2fkey:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:dkorunic:pam_s%2fkey:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-4285</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:05.783-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T07:09:09.007-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T07:09:08.947-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>GENTOO</vuln:source>
+      <vuln:reference href="http://security.gentoo.org/glsa/glsa-201402-12.xml" xml:lang="en">GLSA-201402-12</vuln:reference>
+    </vuln:references>
+    <vuln:summary>A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, which allows local users to obtain sensitive information by reading system memory.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-4336">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:joachim_noreiko:flag_module:7.x-3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:joachim_noreiko:flag_module:7.x-3.0:beta1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:joachim_noreiko:flag_module:7.x-3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:joachim_noreiko:flag_module:7.x-3.0:beta1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-4336</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T18:55:05.850-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T15:32:53.987-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T15:32:53.940-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2076221" xml:lang="en">https://drupal.org/node/2076221</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2075287" xml:lang="en">https://drupal.org/node/2075287</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/09/11/9" xml:lang="en">[oss-security] 20130911 Re: CVE request for Drupal contrib modules</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the admin page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag name.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-4337">
+    <vuln:cve-id>CVE-2013-4337</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T16:55:23.493-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-27T16:55:23.587-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-5965.  Reason: This candidate is a duplicate of CVE-2013-5965.  Notes: All CVE users should reference CVE-2013-5965 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-4565">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:debian:ppthtml:0.5.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:debian:ppthtml:0.5.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-4565</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T13:12:03.423-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T14:25:05.913-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T14:25:05.820-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729279" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729279</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/88885" xml:lang="en">ppthtml-cve20134565-bo(88885)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2013/q4/279" xml:lang="en">[oss-security] 20131113 Re: CVE request: ppthtml heap-based buffer overflow</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-4722">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ddsn:cm3_acora_content_management_system:6.0.6%2f1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:ddsn:cm3_acora_content_management_system:6.0.2%2f1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:ddsn:cm3_acora_content_management_system:5.5.7%2f12b"/>
+        <cpe-lang:fact-ref name="cpe:/a:ddsn:cm3_acora_content_management_system:5.5.0%2f1b-p1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ddsn:cm3_acora_content_management_system:6.0.6%2f1a</vuln:product>
+      <vuln:product>cpe:/a:ddsn:cm3_acora_content_management_system:5.5.7%2f12b</vuln:product>
+      <vuln:product>cpe:/a:ddsn:cm3_acora_content_management_system:6.0.2%2f1a</vuln:product>
+      <vuln:product>cpe:/a:ddsn:cm3_acora_content_management_system:5.5.0%2f1b-p1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-4722</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T13:12:03.673-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T14:34:34.400-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T14:34:34.353-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt" xml:lang="en">http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html" xml:lang="en">http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/96661" xml:lang="en">96661</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-4723">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ddsn:cm3_acora_content_management_system:6.0.6%2f1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:ddsn:cm3_acora_content_management_system:6.0.2%2f1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:ddsn:cm3_acora_content_management_system:5.5.7%2f12b"/>
+        <cpe-lang:fact-ref name="cpe:/a:ddsn:cm3_acora_content_management_system:5.5.0%2f1b-p1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ddsn:cm3_acora_content_management_system:6.0.6%2f1a</vuln:product>
+      <vuln:product>cpe:/a:ddsn:cm3_acora_content_management_system:5.5.7%2f12b</vuln:product>
+      <vuln:product>cpe:/a:ddsn:cm3_acora_content_management_system:6.0.2%2f1a</vuln:product>
+      <vuln:product>cpe:/a:ddsn:cm3_acora_content_management_system:5.5.0%2f1b-p1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-4723</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T13:12:03.720-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T14:38:24.733-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T14:38:23.813-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt" xml:lang="en">http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html" xml:lang="en">http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/96662" xml:lang="en">96662</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-4726">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ddsn:cm3_acora_content_management_system:5.5.0%2f1b-p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ddsn:cm3_acora_content_management_system:5.5.7%2f12b"/>
+        <cpe-lang:fact-ref name="cpe:/a:ddsn:cm3_acora_content_management_system:6.0.2%2f1a"/>
+        <cpe-lang:fact-ref name="cpe:/a:ddsn:cm3_acora_content_management_system:6.0.6%2f1a"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ddsn:cm3_acora_content_management_system:6.0.6%2f1a</vuln:product>
+      <vuln:product>cpe:/a:ddsn:cm3_acora_content_management_system:5.5.7%2f12b</vuln:product>
+      <vuln:product>cpe:/a:ddsn:cm3_acora_content_management_system:6.0.2%2f1a</vuln:product>
+      <vuln:product>cpe:/a:ddsn:cm3_acora_content_management_system:5.5.0%2f1b-p1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-4726</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T13:12:03.767-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T14:38:34.813-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T14:38:34.780-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt" xml:lang="en">http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html" xml:lang="en">http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/96665" xml:lang="en">96665</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-5349">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:picasa:3.9.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:picasa:3.9.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-5349</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T19:55:02.880-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:38:37.810-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-14T08:31:37.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.google.com/picasa/answer/53209" xml:lang="en">https://support.google.com/picasa/answer/53209</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029527" xml:lang="en">1029527</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://secunia.com/secunia_research/2013-14/" xml:lang="en">http://secunia.com/secunia_research/2013-14/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/55555" xml:lang="en">55555</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a crafted JPEG tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a large JPEG tag value and a small size.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-5357">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:picasa:3.9.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:picasa:3.9.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-5357</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T19:55:02.927-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:38:54.730-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-14T08:32:17.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.google.com/picasa/answer/53209" xml:lang="en">https://support.google.com/picasa/answer/53209</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029527" xml:lang="en">1029527</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://secunia.com/secunia_research/2013-14/" xml:lang="en">http://secunia.com/secunia_research/2013-14/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/55555" xml:lang="en">55555</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to execute arbitrary code via a long TIFF tag that triggers a heap-based buffer overflow, as demonstrated using a Canon RAW CR2 file with a long TIFF StripByteCounts tag.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-5358">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:picasa:3.9.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:picasa:3.9.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-5358</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T19:55:02.957-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:39:34.187-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-14T08:32:43.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.google.com/picasa/answer/53209" xml:lang="en">https://support.google.com/picasa/answer/53209</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029527" xml:lang="en">1029527</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://secunia.com/secunia_research/2013-14/" xml:lang="en">http://secunia.com/secunia_research/2013-14/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/55555" xml:lang="en">55555</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote attackers to trigger memory corruption via a crafted TIFF tag, as demonstrated using a KDC file with a DSLR-A100 model and certain sequences of tags.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-5359">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:google:picasa:3.9.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:picasa:3.9.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-5359</vuln:cve-id>
+    <vuln:published-datetime>2014-01-08T19:55:02.987-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:39:49.623-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-14T08:33:05.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.google.com/picasa/answer/53209" xml:lang="en">https://support.google.com/picasa/answer/53209</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1029527" xml:lang="en">1029527</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://secunia.com/secunia_research/2013-14/" xml:lang="en">http://secunia.com/secunia_research/2013-14/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/55555" xml:lang="en">55555</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 might allow remote attackers to execute arbitrary code via a crafted RAW file, as demonstrated using a KDC file with a certain size.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-5660">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:powersoftware:winarchiver:3.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:powersoftware:winarchiver:3.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-5660</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T13:12:03.847-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T14:44:00.477-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T14:44:00.370-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/59626" xml:lang="en">59626</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2013/Sep/8" xml:lang="en">20130902 list of vulnerabilities discovered by realpentesting</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://realpentesting.blogspot.com.es/p/blog-page_3.html" xml:lang="en">http://realpentesting.blogspot.com.es/p/blog-page_3.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/121512/Winarchiver-3.2-Buffer-Overflow.html" xml:lang="en">http://packetstormsecurity.com/files/121512/Winarchiver-3.2-Buffer-Overflow.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://osvdb.org/show/osvdb/92992" xml:lang="en">92992</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://osvdb.org/ref/92/winarchiver-overflow.txt" xml:lang="en">http://osvdb.org/ref/92/winarchiver-overflow.txt</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-5954">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openx:openx:2.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:openx:openx:2.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:openx:openx:2.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:openx:openx:2.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:openx:openx:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:openx:openx:2.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openx:openx:2.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:openx:openx:2.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:openx:openx:2.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openx:openx:2.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openx:openx:2.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openx:openx:2.8.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openx:openx:2.8.10</vuln:product>
+      <vuln:product>cpe:/a:openx:openx:2.8.11</vuln:product>
+      <vuln:product>cpe:/a:openx:openx:2.8.9</vuln:product>
+      <vuln:product>cpe:/a:openx:openx:2.8.1</vuln:product>
+      <vuln:product>cpe:/a:openx:openx:2.8.6</vuln:product>
+      <vuln:product>cpe:/a:openx:openx:2.8.5</vuln:product>
+      <vuln:product>cpe:/a:openx:openx:2.8.8</vuln:product>
+      <vuln:product>cpe:/a:openx:openx:2.8.7</vuln:product>
+      <vuln:product>cpe:/a:openx:openx:2.8.2</vuln:product>
+      <vuln:product>cpe:/a:openx:openx:2.8.4</vuln:product>
+      <vuln:product>cpe:/a:openx:openx:2.8.3</vuln:product>
+      <vuln:product>cpe:/a:openx:openx:2.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-5954</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T10:15:30.453-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T13:38:00.707-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T13:38:00.627-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91889" xml:lang="en">openx-cve20135954-csrf(91889)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66251" xml:lang="en">66251</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/270" xml:lang="en">20140315 [CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125735" xml:lang="en">http://packetstormsecurity.com/files/125735</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-5956">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:joomlaboat:com_youtubegallery:3.4.0::~~~joomla%21~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:joomlaboat:com_youtubegallery:3.4.0::~~~joomla%21~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-5956</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T10:15:30.483-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T13:42:55.557-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T13:42:55.510-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/288" xml:lang="en">20140315 Re: XSS Vulnerability in the Youtube Gallery	3.4.0 Component</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Mar/264" xml:lang="en">20140315 XSS Vulnerability in the Youtube Gallery 3.4.0 Component</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-6053">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openjpeg:openjpeg:1.5.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openjpeg:openjpeg:1.5.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-6053</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T18:55:05.910-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T13:38:17.750-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T13:38:17.720-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/openjpeg/issues/detail?id=297" xml:lang="en">https://code.google.com/p/openjpeg/issues/detail?id=297</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1036493" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1036493</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64121" xml:lang="en">64121</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2013/q4/412" xml:lang="en">[oss-security] 20131204 Fwd: [vs] multiple issues in openjpeg</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS" xml:lang="en">http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS</vuln:reference>
+    </vuln:references>
+    <vuln:summary>OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-6323">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_virtual_enterprise:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_virtual_enterprise:7.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_virtual_enterprise:7.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_virtual_enterprise:7.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_virtual_enterprise:7.0.0.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:websphere_virtual_enterprise:7.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.27</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.29</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.31</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_virtual_enterprise:7.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_virtual_enterprise:7.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.25</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.24</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_virtual_enterprise:7.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_virtual_enterprise:7.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.21</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-6323</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.683-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T09:23:52.843-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T09:23:52.467-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/88903" xml:lang="en">ibm-was-cve20136323-xss(88903)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI04880" xml:lang="en">PI04880</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI04777" xml:lang="en">PI04777</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-6445">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:redhat:enterprise_mrg:2.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:redhat:enterprise_mrg:2.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-6445</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:05.813-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T14:08:06.413-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T14:08:06.383-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030158" xml:lang="en">1030158</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0441.html" xml:lang="en">RHSA-2014:0441</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>REDHAT</vuln:source>
+      <vuln:reference href="http://rhn.redhat.com/errata/RHSA-2014-0440.html" xml:lang="en">RHSA-2014:0440</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-6887">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openjpeg:openjpeg:1.5.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openjpeg:openjpeg:1.5.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-6887</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T16:55:23.633-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T13:35:53.213-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T13:35:53.200-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57285" xml:lang="en">57285</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2013/q4/412" xml:lang="en">[oss-security] 20131204 Fwd: [vs] multiple issues in openjpeg</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS" xml:lang="en">http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS</vuln:reference>
+    </vuln:references>
+    <vuln:summary>OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-6990">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:fortinet:fortiauthenticator:2.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:fortinet:fortiauthenticator:2.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-6990</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:05.860-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T14:49:29.310-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T14:49:29.247-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:security-protection>ALLOWS_ADMIN_ACCESS</vuln:security-protection>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.fortiguard.com/advisory/FG-IR-13-016/" xml:lang="en">http://www.fortiguard.com/advisory/FG-IR-13-016/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7060">
+    <vuln:cve-id>CVE-2013-7060</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:05.340-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:05.340-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://plone.org/security/20131210/path-leak" xml:lang="en">https://plone.org/security/20131210/path-leak</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/12/3" xml:lang="en">[oss-security] 20131211 Re: CVE request for Plone</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/10/15" xml:lang="en">[oss-security] 20131210 CVE request for Plone</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7061">
+    <vuln:cve-id>CVE-2013-7061</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:05.417-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:05.417-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://plone.org/security/20131210/catalogue-exposure" xml:lang="en">https://plone.org/security/20131210/catalogue-exposure</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/12/3" xml:lang="en">[oss-security] 20131211 Re: CVE request for Plone</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/10/15" xml:lang="en">[oss-security] 20131210 CVE request for Plone</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7063">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:invitation_project:invitation:7.x-2.1::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:invitation_project:invitation:7.x-2.0::~~~drupal~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:invitation_project:invitation:7.x-2.1::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:invitation_project:invitation:7.x-2.0::~~~drupal~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7063</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:43.827-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T12:40:09.997-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T12:40:09.747-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2140097" xml:lang="en">https://drupal.org/node/2140097</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/12/1" xml:lang="en">[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/06/7" xml:lang="en">[oss-security] 20131206 CVE request for Drupal core, and contributed modules</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7064">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.11::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.10::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.9::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.8::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.7::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.6::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.2::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.1::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.0::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.x:dev:~~~drupal~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.1::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.2::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.x:dev:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.0::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.6::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.7::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.10::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.8::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.11::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:freelance-it-consultant:eu_cookie_compliance:7.x-1.9::~~~drupal~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7064</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:43.843-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T13:09:54.353-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T13:09:54.257-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2140123" xml:lang="en">https://drupal.org/node/2140123</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2139875" xml:lang="en">https://drupal.org/node/2139875</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/12/1" xml:lang="en">[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/06/7" xml:lang="en">[oss-security] 20131206 CVE request for Drupal core, and contributed modules</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance popup" permission to inject arbitrary web script or HTML via unspecified configuration values.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7065">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.2::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.1::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:-:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc4:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc3:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc2:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc1:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta4:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta3:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta2:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta1:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:alpha3:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:alpha2:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:alpha1:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.x:dev:~~~drupal~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:alpha1:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.x:dev:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:alpha3:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:alpha2:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta4:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:-:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc2:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta2:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.2::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc1:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta3:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.1::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc4:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc3:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta1:~~~drupal~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7065</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:43.857-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T13:30:10.003-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T13:30:09.517-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2140217" xml:lang="en">https://drupal.org/node/2140217</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2140209" xml:lang="en">https://drupal.org/node/2140209</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/12/1" xml:lang="en">[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/06/7" xml:lang="en">[oss-security] 20131206 CVE request for Drupal core, and contributed modules</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restriction and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7066">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.0:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:entity_reference_project:entityreference:7.x-1.x:dev"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.x:dev</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:-</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:alpha2</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:alpha1</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:entity_reference_project:entityreference:7.x-1.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7066</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:43.907-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T13:45:04.283-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T13:45:04.080-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2140237" xml:lang="en">https://drupal.org/node/2140237</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2140229" xml:lang="en">https://drupal.org/node/2140229</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7068">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.2::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.1::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:-:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc4:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc3:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc2:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc1:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta4:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta3:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta2:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta1:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:alpha3:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:alpha2:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.0:alpha1:~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:organic_groups_project:organic_groups:7.x-2.x:dev:~~~drupal~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:alpha1:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.x:dev:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:alpha3:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:alpha2:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta4:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:-:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc2:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta2:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.2::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc1:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta3:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.1::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc4:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:rc3:~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:organic_groups_project:organic_groups:7.x-2.0:beta1:~~~drupal~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7068</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:43.907-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T13:52:47.283-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.9</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T13:52:47.157-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2140217" xml:lang="en">https://drupal.org/node/2140217</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2140209" xml:lang="en">https://drupal.org/node/2140209</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/12/1" xml:lang="en">[oss-security] 20131211 Re: CVE request for Drupal core, and contributed modules</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/06/7" xml:lang="en">[oss-security] 20131206 CVE request for Drupal core, and contributed modules</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7110">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:transifex:transifex:0.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:transifex:transifex:0.4</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.3</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.2</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.1</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.8</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.7</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.6</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.5</vuln:product>
+      <vuln:product>cpe:/a:transifex:transifex:0.9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7110</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T21:59:22.280-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:52:37.023-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T10:52:30.287-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/transifex/transifex-client/issues/42" xml:lang="en">https://github.com/transifex/transifex-client/issues/42</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/15/3" xml:lang="en">[oss-security] 20131215 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/13/5" xml:lang="en">[oss-security] 20131213 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7111">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:basespace_ruby_sdk_project:basespace_ruby_sdk:0.1.7::~~~ruby~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:basespace_ruby_sdk_project:basespace_ruby_sdk:0.1.7::~~~ruby~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7111</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:46.250-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T13:59:23.673-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T13:59:23.610-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html" xml:lang="en">http://www.vapid.dhs.org/advisories/bio-basespace-sdk.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/15/5" xml:lang="en">[oss-security] 20131215 Re: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/14/2" xml:lang="en">[oss-security] 20131214 Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7134">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:phusion:juvia:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:phusion:juvia:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7134</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:46.437-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T14:13:53.343-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T14:13:53.247-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-255"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/phusion/juvia/issues/55" xml:lang="en">https://github.com/phusion/juvia/issues/55</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/18/1" xml:lang="en">[oss-security] 20131217 Re: CVE request: Juvia secret token handling</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/16/3" xml:lang="en">[oss-security] 20131216 CVE request: Juvia secret token handling</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cookies.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7220">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.6.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.5.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.5.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.5.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.3.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.3.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.3.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.91.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.90.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.3.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.2.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.5.90</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.5.91</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.5.92</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.3.90</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.3.91</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.3.92</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.6.3.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.90</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.6.0</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.90.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.4.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.4.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.4.0</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.91.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.92</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.91</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.4.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.92</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.3.5</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.91</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.4</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.5</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.2.2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7220</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:46.967-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T14:53:47.390-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T14:53:45.750-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j" xml:lang="en">https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1030431" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1030431</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.gnome.org/show_bug.cgi?id=686740" xml:lang="en">https://bugzilla.gnome.org/show_bug.cgi?id=686740</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/27/8" xml:lang="en">[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/27/6" xml:lang="en">[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/27/4" xml:lang="en">[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues</vuln:reference>
+    </vuln:references>
+    <vuln:summary>js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7221">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.9.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.9.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.9.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.6.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.5.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.5.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.5.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.3.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.3.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.3.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.91.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.90.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome-shell:3.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.3.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.8.0</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.2.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.3.90</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.3.91</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.3.92</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.6.3.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.6.0</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.90.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.4.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.4.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.4.0</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.9.90</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.91.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.92</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.91</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.9.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.3.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.3.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.92</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.91</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.3.5</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.9.92</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.9.91</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.9.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.2.2.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.9.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.9.5</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.9.4</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.8.4</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.8.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.8.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.8.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.5.90</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.5.91</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.5.92</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.1.90</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.4.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.4</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.7.5</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome-shell:3.8.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7221</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:47.170-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T15:03:18.770-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T15:03:17.957-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088" xml:lang="en">https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.gnome.org/show_bug.cgi?id=708313" xml:lang="en">https://bugzilla.gnome.org/show_bug.cgi?id=708313</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/27/8" xml:lang="en">[oss-security] 20131227 Re: Two CVE request for gnome-shell/screensaver issues</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/27/4" xml:lang="en">[oss-security] 20131227 Two CVE request for gnome-shell/screensaver issues</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7234">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:beta3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:beta2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:beta4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.20</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.22</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.21</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.23</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:beta3.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.17</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:beta4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.16</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:beta2.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.19</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.18</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.9</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.7</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.9</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.8</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:rc3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:beta4.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.12</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.11</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.10</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.16</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.15</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.14</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.13</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.14</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.15</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.17</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.12</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.13</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.10</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:beta5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7234</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:47.607-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T07:14:53.417-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T07:14:52.947-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/30/3" xml:lang="en">[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/30/1" xml:lang="en">[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/" xml:lang="en">http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2013/Dec/83" xml:lang="en">20131213 Multiple vulnerabilities in SMF forum software</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt" xml:lang="en">http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7235">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:beta3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:beta2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:beta4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.20</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.22</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.21</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.23</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:beta3.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.17</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:beta4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.16</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:beta2.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.19</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.18</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.9</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.7</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.9</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.8</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:rc3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:beta4.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.12</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.11</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.10</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.16</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.15</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.14</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.13</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.14</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.15</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.17</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.12</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.13</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.10</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:beta5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7235</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:47.623-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T07:18:45.863-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T07:18:45.550-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/30/3" xml:lang="en">[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/30/1" xml:lang="en">[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/" xml:lang="en">http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2013/Dec/83" xml:lang="en">20131213 Multiple vulnerabilities in SMF forum software</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt" xml:lang="en">http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7236">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:beta4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:simplemachines:simple_machines_forum:1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.20</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.22</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.21</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.23</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:beta4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.17</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.16</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.19</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.18</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.9</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.7</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.6</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.9</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.8</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.5</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.4</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1:rc3</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:beta4.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.12</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.11</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.10</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.16</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.15</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.14</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.13</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.14</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.1.17</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.15</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.12</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.13</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0.10</vuln:product>
+      <vuln:product>cpe:/a:simplemachines:simple_machines_forum:1.0:beta5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7236</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:47.657-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T07:21:25.227-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T07:21:24.960-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/30/3" xml:lang="en">[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2013/12/30/1" xml:lang="en">[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/" xml:lang="en">http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2013/Dec/83" xml:lang="en">20131213 Multiple vulnerabilities in SMF forum software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7259">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:neo4j:neo4j:1.9.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:neo4j:neo4j:1.9.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7259</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:47.797-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T07:44:00.303-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T07:44:00.240-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j" xml:lang="en">https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/03/8" xml:lang="en">[oss-security] 20140103 Re: Neo4J CSRF: Potential CVE candidate</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/03/3" xml:lang="en">[oss-security] 20140103 Neo4J CSRF: Potential CVE candidate</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html" xml:lang="en">http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7260">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:17.0.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:8"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:5"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:4"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:2.1.4::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:2.1.3::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:2.1.2::enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:16.0.3.51"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:16.0.2.32"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:16.0.1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:16.0.0.282"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:16.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:15.02.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:15.0.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:15.0.5.109"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:15.0.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:15.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:15.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:14.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:14.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:14.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:14.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:14.0.1.609"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:14.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:12.0.0.1548"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:12.0.0.1444"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:11_build_6.0.14.748"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:11.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:11.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:11.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:11.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:11.0.2.2315"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:11.0.2.1744"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:11.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:10.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:10.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:12.0.1.1737:-:~-~-~mac_os_x~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:10.0:10.0.0.305:mac"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:10.0:10.0.0.331:mac"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:10.0:10.0.0.352:mac"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:10.1:10.0.0._481:mac"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:10.1:10.0.0.396:mac"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:10.1:10.0.0.412:mac"/>
+        <cpe-lang:fact-ref name="cpe:/a:realnetworks:realplayer:12.0.0.1701::mac"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:realnetworks:realplayer:12.0.0.1701::mac</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:7</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:4</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:6</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:5</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:15.0.4.43</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:14.0.1.609</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:15.02.71</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:8</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:14.0.0</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:11.0.2.1744</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:14.0.4</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:10.1:10.0.0._481:mac</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:14.0.5</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:11.1</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:10.1:10.0.0.412:mac</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:12.0.0.1548</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:14.0.2</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:11.0</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:14.0.3</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:10.1:10.0.0.396:mac</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:11_build_6.0.14.748</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:15.0.5.109</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:10.0:10.0.0.305:mac</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:16.0.0.282</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:10.0:10.0.0.352:mac</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:11.0.4</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:11.0.5</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:11.1.3</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:16.0.2.32</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:15.0.0</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:16.0.0</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:15.0.4</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:10.0</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:10.5</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:17.0.4.60</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:12.0.1.1737:-:~-~-~mac_os_x~~</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:12.0.0.1444</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:11.0.2.2315</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:2.1.4::enterprise</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:2.1.3::enterprise</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:2.1.2::enterprise</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:16.0.1.18</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:16.0.3.51</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:15.0.6.14</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:11.0.3</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:10.0:10.0.0.331:mac</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:11.0.2</vuln:product>
+      <vuln:product>cpe:/a:realnetworks:realplayer:11.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7260</vuln:cve-id>
+    <vuln:published-datetime>2014-01-03T15:55:06.383-05:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:36:23.007-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-01-06T12:15:40.000-05:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/698278" xml:lang="en">VU#698278</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90160" xml:lang="en">realplayer-cve20137260-bo(90160)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/30468/" xml:lang="en">30468</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://service.real.com/realplayer/security/12202013_player/en/" xml:lang="en">http://service.real.com/realplayer/security/12202013_player/en/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7273">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.1.90"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.1.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.1.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.3.92"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.3.92.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:gnome:gnome_display_manager:3.4.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.1.91</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.1.92</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.4.0</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.4.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.3.92</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.4.0.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.2.1.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.3.92.1</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:gnome:gnome_display_manager:3.1.90</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7273</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:49.857-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T09:32:45.557-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T09:32:45.383-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1050745" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1050745</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugzilla.gnome.org/show_bug.cgi?id=704284" xml:lang="en">https://bugzilla.gnome.org/show_bug.cgi?id=704284</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/07/16" xml:lang="en">[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/07/10" xml:lang="en">[oss-security] 20140107 CVE Re: request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference</vuln:reference>
+    </vuln:references>
+    <vuln:summary>GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7284">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2020::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2019::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2018::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2017::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2016::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2014::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2013::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2012::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2011::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2010::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2003::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2002::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2001::~~~perl~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:malcolm_nooning:pirpc:0.2000::~~~perl~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2010::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2011::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2001::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2002::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2003::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2000::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2020::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2013::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2012::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2014::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2017::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2016::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2019::~~~perl~~</vuln:product>
+      <vuln:product>cpe:/a:malcolm_nooning:pirpc:0.2018::~~~perl~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7284</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:49.890-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T09:56:04.777-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T09:56:04.650-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://rt.cpan.org/Public/Bug/Display.html?id=90474" xml:lang="en">https://rt.cpan.org/Public/Bug/Display.html?id=90474</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1051108" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1051108</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1030572" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1030572</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734789</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/62" xml:lang="en">[oss-security] 20140109 Re: PlRPC Perl module: pre-auth remote code execution, weak crypto</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q1/56" xml:lang="en">[oss-security] 20140109 PlRPC Perl module: pre-auth remote code execution, weak crypto</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7302">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0:alpha1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0:alpha2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0:alpha3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0:beta3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0:beta4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0:dev"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0:rc2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0:rc3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.0:rc4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:7.x-3.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:beta3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:beta4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:beta5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:dev"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:rc1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:rc2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:rc3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:rc4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:rc5"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:rc6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.0:rc7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:ubercart:ubercart:6.x-2.9"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:drupal:drupal:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0:alpha1</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.4</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.5</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.2</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.3</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:dev</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0:dev</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.3</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.2</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.1</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.8</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.4</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.6</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.7</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.11</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.12</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.10</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.9</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0:alpha2</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:rc7</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0:alpha3</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:rc6</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:rc5</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:rc4</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:rc3</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.1</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:6.x-2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:ubercart:ubercart:7.x-3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7302</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:49.907-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T10:04:51.667-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T10:04:51.293-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2158651" xml:lang="en">https://drupal.org/node/2158651</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2158567" xml:lang="en">https://drupal.org/node/2158567</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://drupal.org/node/2158565" xml:lang="en">https://drupal.org/node/2158565</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7372">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:harmony:6.0:m3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:google:android:4.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.1.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.2.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.2.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0</vuln:product>
+      <vuln:product>cpe:/a:apache:harmony:6.0:m3</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0.4</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0.3</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.3</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.3.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7372</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T16:55:08.933-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T10:23:46.927-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T10:23:46.800-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://android.googlesource.com/platform/libcore/+/kitkat-release/luni/src/main/java/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java" xml:lang="en">https://android.googlesource.com/platform/libcore/+/kitkat-release/luni/src/main/java/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html" xml:lang="en">http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bitcoin.org/en/alert/2013-08-11-android" xml:lang="en">https://bitcoin.org/en/alert/2013-08-11-android</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.nds.rub.de/media/nds/veroeffentlichungen/2013/03/25/paper_2.pdf" xml:lang="en">http://www.nds.rub.de/media/nds/veroeffentlichungen/2013/03/25/paper_2.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7373">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:google:android:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.2:rev1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.3:rev1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:google:android:4.3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:google:android:4.1.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.2.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:3.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.2.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:3.0</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0.4</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0.3</vuln:product>
+      <vuln:product>cpe:/o:google:android:3.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.3:rev1</vuln:product>
+      <vuln:product>cpe:/o:google:android:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.2:rev1</vuln:product>
+      <vuln:product>cpe:/o:google:android:1.5</vuln:product>
+      <vuln:product>cpe:/o:google:android:1.6</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.3</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.3.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.0</vuln:product>
+      <vuln:product>cpe:/o:google:android:1.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:google:android:1.0</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.3</vuln:product>
+      <vuln:product>cpe:/o:google:android:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.3.7</vuln:product>
+      <vuln:product>cpe:/o:google:android:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.2.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.2.3</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.2.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.0.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.3.6</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.3.4</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.0.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.3.5</vuln:product>
+      <vuln:product>cpe:/o:google:android:4.3.1</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.3.2</vuln:product>
+      <vuln:product>cpe:/o:google:android:2.3.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7373</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T16:55:09.013-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T08:57:21.250-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T08:57:20.750-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.reddit.com/r/Android/comments/1k6f03/due_to_a_serious_encryptionrng_flaw_in_android/cblvum5" xml:lang="en">http://www.reddit.com/r/Android/comments/1k6f03/due_to_a_serious_encryptionrng_flaw_in_android/cblvum5</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://marc.info/?l=openssl-dev&amp;m=130298304903422&amp;w=2" xml:lang="en">[openssl-dev] 20110416 Re: recycled pids causes PRNG to repeat</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://marc.info/?l=openssl-dev&amp;m=130289811108150&amp;w=2" xml:lang="en">[openssl-dev] 20110415 recycled pids causes PRNG to repeat</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/" xml:lang="en">http://emboss.github.io/blog/2013/08/21/openssl-prng-is-not-really-fork-safe/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html" xml:lang="en">http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.</vuln:summary>
+  </entry>
+  <entry id="CVE-2013-7374">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:13.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:13.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2013-7374</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:28:36.227-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T14:09:38.137-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T14:09:38.013-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.launchpad.net/ubuntu/%2Bsource/indicator-datetime/%2Bbug/1246812" xml:lang="en">https://bugs.launchpad.net/ubuntu/%2Bsource/indicator-datetime/%2Bbug/1246812</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2186-1" xml:lang="en">USN-2186-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/30/1" xml:lang="en">[oss-security] 20140430 Re: CVE Request: indicator-datetime issue</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/29/3" xml:lang="en">[oss-security] 20140429 CVE Request: indicator-datetime issue</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://bazaar.launchpad.net/~indicator-applet-developers/indicator-datetime/trunk.13.10/revision/282" xml:lang="en">http://bazaar.launchpad.net/~indicator-applet-developers/indicator-datetime/trunk.13.10/revision/282</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0037">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.00"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.30.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.40.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.00"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.8</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.6</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.7</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.8</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.4</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.9</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.5</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.6</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.7</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.3</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.5</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.7</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.2</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.6</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.5</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.3</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.0</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.17</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.1.4</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.13</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.20</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.16</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.00</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.13</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.01</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.02</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.03</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.12</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.17</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.22</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.12</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.3</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.2</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.30.9</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.0.4</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.00</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.5</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.6</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.01</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.7</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.8</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.2</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.3</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.02</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.4</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.0</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.9</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.12</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.13</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.14</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.15</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.1.3</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.1.2</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.40.16</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0037</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:06.080-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T07:35:51.057-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T07:35:50.760-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1059903" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1059903</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1056767" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1056767</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/01/31/14" xml:lang="en">[oss-security] 20140131 Security Flaw CVE-2014-0037</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:044" xml:lang="en">MDVSA-2014:044</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0079">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.00"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.03"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.02"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.01"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:5.00"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:zarafa:zarafa:7.1.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.00</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.01</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:7.1.8</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.02</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.10</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.20</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.00</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.01</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.02</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.03</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.11</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:6.20</vuln:product>
+      <vuln:product>cpe:/a:zarafa:zarafa:5.22</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0079</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:06.157-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T07:52:00.900-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T07:52:00.807-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1059903" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1059903</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MANDRIVA</vuln:source>
+      <vuln:reference href="http://www.mandriva.com/security/advisories?name=MDVSA-2014:044" xml:lang="en">MDVSA-2014:044</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0088">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:igor_sysoev:nginx:1.5.10"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:igor_sysoev:nginx:1.5.10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0088</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T10:38:49.920-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T10:10:30.290-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T10:10:30.257-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" xml:lang="en">[nginx-announce] 20140304 nginx security advisory (CVE-2014-0088)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030150" xml:lang="en">1030150</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0112">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:struts:2.3.14</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.12</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.16</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.4.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.8.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.3.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.16.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0112</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.670-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:59:24.903-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:59:24.420-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://cwiki.apache.org/confluence/display/WW/S2-021" xml:lang="en">https://cwiki.apache.org/confluence/display/WW/S2-021</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1091939" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1091939</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045" xml:lang="en">JVNDB-2014-000045</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN19294237/index.html" xml:lang="en">JVN#19294237</vuln:reference>
+    </vuln:references>
+    <vuln:summary>ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0113">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:2.3.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:struts:2.3.14</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.12</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.16</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.14.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.7</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.4.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.5</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.6</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.1.8.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.0.11.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.2.3.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.15.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.16.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:2.3.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0113</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.700-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:59:31.653-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:59:30.983-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://cwiki.apache.org/confluence/display/WW/S2-021" xml:lang="en">https://cwiki.apache.org/confluence/display/WW/S2-021</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0114">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.1:b3"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.1:b2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.1:b1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:apache:struts:1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:apache:struts:1.3.5</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.0</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.1:b3</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.1:b2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.3.10</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.2.9</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.1:b1</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.3.8</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.2.6</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.2.7</vuln:product>
+      <vuln:product>cpe:/a:apache:struts:1.2.8</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0114</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:03.973-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T10:28:16.450-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T10:28:16.280-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1091938" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1091938</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0162">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openstack:icehouse:rc-1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:icehouse:rc-1</vuln:product>
+      <vuln:product>cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:image_registry_and_delivery_service_%28glance%29:2013.2.3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0162</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T16:55:23.667-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T14:09:33.227-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T14:09:33.180-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://launchpad.net/bugs/1298698" xml:lang="en">https://launchpad.net/bugs/1298698</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/10/13" xml:lang="en">[oss-security] 20140410 [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0181">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.2.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.69"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.71"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.72"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.73"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.74"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.76"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.77"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.78"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.79"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.7.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.11.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.12.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.13.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.70</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.71</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.21</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.3.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.9.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.8.0</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.5.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.14.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.72</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.73</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.74</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.75</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.76</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.77</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.78</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.79</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.10.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.7.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.2.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.11.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.4.69</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0181</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T20:55:05.750-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T11:50:11.293-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>2.1</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T11:50:05.183-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e" xml:lang="en">https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/23/6" xml:lang="en">[oss-security] 20140423 Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://marc.info/?l=linux-netdev&amp;m=139828832919748&amp;w=2" xml:lang="en">[netdev] 20140423 [PATCH 0/5]: Preventing abuse when passing file descriptors</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0187">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2014.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:openstack:neutron:2013.2.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:openstack:neutron:2013.2.3</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.1.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.2.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.1.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.2</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.1.4</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.2.1</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.1.3</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2013.1.5</vuln:product>
+      <vuln:product>cpe:/a:openstack:neutron:2014.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0187</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:06.237-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T10:26:22.943-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T10:26:22.817-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugs.launchpad.net/neutron/+bug/1300785" xml:lang="en">https://bugs.launchpad.net/neutron/+bug/1300785</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/22/8" xml:lang="en">[oss-security] 20140422 [OSSA 2014-014] Neutron security groups bypass through invalid CIDR (CVE-2014-0187)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0189">
+    <vuln:cve-id>CVE-2014-0189</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:05.823-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:05.823-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1088732" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1088732</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1081286" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1081286</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67089" xml:lang="en">67089</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/28/2" xml:lang="en">[oss-security] 20140428 CVE-2014-0189: /etc/sysconfig/virt-who is world-readable (contains unencrypted passwords)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0350">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:p3"/>
+        <cpe-lang:fact-ref name="cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:p2"/>
+        <cpe-lang:fact-ref name="cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:p1"/>
+        <cpe-lang:fact-ref name="cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.5"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:p2</vuln:product>
+      <vuln:product>cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:p1</vuln:product>
+      <vuln:product>cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:p3</vuln:product>
+      <vuln:product>cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.6:-</vuln:product>
+      <vuln:product>cpe:/a:pocoproject:poco_c%2b%2b_libraries:1.4.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0350</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T21:55:04.967-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T09:03:33.290-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T09:03:33.243-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/118748" xml:lang="en">VU#118748</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG" xml:lang="en">https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0363">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-15"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-13"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-09"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-06"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-29"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-26"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-25"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-21"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-18"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-16"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-13"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-12"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-11"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-10"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-03"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-02"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-23"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-21"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-20"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-19"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-18"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-16"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-20</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-02</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-21</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.4.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-15</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-13</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-23</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-19</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-03</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-16</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-18</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-13</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-06</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-09</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-29</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-21</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-25</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-26</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-18</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-11</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-10</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-12</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-16</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0363</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.490-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T10:47:23.507-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T10:47:22.397-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/489228" xml:lang="en">VU#489228</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://issues.igniterealtime.org/browse/SMACK-410" xml:lang="en">http://issues.igniterealtime.org/browse/SMACK-410</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released" xml:lang="en">http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0364">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:2.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:2.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-15"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-13"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-09"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-06"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-29"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-26"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-25"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-21"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-18"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-16"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-13"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-12"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-11"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-10"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-03"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-02"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-23"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-21"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-20"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-19"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-18"/>
+        <cpe-lang:fact-ref name="cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-16"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-20</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-02</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-21</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.4.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-15</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-13</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-23</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-19</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-03</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-16</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:2.2.1</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-18</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-13</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-06</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-04-09</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-29</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:2.2.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-21</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-25</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-26</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-18</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-11</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.3.1</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.3.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-10</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.2.2</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-03-12</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:4.0.0:snapshot-2014-02-16</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.2.0</vuln:product>
+      <vuln:product>cpe:/a:igniterealtime:smack:3.2.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0364</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.520-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T11:07:13.453-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T11:07:13.203-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CERT-VN</vuln:source>
+      <vuln:reference href="http://www.kb.cert.org/vuls/id/489228" xml:lang="en">VU#489228</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released" xml:lang="en">http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0470">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:super_project:super:3.30.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:super_project:super:3.30.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0470</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:06.110-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T15:20:24.450-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T15:20:24.403-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:security-protection>ALLOWS_ADMIN_ACCESS</vuln:security-protection>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/28/6" xml:lang="en">[oss-security] 20140428 super unchecked setuid (CVE-2014-0470)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2917" xml:lang="en">DSA-2917</vuln:reference>
+    </vuln:references>
+    <vuln:summary>super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0471">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:10.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:12.04:-:lts"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:12.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:13.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:canonical:ubuntu_linux:14.04::lts"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.10.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.13.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.16.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.14.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.15.8.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.9.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:debian:dpkg:1.16.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.0</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.19</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.18</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.17</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.15</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.16</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.9</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.11</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.12</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.13</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.14</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.21</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.20</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.17.0</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.4.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.9</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.0</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.9</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.9</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.4.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.4.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.4.1</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:10.04:-:lts</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.21</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.20</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.23</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.22</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.11</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16.2</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:12.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.27</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.26</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.14</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.13</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.23</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.22</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.25</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.24</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.28</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.19</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.0.1</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:12.04:-:lts</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.20</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.21</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.15</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.16</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.17</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.18</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.25</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.24</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.16</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.15</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.1.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.14</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.1.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.13</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.12</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.11</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.0.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.0.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.13</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.12</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.11.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.18</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.17</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.19</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.18</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.11</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.12</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.14</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.15</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.16</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.17</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.28</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.29</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.19</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.26</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.27</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.6.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.0</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.11</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.7.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.0</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.12</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.2</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.24</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.3</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.23</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.7.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.25</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:14.04::lts</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.18.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.4</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.14.30</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.3.1</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.9</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.20</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.8</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.9.7</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.5</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.10.1</vuln:product>
+      <vuln:product>cpe:/o:canonical:ubuntu_linux:13.10</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.21</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.9</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.15.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.13.22</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.6</vuln:product>
+      <vuln:product>cpe:/a:debian:dpkg:1.16.7</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0471</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:06.140-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T12:33:41.257-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T12:33:40.477-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>UBUNTU</vuln:source>
+      <vuln:reference href="http://www.ubuntu.com/usn/USN-2183-1" xml:lang="en">USN-2183-1</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>DEBIAN</vuln:source>
+      <vuln:reference href="http://www.debian.org/security/2014/dsa-2915" xml:lang="en">DSA-2915</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0515">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:13.0.0.182"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.225"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.269"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.272"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:13.0.0.201"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.350"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.223"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.228"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.233"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.235"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.236"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.238"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.243"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.251"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.258"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.262"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.270"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.273"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.280"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.285"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.291"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.297"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.310"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.332"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.335"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.336"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.341"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.2.202.346"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:13.0.0.182"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.168"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.8.800.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.275"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.169"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.202"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.224"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.225"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.232"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.242"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.257"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.260"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.261"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.269"/>
+          <cpe-lang:fact-ref name="cpe:/a:adobe:flash_player:11.7.700.272"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.243</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.280</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.262</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.285</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.223</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.335</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.336</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.242</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.202</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.273</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.272</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.275</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.235</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:13.0.0.182</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.236</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.168</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.257</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.238</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.341</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.297</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.258</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.224</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.225</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.270</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.94</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.291</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.251</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.228</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.232</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.233</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.346</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.261</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.260</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.169</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.8.800.97</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.332</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.7.700.269</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:13.0.0.201</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.350</vuln:product>
+      <vuln:product>cpe:/a:adobe:flash_player:11.2.202.310</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0515</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.733-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T10:46:06.390-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T10:46:05.390-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://helpx.adobe.com/security/products/flash-player/apsb14-13.html" xml:lang="en">http://helpx.adobe.com/security/products/flash-player/apsb14-13.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0646">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_access_manager:6.1:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_access_manager:6.1:sp4"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_access_manager:6.2:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:emc:rsa_access_manager:6.2:sp1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:emc:rsa_access_manager:6.2:-</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_access_manager:6.2:sp1</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_access_manager:6.1:sp4</vuln:product>
+      <vuln:product>cpe:/a:emc:rsa_access_manager:6.1:sp3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0646</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.697-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T09:49:06.440-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T09:49:06.363-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/2014-04/0191.html" xml:lang="en">20140430 ESA-2014-029: RSA Access Manager Sensitive Information Disclosure Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0760">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:3s-software:codesys_runtime_system:-"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:festo:cecx-x-c1_modular_master_controller:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:softmotion3d:softmotion:-"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:festo:cecx-x-m1_modular_controller:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:softmotion3d:softmotion:-</vuln:product>
+      <vuln:product>cpe:/h:festo:cecx-x-c1_modular_master_controller:-</vuln:product>
+      <vuln:product>cpe:/a:3s-software:codesys_runtime_system:-</vuln:product>
+      <vuln:product>cpe:/h:festo:cecx-x-m1_modular_controller:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0760</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T01:12:07.693-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:56:18.937-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T09:56:18.873-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0769">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:softmotion3d:softmotion:-"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:festo:cecx-x-m1_modular_controller:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:3s-software:codesys_runtime_system:-"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:festo:cecx-x-c1_modular_master_controller:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:softmotion3d:softmotion:-</vuln:product>
+      <vuln:product>cpe:/h:festo:cecx-x-c1_modular_master_controller:-</vuln:product>
+      <vuln:product>cpe:/a:3s-software:codesys_runtime_system:-</vuln:product>
+      <vuln:product>cpe:/h:festo:cecx-x-m1_modular_controller:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0769</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T01:12:07.753-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:58:09.157-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T09:58:09.110-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0780">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:indusoft:web_studio:7.1:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:indusoft:web_studio:7.1:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:indusoft:web_studio:7.1:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:indusoft:web_studio:7.1:-</vuln:product>
+      <vuln:product>cpe:/a:indusoft:web_studio:7.1:sp2</vuln:product>
+      <vuln:product>cpe:/a:indusoft:web_studio:7.1:sp1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0780</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T01:12:07.787-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T11:48:51.573-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T11:48:51.433-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0786">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4369"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4380"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4390"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4360"/>
+        <cpe-lang:fact-ref name="cpe:/a:ecava:integraxor:4.1.4340"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4369</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4390</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4360</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4340</vuln:product>
+      <vuln:product>cpe:/a:ecava:integraxor:4.1.4380</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0786</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T21:56:10.490-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T12:18:09.443-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T12:18:09.240-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.integraxor.com/blog/category/security/vulnerability-note/" xml:lang="en">http://www.integraxor.com/blog/category/security/vulnerability-note/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0823">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0823</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.713-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T09:54:20.187-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T09:54:20.043-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90498" xml:lang="en">ibm-was-cve20140823-viewfiles(90498)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI05324" xml:lang="en">PI05324</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0857">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0857</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.713-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T09:57:31.300-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T09:57:30.973-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90863" xml:lang="en">ibm-was-cve20140857-info-disc(90863)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI07808" xml:lang="en">PI07808</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0859">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.0.0.8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:7.0.0.9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.27</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.29</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.31</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.25</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.24</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:7.0.0.21</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0859</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.730-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:01:30.323-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T10:01:29.917-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/90879" xml:lang="en">ibm-was-cve20140859-retry(90879)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI08892" xml:lang="en">PI08892</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0896">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile"/>
+        <cpe-lang:fact-ref name="cpe:/a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile</vuln:product>
+      <vuln:product>cpe:/a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0896</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.747-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:14:42.947-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T10:14:42.897-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/91326" xml:lang="en">ibm-was-cve20140896-info-disc(91326)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>AIXAPAR</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg1PI10134" xml:lang="en">PI10134</vuln:reference>
+    </vuln:references>
+    <vuln:summary>IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0941">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:tivoli_netcool%2fomnibus:7.4.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:tivoli_netcool%2fomnibus:7.4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0941</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.760-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:25:37.247-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T10:25:37.233-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92400" xml:lang="en">ibm-netcoolomnibus-cve20140941-xss(92400)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21671686" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21671686</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0942.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-0942">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ibm:tivoli_netcool%2fomnibus:7.4.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ibm:tivoli_netcool%2fomnibus:7.4.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-0942</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:29:56.777-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:28:48.147-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T10:28:46.083-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92401" xml:lang="en">ibm-netcoolomnibus-cve20140942-xss(92401)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www-01.ibm.com/support/docview.wss?uid=swg21671686" xml:lang="en">http://www-01.ibm.com/support/docview.wss?uid=swg21671686</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0941.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1217">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:4.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:7.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:2.94"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:2.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:2.81"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.7</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:2.94</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:2.91</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:2.81</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:7.1.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.71</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:4.3.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.3</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.8.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.4</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:5.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:4.9.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.6</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.7.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1217</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:06.440-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T08:09:11.557-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T08:09:11.210-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/" xml:lang="en">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67043" xml:lang="en">67043</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531911/100/0/threaded" xml:lang="en">20140423 CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/259" xml:lang="en">20140423 CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1441">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:coreftp:core_ftp:1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:coreftp:core_ftp:1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1441</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T21:59:22.357-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T11:11:59.343-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T11:11:59.140-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-362"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102966" xml:lang="en">102966</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56850" xml:lang="en">56850</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Feb/39" xml:lang="en">20140205 Core FTP Server Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html" xml:lang="en">http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://coreftp.com/forums/viewtopic.php?t=2985707" xml:lang="en">http://coreftp.com/forums/viewtopic.php?t=2985707</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated by pressing the enter key twice.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1442">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:coreftp:core_ftp:1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:coreftp:core_ftp:1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1442</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T21:59:22.390-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T11:19:26.310-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T11:19:26.280-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102967" xml:lang="en">102967</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56850" xml:lang="en">56850</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Feb/39" xml:lang="en">20140205 Core FTP Server Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html" xml:lang="en">http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://coreftp.com/forums/viewtopic.php?t=2985707" xml:lang="en">http://coreftp.com/forums/viewtopic.php?t=2985707</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1443">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:coreftp:core_ftp:1.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:coreftp:core_ftp:1.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1443</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T21:59:22.420-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T11:21:20.283-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T11:21:20.220-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102968" xml:lang="en">102968</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/56850" xml:lang="en">56850</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Feb/39" xml:lang="en">20140205 Core FTP Server Vulnerabilities</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html" xml:lang="en">http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://coreftp.com/forums/viewtopic.php?t=2985707" xml:lang="en">http://coreftp.com/forums/viewtopic.php?t=2985707</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to an out-of-bounds read.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1518">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1518</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.677-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T11:29:46.733-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T11:29:44.043-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=993546" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=993546</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=992968" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=992968</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=991471" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=991471</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=986843" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=986843</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=986678" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=986678</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=980537" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=980537</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=966630" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=966630</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=952022" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=952022</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=944353" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=944353</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-34.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-34.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1519">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1519</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.707-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T11:51:53.667-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T11:51:51.027-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=996883" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=996883</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=995607" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=995607</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=990794" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=990794</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=986864" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=986864</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=977955" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=977955</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=953104" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=953104</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=946658" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=946658</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=919592" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=919592</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-34.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-34.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1520">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1520</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.753-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T12:02:09.143-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.9</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T12:02:07.173-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=961676" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=961676</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-35.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-35.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1522">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1522</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.787-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T12:11:38.583-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T12:11:36.177-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=995289" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=995289</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-36.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-36.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1523">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1523</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.800-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T12:24:23.030-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T12:24:19.860-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=969226" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=969226</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-37.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-37.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1524">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1524</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.833-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T12:33:27.033-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T12:33:24.253-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=989183" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=989183</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-38.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-38.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1525">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1525</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.863-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T12:39:27.297-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T12:39:22.030-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=989210" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=989210</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-39.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-39.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1526">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1526</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.880-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T12:56:20.300-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T12:56:17.970-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=988106" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=988106</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-47.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-47.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1527">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:google:android"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1527</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.910-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:01:15.387-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:01:13.310-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=960146" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=960146</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-40.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-40.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1528">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+          <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1528</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.943-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:07:51.433-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:07:51.277-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=963962" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=963962</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-41.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-41.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1529">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1529</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:04.973-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:12:49.910-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:12:46.863-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=987003" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=987003</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-42.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-42.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1530">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1530</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:05.003-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:19:08.407-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:19:05.297-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=895557" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=895557</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-43.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-43.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1531">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1531</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:05.037-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:44:36.193-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:44:32.600-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=987140" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=987140</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-44.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-44.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1532">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:28.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:27.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:26.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9:rc"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:0.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0:preview_release"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.5.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.28"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.27"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.26"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.25"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:3.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:12.0:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:14.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:20.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:21.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:23.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox:25.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:firefox_esr:24.1.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.26:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.25:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.24:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.23:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:alpha_3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:alpha3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.10:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.11:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.12:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.13:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.14:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.15:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.16:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.17:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.18:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.19:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.2:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.20:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.21:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.22:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.3:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.6:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.7:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.8:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:seamonkey:2.9:beta4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.5:beta"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:10.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:11.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:12.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:13.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:15.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:16.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:17.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:2.0.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.16"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:3.1.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:6.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:9.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mozilla:thunderbird:24.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.26</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.25</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:alpha_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.28</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.27</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:18.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:rc2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:21.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:-</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:6.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:14.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:8.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0:beta9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:17.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:6.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.6.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:28.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:15.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:19.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:11.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.5.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:15.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9:rc</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.10.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:8.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:16.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0:preview_release</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:20.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:5.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.14:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.10:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.12:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.13:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:26.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.0:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:14.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.17</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.16</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.15</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.24:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.21:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.20:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.23:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.25:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.11:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.0.5:beta</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.21</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.20</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:23.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.19:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.18:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.16:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.15:beta5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.7:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.8:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.9:beta4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.6:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.1:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:3.1.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.2:beta2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.3:beta3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.22</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0.0.23</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:25.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0:beta6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:27.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.13</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.14</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:1.5.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:2.0.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:12.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.10</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.11</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:10.0.12</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:1.5</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.9</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:11.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.8</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.7</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:0.6</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox_esr:24.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.17.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:13.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:2.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:9.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.26:rc1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:seamonkey:2.22.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.3</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.4</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.1</vuln:product>
+      <vuln:product>cpe:/a:mozilla:thunderbird:10.0.2</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.18</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:3.0.19</vuln:product>
+      <vuln:product>cpe:/a:mozilla:firefox:7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1532</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:05.067-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:51:29.847-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:51:26.927-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.mozilla.org/show_bug.cgi?id=966006" xml:lang="en">https://bugzilla.mozilla.org/show_bug.cgi?id=966006</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.mozilla.org/security/announce/2014/mfsa2014-46.html" xml:lang="en">http://www.mozilla.org/security/announce/2014/mfsa2014-46.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1730">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.131"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.131</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.130</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1730</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T06:55:05.433-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T10:29:20.927-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T10:29:19.757-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20595" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20595</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20593" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20593</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20388" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20388</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20377" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20377</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20375" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20375</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=354967" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=354967</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1731">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.131"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.131</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.130</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1731</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T06:55:05.480-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T10:31:52.497-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T10:31:51.403-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=171216&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=171216&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=349903" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=349903</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1732">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.131"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.131</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.130</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1732</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T06:55:05.513-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T10:38:32.990-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T10:38:30.227-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=261737&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=261737&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=352851" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=352851</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1733">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.131"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.131</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.130</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1733</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T06:55:05.543-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T10:43:50.860-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T10:43:49.673-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/chrome?revision=260157&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/chrome?revision=260157&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=351103" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=351103</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1734">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.131"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.131</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.130</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1734</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T06:55:05.560-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T11:15:37.607-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T11:15:36.073-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=367314" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=367314</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=357382" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=357382</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=356181" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=356181</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1735">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.131"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.10"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.100"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.101"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.102"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.103"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.104"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.109"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.111"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.112"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.113"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.114"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.115"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.116"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.118"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.12"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.120"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.14"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.15"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.23"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.24"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.25"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.36"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.37"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.38"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.39"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.4"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.41"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.42"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.43"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.44"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.45"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.46"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.47"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.48"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.49"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.5"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.50"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.51"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.52"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.53"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.54"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.55"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.56"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.57"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.58"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.59"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.6"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.60"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.61"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.62"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.63"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.64"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.65"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.66"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.67"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.68"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.69"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.7"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.71"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.72"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.73"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.74"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.75"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.76"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.77"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.78"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.79"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.8"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.80"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.81"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.82"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.83"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.85"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.86"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.87"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.9"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.91"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.92"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.94"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.97"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.98"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.99"/>
+          <cpe-lang:fact-ref name="cpe:/a:google:chrome:34.0.1847.130"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:apple:mac_os_x"/>
+          <cpe-lang:fact-ref name="cpe:/o:microsoft:windows"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.131</vuln:product>
+      <vuln:product>cpe:/a:google:chrome:34.0.1847.130</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1735</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T06:55:05.590-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T11:21:36.240-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T11:21:35.007-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=171127&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=171127&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://src.chromium.org/viewvc/blink?revision=171077&amp;view=revision" xml:lang="en">https://src.chromium.org/viewvc/blink?revision=171077&amp;view=revision</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20624" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20624</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20622" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20622</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/v8/source/detail?r=20501" xml:lang="en">https://code.google.com/p/v8/source/detail?r=20501</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=360429" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=360429</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=359525" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=359525</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://code.google.com/p/chromium/issues/detail?id=359130" xml:lang="en">https://code.google.com/p/chromium/issues/detail?id=359130</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" xml:lang="en">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1762">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1762</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T06:55:03.153-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:15:10.007-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:15:09.977-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/443810610958958592" xml:lang="en">http://twitter.com/thezdi/statuses/443810610958958592</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1763">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1763</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T06:55:03.200-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:17:29.263-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:17:29.247-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/443855973673754624" xml:lang="en">http://twitter.com/thezdi/statuses/443855973673754624</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1764">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1764</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T06:55:03.233-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:26:37.700-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:26:37.670-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/443855973673754624" xml:lang="en">http://twitter.com/thezdi/statuses/443855973673754624</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1765">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1765</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T06:55:03.247-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:34:52.230-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:34:52.183-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/444216845734666240" xml:lang="en">http://twitter.com/thezdi/statuses/444216845734666240</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1766">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:microsoft:windows_8.1:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:microsoft:windows_8.1:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1766</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T06:55:03.280-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:40:57.350-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:40:57.303-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" xml:lang="en">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://twitter.com/thezdi/statuses/444216845734666240" xml:lang="en">http://twitter.com/thezdi/statuses/444216845734666240</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the kernel in Microsoft Windows 8.1 allows local users to gain privileges via unknown vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1776">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:7"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:6"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:11:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:10"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:9"/>
+        <cpe-lang:fact-ref name="cpe:/a:microsoft:internet_explorer:8"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:8</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:7</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:9</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:11:-</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:6</vuln:product>
+      <vuln:product>cpe:/a:microsoft:internet_explorer:10</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1776</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T06:55:03.340-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:53:15.060-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:53:15.013-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://technet.microsoft.com/library/security/2963983" xml:lang="en">https://technet.microsoft.com/library/security/2963983</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html" xml:lang="en">http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Use-after-free vulnerability in VGX.DLL in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2014.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1841">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.0.1733"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.01.1740"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.01.1740</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.0.1733</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.40</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.30</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1841</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.763-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T11:23:07.387-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T11:23:07.323-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" xml:lang="en">20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1842">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.0.1733"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.01.1740"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.01.1740</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.0.1733</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.40</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.30</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1842</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.780-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T11:24:52.327-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T11:24:52.280-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" xml:lang="en">20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1843">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.40"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.30"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.0.1733"/>
+        <cpe-lang:fact-ref name="cpe:/a:southrivertech:titan_ftp_server:10.01.1740"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.01.1740</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.0.1733</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.40</vuln:product>
+      <vuln:product>cpe:/a:southrivertech:titan_ftp_server:10.30</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1843</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.810-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T11:34:23.800-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T11:34:23.737-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" xml:lang="en">20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1899">
+    <vuln:cve-id>CVE-2014-1899</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:05.933-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:05.933-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.citrix.com/article/CTX140291" xml:lang="en">https://support.citrix.com/article/CTX140291</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1955">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:fortinet:fortiweb:5.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:fortinet:fortiweb:5.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1955</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:06.173-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T08:14:40.323-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T08:14:40.247-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.fortiguard.com/advisory/FG-IR-13-009/" xml:lang="en">http://www.fortiguard.com/advisory/FG-IR-13-009/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1956">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:fortinet:fortiweb:5.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:fortinet:fortiweb:5.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1956</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:06.203-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T08:20:06.820-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T08:20:06.787-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.fortiguard.com/advisory/FG-IR-13-009/" xml:lang="en">http://www.fortiguard.com/advisory/FG-IR-13-009/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1957">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:fortinet:fortiweb:5.0.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:fortinet:fortiweb:5.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1957</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:06.237-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T08:54:07.450-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T08:54:06.467-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:security-protection>ALLOWS_USER_ACCESS</vuln:security-protection>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.fortiguard.com/advisory/FG-IR-13-009/" xml:lang="en">http://www.fortiguard.com/advisory/FG-IR-13-009/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1988">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:2.5.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.5.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.0.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:2.1.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.5</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1988</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:07.430-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T11:32:37.667-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T11:32:37.167-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.cybozu.com/ja-jp/article/8105" xml:lang="en">https://support.cybozu.com/ja-jp/article/8105</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000042" xml:lang="en">JVNDB-2014-000042</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN90519014/index.html" xml:lang="en">JVN#90519014</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-1989">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7:sp3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cybozu:garoon:3.7.2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.1.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7.1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.3</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.4</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.0.0</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.7:sp1</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.2</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.5</vuln:product>
+      <vuln:product>cpe:/a:cybozu:garoon:3.5.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-1989</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:07.787-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T11:35:28.657-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T11:35:28.530-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://support.cybozu.com/ja/article/5264" xml:lang="en">https://support.cybozu.com/ja/article/5264</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVNDB</vuln:source>
+      <vuln:reference href="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000043" xml:lang="en">JVNDB-2014-000043</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>JVN</vuln:source>
+      <vuln:reference href="http://jvn.jp/en/jp/JVN31230946/index.html" xml:lang="en">JVN#31230946</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2042">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.71"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:5.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:4.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:4.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:2.94"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:2.91"/>
+        <cpe-lang:fact-ref name="cpe:/a:livetecs:timeline:2.81"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.7</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:2.94</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.1.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.5.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.8</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:2.91</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.0.3</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.0.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:2.81</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.0.5</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.71</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.6.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:4.3.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.3</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.8.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.4</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:5.2.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:4.9.1</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:6.2.6</vuln:product>
+      <vuln:product>cpe:/a:livetecs:timeline:3.7.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2042</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:06.563-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T08:18:50.870-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T08:18:50.713-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531914/100/0/threaded" xml:lang="en">20140423 CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/260" xml:lang="en">20140423 CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2156">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_2000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_990_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_880_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_770_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_550_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_6000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_3000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_95_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_85_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_75_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1700_mxp:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_3000_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_75_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_95_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_880_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_85_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_6000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_550_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_990_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1700_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_770_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_2000_mxp:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2156</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:07.977-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T11:49:05.840-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T11:49:05.340-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2157">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_2000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_990_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_880_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_770_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_550_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_6000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_3000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_95_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_85_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_75_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1700_mxp:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_3000_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_75_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_95_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_880_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_85_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_6000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_550_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_990_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1700_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_770_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_2000_mxp:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2157</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.007-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T12:03:27.213-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T12:03:26.963-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2158">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_2000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_990_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_880_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_770_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_550_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_6000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_3000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_95_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_85_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_75_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1700_mxp:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_3000_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_75_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_95_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_880_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_85_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_6000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_550_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_990_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1700_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_770_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_2000_mxp:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2158</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.037-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T12:18:44.133-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T12:18:43.603-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2159">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_2000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_990_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_880_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_770_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_550_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_6000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_3000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_95_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_85_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_75_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1700_mxp:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_3000_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_75_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_95_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_880_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_85_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_6000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_550_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_990_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1700_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_770_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_2000_mxp:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2159</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.070-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T12:23:55.550-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T12:23:55.317-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2160">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_2000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_990_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_880_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_770_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_550_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_6000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_3000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_95_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_85_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_75_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1700_mxp:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_3000_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_75_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_95_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_880_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_85_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_6000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_550_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_990_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1700_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_770_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_2000_mxp:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2160</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.100-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T12:40:58.290-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T12:40:57.930-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2161">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.3"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:fnc9.1.0"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.2"/>
+          <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_system_software:f9.0.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_2000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_990_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_880_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_770_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:tandberg_550_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_6000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_codec_3000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_95_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_85_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_edge_75_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1000_mxp:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:telepresence_system_1700_mxp:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_3000_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_75_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_95_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_880_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.1.0</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_edge_85_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_codec_6000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_550_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_990_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:fnc9.3</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1700_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.1</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_770_mxp:-</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_system_software:f9.0.2</vuln:product>
+      <vuln:product>cpe:/h:cisco:telepresence_system_1000_mxp:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:tandberg_2000_mxp:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2161</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.117-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T12:43:40.373-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T12:43:40.200-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2162">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2162</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.147-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:14:17.070-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:14:14.103-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCud29566.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2163">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2163</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.180-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:13:53.820-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:13:50.697-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua64961.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2164">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2164</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.193-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:13:20.710-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:13:17.883-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCuj94651.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2165">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2165</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.227-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:12:54.537-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:12:52.367-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2166">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2166</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.240-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T13:41:32.207-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T13:41:31.647-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2167">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2167</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.273-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:12:16.380-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:12:14.223-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua86589.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2168">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2168</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.287-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:11:50.380-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:11:45.863-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2169">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2169</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.320-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:11:05.753-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:11:03.360-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal system scripts, aka Bug ID CSCue60211.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2170">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2170</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.337-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:00:25.717-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>9.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:00:25.403-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2171">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:6.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:6.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2171</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.367-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:10:31.783-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:10:29.673-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP packets, aka Bug ID CSCud81796.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2172">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2172</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.383-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:09:54.500-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:09:54.360-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2173">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2173</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.413-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:15:25.027-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.2</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:15:24.760-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2175">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:5.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_tc_software:4.2.4"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:telepresence_te_software:4.1.3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:4.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_te_software:6.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.0.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:4.2.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.3</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.4</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.1</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.2</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.5</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.7</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.0</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.1.6</vuln:product>
+      <vuln:product>cpe:/a:cisco:telepresence_tc_software:5.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2175</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.430-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:17:51.313-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:17:51.077-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" xml:lang="en">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2180">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_contact_center_enterprise"/>
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_contact_center_express_editor_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_contact_center_enterprise</vuln:product>
+      <vuln:product>cpe:/a:cisco:unified_contact_center_express_editor_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2180</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.967-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T11:42:38.457-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T11:42:38.363-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2180" xml:lang="en">20140428 Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2182">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:adaptive_security_appliance_software:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:adaptive_security_appliance_software:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2182</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:03.997-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T11:46:24.903-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.1</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T11:46:24.870-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2182" xml:lang="en">20140428 Cisco ASA DHCPv6 Denial of Service Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun45520.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2183">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.2s"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.1s1"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.1s"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10.0s"/>
+          <cpe-lang:fact-ref name="cpe:/o:cisco:ios_xe:3.10"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1001_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1002-x_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1002_fixed_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1002_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1004_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1006_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1013_router:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:cisco:asr_1023_router:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.1s1</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1006_router:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1023_router:-</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.0s</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1001_router:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1002-x_router:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1004_router:-</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1013_router:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1002_fixed_router:-</vuln:product>
+      <vuln:product>cpe:/h:cisco:asr_1002_router:-</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.1s</vuln:product>
+      <vuln:product>cpe:/o:cisco:ios_xe:3.10.2s</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2183</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:04.013-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T12:19:28.250-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T12:19:27.877-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/viewAlert.x?alertId=33971" xml:lang="en">http://tools.cisco.com/security/center/viewAlert.x?alertId=33971</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2183" xml:lang="en">20140428 Cisco IOS XE Software Malformed L2TP Packet Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2184">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2184</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:04.047-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T12:08:03.257-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T12:08:03.210-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2184" xml:lang="en">20140428 Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2185">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:unified_communications_manager"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:unified_communications_manager</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2185</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T06:37:04.077-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T12:08:08.930-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T12:08:08.900-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185" xml:lang="en">20140428 Cisco Unified Communications Manager CDR Management Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2186">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:cisco:webex_meetings_server:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:cisco:webex_meetings_server:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2186</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:05.207-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T13:56:16.513-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T13:56:16.467-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CISCO</vuln:source>
+      <vuln:reference href="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2186" xml:lang="en">20140429 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2260">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ajenti:ajenti:1.2.13"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ajenti:ajenti:1.2.13</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2260</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T19:58:26.733-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T11:42:19.917-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T11:42:19.870-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310" xml:lang="en">https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/Eugeny/ajenti/issues/233" xml:lang="en">https://github.com/Eugeny/ajenti/issues/233</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/64982" xml:lang="en">64982</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/102174" xml:lang="en">102174</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2285">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:net-snmp:net-snmp:5.7.3:pre1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:net-snmp:net-snmp:5.7.3:pre1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2285</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T18:55:05.990-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T15:43:31.097-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T15:43:31.067-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1072778" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1072778</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1072044" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1072044</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html" xml:lang="en">http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://sourceforge.net/p/net-snmp/patches/1275/" xml:lang="en">http://sourceforge.net/p/net-snmp/patches/1275/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html" xml:lang="en">openSUSE-SU-2014:0399</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SUSE</vuln:source>
+      <vuln:reference href="http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html" xml:lang="en">openSUSE-SU-2014:0398</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://comments.gmane.org/gmane.comp.security.oss.general/12284" xml:lang="en">[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2322">
+    <vuln:cve-id>CVE-2014-2322</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:07.217-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:07.217-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html" xml:lang="en">http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/12/6" xml:lang="en">[oss-security] 20140312 Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/03/10/8" xml:lang="en">[oss-security] 20140310 Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem</vuln:reference>
+    </vuln:references>
+    <vuln:summary>lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2383">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:dompdf:dompdf:0.6.0:beta3"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:dompdf:dompdf:0.6.0:beta3</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2383</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:06.707-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T08:18:44.760-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T08:18:44.683-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/" xml:lang="en">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028" xml:lang="en">https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531912/100/0/threaded" xml:lang="en">20140423 CVE-2014-2383 - Arbitrary file read in dompdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/258" xml:lang="en">20140423 CVE-2014-2383 - Arbitrary file read in dompdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2545">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:slingshot:1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:slingshot:1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:slingshot:1.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:slingshot:1.8.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:vault:1.0.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_command_center:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_command_center:7.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_command_center:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_command_center:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_command_center:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_command_center:6.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_internet_server:7.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_internet_server:7.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_internet_server:7.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_internet_server:7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_internet_server:6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:tibco:managed_file_transfer_internet_server:7.2.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_internet_server:7.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:slingshot:1.9.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_command_center:6.7</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_command_center:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_command_center:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:slingshot:1.7.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:vault:1.0.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_command_center:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_internet_server:7.0.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_internet_server:7.1.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_internet_server:7.2.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_internet_server:7.2.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_internet_server:6.7</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_command_center:7.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:slingshot:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:tibco:slingshot:1.8.1</vuln:product>
+      <vuln:product>cpe:/a:tibco:managed_file_transfer_command_center:7.0.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2545</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T06:49:05.380-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T15:15:07.567-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T14:17:44.543-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/multimedia/mft_advisory_20140429_tcm8-21013.txt" xml:lang="en">http://www.tibco.com/multimedia/mft_advisory_20140429_tcm8-21013.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.tibco.com/mk/advisory.jsp" xml:lang="en">http://www.tibco.com/mk/advisory.jsp</vuln:reference>
+    </vuln:references>
+    <vuln:summary>TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2565">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:bluecoat:content_analysis_system_software:1.1.2.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:bluecoat:content_analysis_system_software:1.1.1.1"/>
+          <cpe-lang:fact-ref name="cpe:/a:bluecoat:content_analysis_system_software:1.1"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:bluecoat:content_analysis_system:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:bluecoat:content_analysis_system_software:1.1.2.1</vuln:product>
+      <vuln:product>cpe:/h:bluecoat:content_analysis_system:-</vuln:product>
+      <vuln:product>cpe:/a:bluecoat:content_analysis_system_software:1.1</vuln:product>
+      <vuln:product>cpe:/a:bluecoat:content_analysis_system_software:1.1.1.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2565</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:06.377-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T09:49:31.517-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T09:49:31.437-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://kb.bluecoat.com/index?page=content&amp;id=SA78&amp;actp=LIST" xml:lang="en">https://kb.bluecoat.com/index?page=content&amp;id=SA78&amp;actp=LIST</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2579">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.5::standalone"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.5::standalone</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2579</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T16:55:03.007-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T08:01:35.070-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.6</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T08:01:34.070-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-352"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23207" xml:lang="en">https://www.htbridge.com/advisory/HTB23207</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531780/100/0/threaded" xml:lang="en">20140409 &amp;ETH;&amp;iexcl;ross-Site Request Forgery (CSRF) in XCloner Standalone</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32790" xml:lang="en">32790</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php.  NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin.  NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2601">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:1.00"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:1.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:1.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:1.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:1.70"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:1.75"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:2.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:2.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:2.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:2.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:hp:integrated_lights-out_2_firmware:2.12"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:1.75</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:1.30</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:1.20</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:1.00</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:1.10</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:2.22</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:2.23</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:2.20</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:2.12</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:2.15</vuln:product>
+      <vuln:product>cpe:/o:hp:integrated_lights-out_2_firmware:1.70</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2601</vuln:cve-id>
+    <vuln:published-datetime>2014-04-24T19:55:05.580-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:20:31.153-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T09:20:31.043-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787" xml:lang="en">SSRT101509</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>HP</vuln:source>
+      <vuln:reference href="https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787" xml:lang="en">HPSBHF03006</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2657">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:14.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:papercut:papercut_mf:14.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2657</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:07.080-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:08:14.863-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:08:14.817-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92650" xml:lang="en">papercut-cve20142657-unspec(92650)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.papercut-mf.com/release-history/" xml:lang="en">http://www.papercut-mf.com/release-history/</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the print release functionality in PaperCut MF 14.1 (Build 26983) has unknown impact and remote vectors, related to embedded MFPs.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2658">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_mf:12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:papercut:papercut_ng:12.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:papercut:papercut_mf:14.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:14.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.5</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.2</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.4</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.4</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.2</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.3</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.3</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.5</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:14.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:14.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.2</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.4</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.0</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.1</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.2</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:13.3</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:12.3</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_ng:12.5</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.5</vuln:product>
+      <vuln:product>cpe:/a:papercut:papercut_mf:13.4</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2658</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:07.517-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:03:33.383-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:03:33.070-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92649" xml:lang="en">papercut-cve20142658-dos(92649)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.papercut.com/release-history/" xml:lang="en">http://www.papercut.com/release-history/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.papercut-mf.com/release-history/" xml:lang="en">http://www.papercut-mf.com/release-history/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58037" xml:lang="en">58037</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a denial of service via unknown vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2715">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:videowhisper:7.x-1.3::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:videowhisper:7.x-1.1::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:videowhisper:7.x-1.0::~~~drupal~~"/>
+        <cpe-lang:fact-ref name="cpe:/a:videowhisper:videowhisper:7.x-1.x:dev:~~~drupal~~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:videowhisper:videowhisper:7.x-1.3::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:videowhisper:7.x-1.0::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:videowhisper:7.x-1.1::~~~drupal~~</vuln:product>
+      <vuln:product>cpe:/a:videowhisper:videowhisper:7.x-1.x:dev:~~~drupal~~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2715</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:07.643-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T08:57:40.247-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T08:57:40.170-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531935/100/0/threaded" xml:lang="en">20140425 [CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2729">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ektron:ektron_content_management_system:8.7.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ektron:ektron_content_management_system:8.7.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2729</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T10:15:30.517-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T13:51:50.370-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>3.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T13:51:50.260-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531853/100/0/threaded" xml:lang="en">20140416 [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531852/100/0/threaded" xml:lang="en">20140416 [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2734">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:p0"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:p195"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:p247"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:preview1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:preview2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.0.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:ruby-lang:ruby:2.1:preview1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:p247</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.1:preview1</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:p195</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:p0</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:preview2</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0:preview1</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.1.1</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.1:-</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0</vuln:product>
+      <vuln:product>cpe:/a:ruby-lang:ruby:2.0.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2734</vuln:cve-id>
+    <vuln:published-datetime>2014-04-24T19:55:05.707-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T09:30:18.403-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T09:30:13.623-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-399"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gist.github.com/10446549" xml:lang="en">https://gist.github.com/10446549</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/231" xml:lang="en">20140416 Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html" xml:lang="en">http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2846">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:wdc:arkeia_virtual_appliance_firmware:10.2.7"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/a:wdc:arkeia_virtual_appliance:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:wdc:arkeia_virtual_appliance:-</vuln:product>
+      <vuln:product>cpe:/o:wdc:arkeia_virtual_appliance_firmware:10.2.7</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2846</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:07.877-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:07:44.203-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:07:44.127-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-22"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531910/100/0/threaded" xml:lang="en">20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/257" xml:lang="en">20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2853">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.1.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.10.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.11.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.12.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.13.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.14.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.15.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.0:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.16.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.17.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.18.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19:beta_1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19:beta_2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.19.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.2.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.20.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.21.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.22.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.15"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.3.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4:beta5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4:beta6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.13"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.14"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.4.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:alpha1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:alpha2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:beta1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:beta2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:beta3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:beta4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.5.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.10"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.11"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.12"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.6"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.7"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.8"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.6.9"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.7.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.7.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.7.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.7.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.8.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.8.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.8.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.8.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.8.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.8.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.1"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.2"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.3"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.4"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.5"/>
+        <cpe-lang:fact-ref name="cpe:/a:mediawiki:mediawiki:1.9.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4:beta2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4:beta3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4:beta1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19:beta_2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19:beta_1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.13.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:alpha1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.12</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.13</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.14</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.8.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.8.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.8.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.7.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.7.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.7.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.7.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:alpha2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.1.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0:beta3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.14</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.15</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.12</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.14</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.13</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.12</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.16.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.13</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.8.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.8.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:rc4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.8.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:rc3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.14.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.12</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.11</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.10</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.22.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.9.0:rc2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.3.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.19</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.18</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.10.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.9</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.8</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.7</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.6.6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:beta4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.17.3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:beta2</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:beta1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.5:beta3</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.2.0</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.15.4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4:beta4</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.21</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4:beta5</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.20</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.4:beta6</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.12.0:rc1</vuln:product>
+      <vuln:product>cpe:/a:mediawiki:mediawiki:1.11.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2853</vuln:cve-id>
+    <vuln:published-datetime>2014-04-29T14:55:08.723-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-30T08:44:58.270-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-30T08:44:57.067-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5" xml:lang="en">https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8" xml:lang="en">https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6" xml:lang="en">https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://bugzilla.wikimedia.org/show_bug.cgi?id=63251" xml:lang="en">https://bugzilla.wikimedia.org/show_bug.cgi?id=63251</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1091967" xml:lang="en">https://bugzilla.redhat.com/show_bug.cgi?id=1091967</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67068" xml:lang="en">67068</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58262" xml:lang="en">58262</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html" xml:lang="en">[MediaWiki-announce] 20140424 MediaWiki Security and Maintenance Releases: 1.22.6 and 1.21.9</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2881">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_access_gateway_firmware:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_access_gateway_firmware:10.1.e"/>
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_application_delivery_controller_firmware:9.3.e"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:citrix:netscaler_application_delivery_controller_firmware:9.3.e</vuln:product>
+      <vuln:product>cpe:/o:citrix:netscaler_access_gateway_firmware:9.3</vuln:product>
+      <vuln:product>cpe:/o:citrix:netscaler_access_gateway_firmware:10.1.e</vuln:product>
+      <vuln:product>cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2881</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:28:36.367-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T15:06:13.173-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T15:06:11.737-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030180" xml:lang="en">1030180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.citrix.com/article/CTX140651" xml:lang="en">http://support.citrix.com/article/CTX140651</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2882">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_access_gateway_firmware:9.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_access_gateway_firmware:10.1.e"/>
+        <cpe-lang:fact-ref name="cpe:/o:citrix:netscaler_application_delivery_controller_firmware:9.3.e"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:citrix:netscaler_application_delivery_controller_firmware:9.3.e</vuln:product>
+      <vuln:product>cpe:/o:citrix:netscaler_access_gateway_firmware:9.3</vuln:product>
+      <vuln:product>cpe:/o:citrix:netscaler_access_gateway_firmware:10.1.e</vuln:product>
+      <vuln:product>cpe:/o:citrix:netscaler_application_delivery_controller_firmware:10.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2882</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T13:28:36.383-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T15:06:15.627-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T15:06:15.517-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030180" xml:lang="en">1030180</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://support.citrix.com/article/CTX140651" xml:lang="en">http://support.citrix.com/article/CTX140651</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2889">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.9"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.8"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.68"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.67"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.66"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.65"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.64"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.63"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.62"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.61"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.60"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.59"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.58"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.57"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.56"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.55"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.54"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.53"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.52"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.51"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.50"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.49"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.48"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.47"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.46"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.45"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.44"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.43"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.42"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.41"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.40"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.39"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.38"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.37"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.36"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.35"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.34"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.33"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.32"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.31"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.30"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.29"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.28"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.27"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.26"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.25"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.24"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.23"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.22"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.21"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.20"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.19"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.18"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.17"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.16"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.15"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.14"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.13"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.12"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.11"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.10"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc7"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc6"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc5"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1.1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc4"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc3"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc2"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:linux:linux_kernel:3.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.48</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.49</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.32</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.8</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.46</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.47</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.44</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1.3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.45</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.42</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.40</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.29</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.41</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.59</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.55</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.56</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.57</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.58</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.51</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.52</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.53</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.50</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.17</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.16</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.43</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.15</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.14</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.13</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.12</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.11</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.24</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.61</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.25</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.60</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.22</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.23</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.28</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.64</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.26</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.63</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.10</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.27</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.62</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.68</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.67</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.66</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.20</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.9</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc4</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc2</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc7</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc6</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0:rc5</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.54</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.33</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.34</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.35</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.36</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.37</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.38</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.39</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1:rc3</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.30</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.31</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.1</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.18</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.65</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.19</vuln:product>
+      <vuln:product>cpe:/o:linux:linux_kernel:3.0.21</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2889</vuln:cve-id>
+    <vuln:published-datetime>2014-04-26T20:55:05.780-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T11:47:57.460-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T11:47:57.083-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-189"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa" xml:lang="en">https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/18/6" xml:lang="en">[oss-security] 20140418 Re: CVE request Linux kernel: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8" xml:lang="en">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa" xml:lang="en">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2905">
+    <vuln:cve-id>CVE-2014-2905</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:07.260-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:07.260-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://github.com/fish-shell/fish-shell/issues/1436" xml:lang="en">https://github.com/fish-shell/fish-shell/issues/1436</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/28/4" xml:lang="en">[oss-security] 20140428 Upcoming security release of fish 2.1.1</vuln:reference>
+    </vuln:references>
+    <vuln:summary>fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2908">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:2.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu-1211c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1212c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1214c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1215c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1217c:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu-1211c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1212c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:2.0</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1217c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1215c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1214c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2908</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T01:12:07.847-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T13:08:33.573-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T13:08:33.480-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2909">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="AND">
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:2.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0"/>
+          <cpe-lang:fact-ref name="cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2"/>
+        </cpe-lang:logical-test>
+        <cpe-lang:logical-test negate="false" operator="OR">
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu-1211c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1212c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1214c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1215c:-"/>
+          <cpe-lang:fact-ref name="cpe:/h:siemens:simatic_s7_cpu_1217c:-"/>
+        </cpe-lang:logical-test>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu-1211c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1212c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:2.0</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1217c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1215c:-</vuln:product>
+      <vuln:product>cpe:/h:siemens:simatic_s7_cpu_1214c:-</vuln:product>
+      <vuln:product>cpe:/o:siemens:simatic_s7_cpu_1200_firmware:3.0.2</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2909</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T01:12:07.863-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T13:10:47.627-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.8</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-25T13:10:47.530-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02" xml:lang="en">http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf" xml:lang="en">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:summary>CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2980">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:gnustep:base:1.24.6"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:gnustep:base:1.24.6</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2980</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:08.253-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:16:01.830-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:16:01.660-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="PATCH">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&amp;r2=37755&amp;pathrev=37756" xml:lang="en">http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&amp;r2=37755&amp;pathrev=37756</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://savannah.gnu.org/bugs/?41751" xml:lang="en">https://savannah.gnu.org/bugs/?41751</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92688" xml:lang="en">gnustep-cve20142980-dos(92688)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66992" xml:lang="en">66992</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&amp;r2=37755&amp;pathrev=37756" xml:lang="en">http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&amp;r2=37755&amp;pathrev=37756</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58104" xml:lang="en">58104</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/152" xml:lang="en">[oss-security] 20140421 Re: CVE request / advisory: gdomap (GNUstep core package &lt;= 1.24.6)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://seclists.org/oss-sec/2014/q2/143" xml:lang="en">[oss-security] 20140419 CVE request / advisory: gdomap (GNUstep core package &lt;= 1.24.6)</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2984">
+    <vuln:cve-id>CVE-2014-2984</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T01:12:07.897-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-25T01:12:07.990-04:00</vuln:last-modified-datetime>
+    <vuln:summary>** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-2650.  Reason: This candidate is a reservation duplicate of CVE-2014-2650.  Notes: All CVE users should reference CVE-2014-2650 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2986">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.4.0:rc1"/>
+        <cpe-lang:fact-ref name="cpe:/o:xen:xen:4.4.0:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/o:xen:xen:4.4.0:-</vuln:product>
+      <vuln:product>cpe:/o:xen:xen:4.4.0:rc1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2986</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:08.487-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:38:02.563-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.5</cvss:score>
+        <cvss:access-vector>ADJACENT_NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:38:02.533-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-20"/>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-94.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-94.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030146" xml:lang="en">1030146</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67047" xml:lang="en">67047</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/23/5" xml:lang="en">[oss-security] 20140423 Xen Security Advisory 94 (CVE-2014-2986) - ARM hypervisor crash on guest interrupt controller access</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/23/4" xml:lang="en">[oss-security] 20140423 Re: Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/23/3" xml:lang="en">[oss-security] 20140423 Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2992">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:misli:misli.com_app:-::~~~~android~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:misli:misli.com_app:-::~~~~android~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2992</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T21:55:05.027-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T09:21:00.697-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T09:21:00.573-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://sceptive.com/p/mislicom-android-app-ssl-certificate-validation-weakness-" xml:lang="en">http://sceptive.com/p/mislicom-android-app-ssl-certificate-validation-weakness-</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/current/0152.html" xml:lang="en">20140424 Misli.com Android App SSL certificate validation weakness</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2993">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:birebin:birebin.com_app:-::~~~~android~"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:birebin:birebin.com_app:-::~~~~android~</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2993</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T21:55:05.060-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T09:33:19.593-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.4</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T09:33:19.563-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-310"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness-" xml:lang="en">http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness-</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://archives.neohapsis.com/archives/bugtraq/current/0153.html" xml:lang="en">20140424 Birebin.com Android App SSL certificate validation weakness</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2994">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:acunetix:web_vulnerability_scanner:8:build_20120704"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:acunetix:web_vulnerability_scanner:8:build_20120704</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2994</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T00:32:01.717-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T12:06:13.133-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T12:06:13.087-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-119"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.youtube.com/watch?v=RHaMx8K1GeM" xml:lang="en">https://www.youtube.com/watch?v=RHaMx8K1GeM</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32997" xml:lang="en">32997</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/" xml:lang="en">http://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html" xml:lang="en">http://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html" xml:lang="en">http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/" xml:lang="en">http://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html" xml:lang="en">http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-2996">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:xcloner:xcloner:3.5::standalone"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:xcloner:xcloner:3.5::standalone</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-2996</vuln:cve-id>
+    <vuln:published-datetime>2014-04-25T16:55:03.040-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T08:03:04.260-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.1</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>HIGH</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T08:03:04.230-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-94"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.htbridge.com/advisory/HTB23207" xml:lang="en">https://www.htbridge.com/advisory/HTB23207</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531780/100/0/threaded" xml:lang="en">20140409 &amp;ETH;&amp;iexcl;ross-Site Request Forgery (CSRF) in XCloner Standalone</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32790" xml:lang="en">32790</vuln:reference>
+    </vuln:references>
+    <vuln:summary>XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php.  NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code.  NOTE: this can be leveraged by remote attackers using CVE-2014-2579.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3000">
+    <vuln:cve-id>CVE-2014-3000</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:07.433-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:07.433-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030172" xml:lang="en">1030172</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67153" xml:lang="en">67153</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FREEBSD</vuln:source>
+      <vuln:reference href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc" xml:lang="en">FreeBSD-SA-14:08</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58293" xml:lang="en">58293</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3001">
+    <vuln:cve-id>CVE-2014-3001</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:07.510-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:07.510-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030171" xml:lang="en">1030171</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67158" xml:lang="en">67158</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FREEBSD</vuln:source>
+      <vuln:reference href="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:07.devfs.asc" xml:lang="en">FreeBSD-SA-14:07</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3006">
+    <vuln:cve-id>CVE-2014-3006</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:07.590-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:07.590-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://www.lsexperts.de/advisories/lse-2014-04-10.txt" xml:lang="en">https://www.lsexperts.de/advisories/lse-2014-04-10.txt</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67165" xml:lang="en">67165</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BUGTRAQ</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/archive/1/archive/1/531986/100/0/threaded" xml:lang="en">20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/317" xml:lang="en">20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3007">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:python:pillow:2.3.0"/>
+        <cpe-lang:fact-ref name="cpe:/a:pythonware:python_imaging_library:1.1.7"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:python:pillow:2.3.0</vuln:product>
+      <vuln:product>cpe:/a:pythonware:python_imaging_library:1.1.7</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3007</vuln:cve-id>
+    <vuln:published-datetime>2014-04-27T16:55:23.697-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-28T13:51:13.663-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-28T13:51:13.617-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059" xml:lang="en">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html" xml:lang="en">http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3008">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:unitrends:enterprise_backup:7.3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:unitrends:enterprise_backup:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3008</vuln:cve-id>
+    <vuln:published-datetime>2014-04-28T10:09:08.940-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-04-29T09:37:14.843-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>10.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>COMPLETE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>COMPLETE</cvss:integrity-impact>
+        <cvss:availability-impact>COMPLETE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-04-29T09:37:14.797-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-78"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gist.github.com/brandonprry/10745756" xml:lang="en">https://gist.github.com/brandonprry/10745756</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92642" xml:lang="en">unitrends-snmpod-command-exec(92642)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66928" xml:lang="en">66928</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32885" xml:lang="en">32885</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58001" xml:lang="en">58001</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/204" xml:lang="en">20140415 Unitrends enterprise backup remote unauthenticated root</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3125">
+    <vuln:cve-id>CVE-2014-3125</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T10:55:07.807-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:55:07.807-04:00</vuln:last-modified-datetime>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://xenbits.xen.org/xsa/advisory-91.html" xml:lang="en">http://xenbits.xen.org/xsa/advisory-91.html</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030184" xml:lang="en">1030184</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/67157" xml:lang="en">67157</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/30/5" xml:lang="en">[oss-security] 20140430 Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MLIST</vuln:source>
+      <vuln:reference href="http://www.openwall.com/lists/oss-security/2014/04/30/11" xml:lang="en">[oss-security] 20140430 Re: Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/58347" xml:lang="en">58347</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3129">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver_software_lifecycle_manager:7.1"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:netweaver_software_lifecycle_manager:7.1</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3129</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.203-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T08:51:41.993-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T08:51:41.960-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-200"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1894049" xml:lang="en">https://service.sap.com/sap/support/notes/1894049</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>SECTRACK</vuln:source>
+      <vuln:reference href="http://www.securitytracker.com/id/1030157" xml:lang="en">1030157</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-005" xml:lang="en">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-005</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/294" xml:lang="en">20140428 [Onapsis Security Advisory 2014-005] Information disclosure in SAP Software Lifeclycle Manager</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3130">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver_abap_application_server:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:netweaver_abap_application_server:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3130</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.250-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T09:06:15.100-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.6</cvss:score>
+        <cvss:access-vector>LOCAL</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T09:06:15.007-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:security-protection>ALLOWS_OTHER_ACCESS</vuln:security-protection>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1910914" xml:lang="en">https://service.sap.com/sap/support/notes/1910914</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009" xml:lang="en">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/302" xml:lang="en">20140428 [Onapsis Security Advisory 2014-009] SAP BASIS Missing Authorization Check</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3131">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:profile_maintenance:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:profile_maintenance:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3131</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.283-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T10:06:43.287-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T10:06:43.113-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1917381" xml:lang="en">https://service.sap.com/sap/support/notes/1917381</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007" xml:lang="en">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/300" xml:lang="en">20140428 [Onapsis Security Advisory 2014-007] Missing authorization check in SAP Profile Maintenance</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3132">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:background_processing:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:background_processing:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3132</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.313-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T10:18:20.887-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T10:18:20.827-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1918333" xml:lang="en">https://service.sap.com/sap/support/notes/1918333</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-006" xml:lang="en">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-006</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/299" xml:lang="en">20140428 [Onapsis Security Advisory 2014-006] Missing authorization check in SAP Background Processing RFC</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3133">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:netweaver_java_application_server:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:netweaver_java_application_server:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3133</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.343-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T10:29:16.487-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>5.0</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>NONE</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T10:29:16.363-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-264"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1922547" xml:lang="en">https://service.sap.com/sap/support/notes/1922547</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008" xml:lang="en">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/301" xml:lang="en">20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3134">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:sap:businessobjects:-"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:sap:businessobjects:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3134</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.377-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T10:36:42.830-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T10:36:42.003-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="https://service.sap.com/sap/support/notes/1931399" xml:lang="en">https://service.sap.com/sap/support/notes/1931399</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-010" xml:lang="en">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-010</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/303" xml:lang="en">20140428 [Onapsis Security Advisory 2014-010] SAP BusinessObjects InfoView Reflected Cross Site Scripting</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>CONFIRM</vuln:source>
+      <vuln:reference href="http://scn.sap.com/docs/DOC-8218" xml:lang="en">http://scn.sap.com/docs/DOC-8218</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3135">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:vbulletin:vbulletin:5.1.1:alpha9"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:vbulletin:vbulletin:5.1.1:alpha9</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3135</vuln:cve-id>
+    <vuln:published-datetime>2014-04-30T10:22:07.610-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-01T11:42:56.497-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>4.3</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>MEDIUM</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>NONE</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>NONE</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-01T11:42:56.467-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-79"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92664" xml:lang="en">vbulletin-multiple-scripts-xss(92664)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66972" xml:lang="en">66972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html" xml:lang="en">http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3138">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:xerox:docushare:6.5.3:patch6"/>
+        <cpe-lang:fact-ref name="cpe:/a:xerox:docushare:6.5.3:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:xerox:docushare:6.6.1:-"/>
+        <cpe-lang:fact-ref name="cpe:/a:xerox:docushare:6.6.1:update1"/>
+        <cpe-lang:fact-ref name="cpe:/a:xerox:docushare:6.6.1:update2"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:xerox:docushare:6.6.1:update2</vuln:product>
+      <vuln:product>cpe:/a:xerox:docushare:6.6.1:update1</vuln:product>
+      <vuln:product>cpe:/a:xerox:docushare:6.6.1:-</vuln:product>
+      <vuln:product>cpe:/a:xerox:docushare:6.5.3:patch6</vuln:product>
+      <vuln:product>cpe:/a:xerox:docushare:6.5.3:-</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3138</vuln:cve-id>
+    <vuln:published-datetime>2014-05-01T20:55:07.587-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T10:38:12.993-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>6.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>SINGLE_INSTANCE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T10:38:12.917-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-89"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>XF</vuln:source>
+      <vuln:reference href="http://xforce.iss.net/xforce/xfdb/92548" xml:lang="en">xerox-docushare-sql-injection(92548)</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf" xml:lang="en">http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>BID</vuln:source>
+      <vuln:reference href="http://www.securityfocus.com/bid/66922" xml:lang="en">66922</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>OSVDB</vuln:source>
+      <vuln:reference href="http://www.osvdb.org/105972" xml:lang="en">105972</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32886" xml:lang="en">32886</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="VENDOR_ADVISORY">
+      <vuln:source>SECUNIA</vuln:source>
+      <vuln:reference href="http://secunia.com/advisories/57996" xml:lang="en">57996</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/205" xml:lang="en">20140415 Xerox DocuShare authenticated SQL injection</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html" xml:lang="en">http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html</vuln:reference>
+    </vuln:references>
+    <vuln:summary>SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/.  NOTE: some of these details are obtained from third party information.</vuln:summary>
+  </entry>
+  <entry id="CVE-2014-3139">
+    <vuln:vulnerable-configuration id="http://www.nist.gov/">
+      <cpe-lang:logical-test negate="false" operator="OR">
+        <cpe-lang:fact-ref name="cpe:/a:unitrends:enterprise_backup:7.3.0"/>
+      </cpe-lang:logical-test>
+    </vuln:vulnerable-configuration>
+    <vuln:vulnerable-software-list>
+      <vuln:product>cpe:/a:unitrends:enterprise_backup:7.3.0</vuln:product>
+    </vuln:vulnerable-software-list>
+    <vuln:cve-id>CVE-2014-3139</vuln:cve-id>
+    <vuln:published-datetime>2014-05-02T06:55:08.507-04:00</vuln:published-datetime>
+    <vuln:last-modified-datetime>2014-05-02T14:24:56.593-04:00</vuln:last-modified-datetime>
+    <vuln:cvss>
+      <cvss:base_metrics>
+        <cvss:score>7.5</cvss:score>
+        <cvss:access-vector>NETWORK</cvss:access-vector>
+        <cvss:access-complexity>LOW</cvss:access-complexity>
+        <cvss:authentication>NONE</cvss:authentication>
+        <cvss:confidentiality-impact>PARTIAL</cvss:confidentiality-impact>
+        <cvss:integrity-impact>PARTIAL</cvss:integrity-impact>
+        <cvss:availability-impact>PARTIAL</cvss:availability-impact>
+        <cvss:source>http://nvd.nist.gov</cvss:source>
+        <cvss:generated-on-datetime>2014-05-02T14:24:56.530-04:00</cvss:generated-on-datetime>
+      </cvss:base_metrics>
+    </vuln:cvss>
+    <vuln:cwe id="CWE-287"/>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>MISC</vuln:source>
+      <vuln:reference href="https://gist.github.com/brandonprry/10745756" xml:lang="en">https://gist.github.com/brandonprry/10745756</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>EXPLOIT-DB</vuln:source>
+      <vuln:reference href="http://www.exploit-db.com/exploits/32885" xml:lang="en">32885</vuln:reference>
+    </vuln:references>
+    <vuln:references xml:lang="en" reference_type="UNKNOWN">
+      <vuln:source>FULLDISC</vuln:source>
+      <vuln:reference href="http://seclists.org/fulldisclosure/2014/Apr/204" xml:lang="en">20140415 Unitrends enterprise backup remote unauthenticated root</vuln:reference>
+    </vuln:references>
+    <vuln:summary>recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.</vuln:summary>
+  </entry>
+</nvd>
\ No newline at end of file
diff --git a/dependency-check-core/src/test/resources/nvdcve-2014.xml b/dependency-check-core/src/test/resources/nvdcve-2014.xml
new file mode 100644
index 000000000..360c18a7d
--- /dev/null
+++ b/dependency-check-core/src/test/resources/nvdcve-2014.xml
@@ -0,0 +1,77521 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<nvd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://nvd.nist.gov/feeds/cve/1.2" nvd_xml_version="1.2" pub_date="2014-05-03" xsi:schemaLocation="http://nvd.nist.gov/feeds/cve/1.2 http://nvd.nist.gov/schema/nvdcve.xsd">
+  <entry type="CVE" severity="High" seq="2014-0001" published="2014-01-31" name="CVE-2014-0001" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64" source="CONFIRM" patch="1">http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64</ref>
+      <ref url="https://mariadb.com/kb/en/mariadb-5535-changelog/" source="CONFIRM">https://mariadb.com/kb/en/mariadb-5535-changelog/</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1054592" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1054592</ref>
+      <ref url="http://www.osvdb.org/102714" source="OSVDB">102714</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0189.html" source="REDHAT">RHSA-2014:0189</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0186.html" source="REDHAT">RHSA-2014:0186</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0173.html" source="REDHAT">RHSA-2014:0173</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0164.html" source="REDHAT">RHSA-2014:0164</ref>
+      <ref url="http://osvdb.org/102713" source="OSVDB">102713</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mariadb" name="mariadb">
+        <vers prev="1" num="5.5.34"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0002" published="2014-03-21" name="CVE-2014-0002" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/65901" source="BID">65901</ref>
+      <ref url="http://secunia.com/advisories/57719" source="SECUNIA">57719</ref>
+      <ref url="http://secunia.com/advisories/57716" source="SECUNIA">57716</ref>
+      <ref url="http://secunia.com/advisories/57125" source="SECUNIA" adv="1">57125</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0372.html" source="REDHAT">RHSA-2014:0372</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0371.html" source="REDHAT">RHSA-2014:0371</ref>
+      <ref url="http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc" source="CONFIRM" adv="1">http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="camel">
+        <vers num="1.0.0"/>
+        <vers num="1.1.0"/>
+        <vers num="1.2.0"/>
+        <vers num="1.3.0"/>
+        <vers num="1.4.0"/>
+        <vers num="1.5.0"/>
+        <vers num="1.6.0"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.2"/>
+        <vers num="1.6.3"/>
+        <vers num="1.6.4"/>
+        <vers num="2.0.0" edition="m1"/>
+        <vers num="2.0.0" edition="m2"/>
+        <vers num="2.0.0" edition="m3"/>
+        <vers num="2.1.0"/>
+        <vers num="2.10.0"/>
+        <vers num="2.10.1"/>
+        <vers num="2.10.2"/>
+        <vers num="2.10.3"/>
+        <vers num="2.10.4"/>
+        <vers num="2.10.5"/>
+        <vers num="2.10.6"/>
+        <vers num="2.10.7"/>
+        <vers num="2.11.0"/>
+        <vers num="2.11.1"/>
+        <vers num="2.11.2"/>
+        <vers prev="1" num="2.11.3"/>
+        <vers num="2.12.0"/>
+        <vers num="2.12.1"/>
+        <vers num="2.12.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0003" published="2014-03-21" name="CVE-2014-0003" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/65902" source="BID">65902</ref>
+      <ref url="http://secunia.com/advisories/57719" source="SECUNIA">57719</ref>
+      <ref url="http://secunia.com/advisories/57716" source="SECUNIA">57716</ref>
+      <ref url="http://secunia.com/advisories/57125" source="SECUNIA" adv="1">57125</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0372.html" source="REDHAT">RHSA-2014:0372</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0371.html" source="REDHAT">RHSA-2014:0371</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0254.html" source="REDHAT">RHSA-2014:0254</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0245.html" source="REDHAT">RHSA-2014:0245</ref>
+      <ref url="http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc" source="CONFIRM" adv="1">http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="camel">
+        <vers num="1.0.0"/>
+        <vers num="1.1.0"/>
+        <vers num="1.2.0"/>
+        <vers num="1.3.0"/>
+        <vers num="1.4.0"/>
+        <vers num="1.5.0"/>
+        <vers num="1.6.0"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.2"/>
+        <vers num="1.6.3"/>
+        <vers num="1.6.4"/>
+        <vers num="2.0.0" edition="m1"/>
+        <vers num="2.0.0" edition="m2"/>
+        <vers num="2.0.0" edition="m3"/>
+        <vers num="2.1.0"/>
+        <vers num="2.10.0"/>
+        <vers num="2.10.1"/>
+        <vers num="2.10.2"/>
+        <vers num="2.10.3"/>
+        <vers num="2.10.4"/>
+        <vers num="2.10.5"/>
+        <vers num="2.10.6"/>
+        <vers num="2.10.7"/>
+        <vers num="2.11.0"/>
+        <vers num="2.11.1"/>
+        <vers num="2.11.2"/>
+        <vers prev="1" num="2.11.3"/>
+        <vers num="2.12.0"/>
+        <vers num="2.12.1"/>
+        <vers num="2.12.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0004" published="2014-03-11" name="CVE-2014-0004" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html" source="MLIST" patch="1">[devkit-devel] 20140310 udisks 2.1.3 / 1.0.5 security updates</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2142-1" source="UBUNTU">USN-2142-1</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2872" source="DEBIAN">DSA-2872</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0293.html" source="REDHAT">RHSA-2014:0293</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html" source="SUSE">openSUSE-SU-2014:0390</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html" source="SUSE">openSUSE-SU-2014:0389</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html" source="SUSE">openSUSE-SU-2014:0388</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="freedesktop" name="udisks">
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers prev="1" num="1.0.4"/>
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.90"/>
+        <vers num="2.0.91"/>
+        <vers num="2.0.92"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+      </prod>
+      <prod vendor="canonical" name="ubuntu_linux">
+        <vers num="12.04" edition="-:lts"/>
+        <vers num="12.10"/>
+        <vers num="13.10"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0006" published="2014-01-22" name="CVE-2014-0006" modified="2014-03-08" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/17/5" source="MLIST" patch="1">[oss-security] 20140117 [OSSA 2014-002] Swift TempURL timing attack (CVE-2014-0006)</ref>
+      <ref url="https://bugs.launchpad.net/swift/+bug/1265665" source="CONFIRM" adv="1">https://bugs.launchpad.net/swift/+bug/1265665</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0232.html" source="REDHAT">RHSA-2014:0232</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openstack" name="swift">
+        <vers num="1.10.0"/>
+        <vers num="1.11.0"/>
+        <vers num="1.4.6"/>
+        <vers num="1.4.7"/>
+        <vers num="1.4.8"/>
+        <vers num="1.5.0"/>
+        <vers num="1.6.0"/>
+        <vers num="1.7.0"/>
+        <vers num="1.7.2"/>
+        <vers num="1.7.4"/>
+        <vers num="1.7.5"/>
+        <vers num="1.7.6"/>
+        <vers num="1.8.0"/>
+        <vers num="1.9.0"/>
+        <vers num="1.9.1"/>
+        <vers num="1.9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0008" published="2014-01-20" name="CVE-2014-0008" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://moodle.org/mod/forum/discuss.php?d=252414" source="CONFIRM" patch="1" adv="1">https://moodle.org/mod/forum/discuss.php?d=252414</ref>
+      <ref url="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-36721" source="CONFIRM" patch="1">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-36721</ref>
+      <ref url="http://www.securitytracker.com/id/1029647" source="SECTRACK">1029647</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/01/20/1" source="MLIST">[oss-security] 20140120 Moodle security notifications public</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html" source="FEDORA">FEDORA-2014-1396</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html" source="FEDORA">FEDORA-2014-1377</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="moodle" name="moodle">
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers prev="1" num="2.3.11"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+        <vers num="2.4.7"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0009" published="2014-01-20" name="CVE-2014-0009" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_score="5.5" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.0" CVSS_base_score="5.5">
+    <desc>
+      <descript source="cve">course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://moodle.org/mod/forum/discuss.php?d=252415" source="CONFIRM" patch="1" adv="1">https://moodle.org/mod/forum/discuss.php?d=252415</ref>
+      <ref url="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-42643" source="CONFIRM" patch="1">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-42643</ref>
+      <ref url="http://www.securitytracker.com/id/1029648" source="SECTRACK">1029648</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/01/20/1" source="MLIST">[oss-security] 20140120 Moodle security notifications public</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html" source="FEDORA">FEDORA-2014-1396</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html" source="FEDORA">FEDORA-2014-1377</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="moodle" name="moodle">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers prev="1" num="2.2.11"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+        <vers num="2.4.7"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0010" published="2014-01-20" name="CVE-2014-0010" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://moodle.org/mod/forum/discuss.php?d=252416" source="CONFIRM" patch="1" adv="1">https://moodle.org/mod/forum/discuss.php?d=252416</ref>
+      <ref url="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-42883" source="CONFIRM" patch="1">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-42883</ref>
+      <ref url="http://www.securitytracker.com/id/1029649" source="SECTRACK">1029649</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/01/20/1" source="MLIST">[oss-security] 20140120 Moodle security notifications public</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html" source="FEDORA">FEDORA-2014-1396</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html" source="FEDORA">FEDORA-2014-1377</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="moodle" name="moodle">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers prev="1" num="2.2.11"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+        <vers num="2.4.7"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0015" published="2014-02-01" name="CVE-2014-0015" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="4.9" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://curl.haxx.se/docs/adv_20140129.html" source="CONFIRM" patch="1" adv="1">http://curl.haxx.se/docs/adv_20140129.html</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2097-1" source="UBUNTU">USN-2097-1</ref>
+      <ref url="http://www.slackware.com/security/viewer.php?l=slackware-security&amp;y=2014&amp;m=slackware-security.502652" source="SLACKWARE">SSA:2014-044-01</ref>
+      <ref url="http://www.securitytracker.com/id/1029710" source="SECTRACK">1029710</ref>
+      <ref url="http://www.securityfocus.com/bid/65270" source="BID">65270</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2849" source="DEBIAN">DSA-2849</ref>
+      <ref url="http://secunia.com/advisories/56734" source="SECUNIA" adv="1">56734</ref>
+      <ref url="http://secunia.com/advisories/56731" source="SECUNIA">56731</ref>
+      <ref url="http://secunia.com/advisories/56728" source="SECUNIA" adv="1">56728</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00066.html" source="SUSE">openSUSE-SU-2014:0274</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128408.html" source="FEDORA">FEDORA-2014-1864</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127627.html" source="FEDORA">FEDORA-2014-1876</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="haxx" name="curl">
+        <vers num="7.10.6"/>
+        <vers num="7.10.7"/>
+        <vers num="7.10.8"/>
+        <vers num="7.11.0"/>
+        <vers num="7.11.1"/>
+        <vers num="7.11.2"/>
+        <vers num="7.12.0"/>
+        <vers num="7.12.1"/>
+        <vers num="7.12.2"/>
+        <vers num="7.12.3"/>
+        <vers num="7.13.0"/>
+        <vers num="7.13.1"/>
+        <vers num="7.13.2"/>
+        <vers num="7.14.0"/>
+        <vers num="7.14.1"/>
+        <vers num="7.15.0"/>
+        <vers num="7.15.1"/>
+        <vers num="7.15.2"/>
+        <vers num="7.15.3"/>
+        <vers num="7.15.4"/>
+        <vers num="7.15.5"/>
+        <vers num="7.16.0"/>
+        <vers num="7.16.1"/>
+        <vers num="7.16.2"/>
+        <vers num="7.16.3"/>
+        <vers num="7.16.4"/>
+        <vers num="7.17.0"/>
+        <vers num="7.17.1"/>
+        <vers num="7.18.0"/>
+        <vers num="7.18.1"/>
+        <vers num="7.18.2"/>
+        <vers num="7.19.0"/>
+        <vers num="7.19.1"/>
+        <vers num="7.19.2"/>
+        <vers num="7.19.3"/>
+        <vers num="7.19.4"/>
+        <vers num="7.19.5"/>
+        <vers num="7.19.6"/>
+        <vers num="7.19.7"/>
+        <vers num="7.20.0"/>
+        <vers num="7.20.1"/>
+        <vers num="7.21.0"/>
+        <vers num="7.21.1"/>
+        <vers num="7.21.2"/>
+        <vers num="7.21.3"/>
+        <vers num="7.21.4"/>
+        <vers num="7.21.5"/>
+        <vers num="7.21.6"/>
+        <vers num="7.21.7"/>
+        <vers num="7.22.0"/>
+        <vers num="7.23.0"/>
+        <vers num="7.23.1"/>
+        <vers num="7.24.0"/>
+        <vers num="7.25.0"/>
+        <vers num="7.26.0"/>
+        <vers num="7.27.0"/>
+        <vers num="7.28.0"/>
+        <vers num="7.28.1"/>
+        <vers num="7.29.0"/>
+        <vers num="7.30.0"/>
+        <vers num="7.31.0"/>
+        <vers num="7.32.0"/>
+        <vers num="7.33.0"/>
+        <vers num="7.34.0"/>
+      </prod>
+      <prod vendor="haxx" name="libcurl">
+        <vers num="7.10.6"/>
+        <vers num="7.10.7"/>
+        <vers num="7.10.8"/>
+        <vers num="7.11.0"/>
+        <vers num="7.11.1"/>
+        <vers num="7.11.2"/>
+        <vers num="7.12.0"/>
+        <vers num="7.12.1"/>
+        <vers num="7.12.2"/>
+        <vers num="7.12.3"/>
+        <vers num="7.13.0"/>
+        <vers num="7.13.1"/>
+        <vers num="7.13.2"/>
+        <vers num="7.14.0"/>
+        <vers num="7.14.1"/>
+        <vers num="7.15.0"/>
+        <vers num="7.15.1"/>
+        <vers num="7.15.2"/>
+        <vers num="7.15.3"/>
+        <vers num="7.15.4"/>
+        <vers num="7.15.5"/>
+        <vers num="7.16.0"/>
+        <vers num="7.16.1"/>
+        <vers num="7.16.2"/>
+        <vers num="7.16.3"/>
+        <vers num="7.16.4"/>
+        <vers num="7.17.0"/>
+        <vers num="7.17.1"/>
+        <vers num="7.18.0"/>
+        <vers num="7.18.1"/>
+        <vers num="7.18.2"/>
+        <vers num="7.19.0"/>
+        <vers num="7.19.1"/>
+        <vers num="7.19.2"/>
+        <vers num="7.19.3"/>
+        <vers num="7.19.4"/>
+        <vers num="7.19.5"/>
+        <vers num="7.19.6"/>
+        <vers num="7.19.7"/>
+        <vers num="7.20.0"/>
+        <vers num="7.20.1"/>
+        <vers num="7.21.0"/>
+        <vers num="7.21.1"/>
+        <vers num="7.21.2"/>
+        <vers num="7.21.3"/>
+        <vers num="7.21.4"/>
+        <vers num="7.21.5"/>
+        <vers num="7.21.6"/>
+        <vers num="7.21.7"/>
+        <vers num="7.22.0"/>
+        <vers num="7.23.0"/>
+        <vers num="7.23.1"/>
+        <vers num="7.24.0"/>
+        <vers num="7.25.0"/>
+        <vers num="7.26.0"/>
+        <vers num="7.27.0"/>
+        <vers num="7.28.0"/>
+        <vers num="7.28.1"/>
+        <vers num="7.29.0"/>
+        <vers num="7.30.0"/>
+        <vers num="7.31.0"/>
+        <vers num="7.32.0"/>
+        <vers num="7.33.0"/>
+        <vers num="7.34.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0016" published="2014-03-24" name="CVE-2014-0016" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.stunnel.org/sdf_ChangeLog.html" source="CONFIRM" adv="1">https://www.stunnel.org/sdf_ChangeLog.html</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1072180" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1072180</ref>
+      <ref url="https://bugzilla.redhat.com/attachment.cgi?id=870826&amp;action=diff" source="MISC">https://bugzilla.redhat.com/attachment.cgi?id=870826&amp;action=diff</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/05/1" source="MLIST">[oss-security] 20140305 libssh and stunnel PRNG flaws</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="stunnel" name="stunnel">
+        <vers num="0.1"/>
+        <vers num="1.0"/>
+        <vers num="1.1"/>
+        <vers num="1.2"/>
+        <vers num="1.3"/>
+        <vers num="1.4"/>
+        <vers num="1.5"/>
+        <vers num="1.6"/>
+        <vers num="2.0"/>
+        <vers num="2.1"/>
+        <vers num="3.0" edition="b1"/>
+        <vers num="3.0" edition="b2"/>
+        <vers num="3.0" edition="b3"/>
+        <vers num="3.0" edition="b4"/>
+        <vers num="3.0" edition="b5"/>
+        <vers num="3.0" edition="b6"/>
+        <vers num="3.0" edition="b7"/>
+        <vers num="3.1"/>
+        <vers num="3.10"/>
+        <vers num="3.11"/>
+        <vers num="3.12"/>
+        <vers num="3.13"/>
+        <vers num="3.14"/>
+        <vers num="3.15"/>
+        <vers num="3.16"/>
+        <vers num="3.17"/>
+        <vers num="3.18"/>
+        <vers num="3.19"/>
+        <vers num="3.2"/>
+        <vers num="3.20"/>
+        <vers num="3.21"/>
+        <vers num="3.21a"/>
+        <vers num="3.21b"/>
+        <vers num="3.21c"/>
+        <vers num="3.22"/>
+        <vers num="3.23"/>
+        <vers num="3.24"/>
+        <vers num="3.25"/>
+        <vers num="3.26"/>
+        <vers num="3.3"/>
+        <vers num="3.4a"/>
+        <vers num="3.5"/>
+        <vers num="3.6"/>
+        <vers num="3.7"/>
+        <vers num="3.8" edition="p1"/>
+        <vers num="3.8" edition="p2"/>
+        <vers num="3.8" edition="p3"/>
+        <vers num="3.8" edition="p4"/>
+        <vers num="3.8p1"/>
+        <vers num="3.8p2"/>
+        <vers num="3.8p3"/>
+        <vers num="3.8p4"/>
+        <vers num="3.9"/>
+        <vers num="4.0"/>
+        <vers num="4.00"/>
+        <vers num="4.01"/>
+        <vers num="4.02"/>
+        <vers num="4.03"/>
+        <vers num="4.04"/>
+        <vers num="4.05"/>
+        <vers num="4.06"/>
+        <vers num="4.07"/>
+        <vers num="4.08"/>
+        <vers num="4.09"/>
+        <vers num="4.10"/>
+        <vers num="4.11"/>
+        <vers num="4.12"/>
+        <vers num="4.13"/>
+        <vers num="4.14"/>
+        <vers num="4.15"/>
+        <vers num="4.16"/>
+        <vers num="4.17"/>
+        <vers num="4.18"/>
+        <vers num="4.19"/>
+        <vers num="4.20"/>
+        <vers num="4.21"/>
+        <vers num="4.22"/>
+        <vers num="4.23"/>
+        <vers num="4.24"/>
+        <vers num="4.25"/>
+        <vers num="4.26"/>
+        <vers num="4.27"/>
+        <vers num="4.28"/>
+        <vers num="4.29"/>
+        <vers num="4.30"/>
+        <vers num="4.31"/>
+        <vers num="4.32"/>
+        <vers num="4.33"/>
+        <vers num="4.34"/>
+        <vers num="4.35"/>
+        <vers num="4.36"/>
+        <vers num="4.37"/>
+        <vers num="4.38"/>
+        <vers num="4.39"/>
+        <vers num="4.40"/>
+        <vers num="4.41"/>
+        <vers num="4.42"/>
+        <vers num="4.43"/>
+        <vers num="4.44"/>
+        <vers num="4.45"/>
+        <vers num="4.46"/>
+        <vers num="4.47"/>
+        <vers num="4.48"/>
+        <vers num="4.49"/>
+        <vers num="4.50"/>
+        <vers num="4.51"/>
+        <vers num="4.52"/>
+        <vers num="4.53"/>
+        <vers num="4.54"/>
+        <vers num="4.55"/>
+        <vers prev="1" num="4.56"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0017" published="2014-03-14" name="CVE-2014-0017" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="1.9" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.4" CVSS_base_score="1.9">
+    <desc>
+      <descript source="cve">The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/" source="CONFIRM" patch="1" adv="1">http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1072191" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1072191</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2145-1" source="UBUNTU">USN-2145-1</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/05/1" source="MLIST">[oss-security] 20140305 libssh and stunnel PRNG flaws</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2879" source="DEBIAN">DSA-2879</ref>
+      <ref url="http://secunia.com/advisories/57407" source="SECUNIA" adv="1">57407</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00040.html" source="SUSE">openSUSE-SU-2014:0370</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00036.html" source="SUSE">openSUSE-SU-2014:0366</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="libssh" name="libssh">
+        <vers num="0.4.7"/>
+        <vers num="0.4.8"/>
+        <vers num="0.5.0" edition="rc1"/>
+        <vers num="0.5.1"/>
+        <vers num="0.5.2"/>
+        <vers num="0.5.3"/>
+        <vers num="0.5.4"/>
+        <vers num="0.5.5"/>
+        <vers num="0.6.0"/>
+        <vers num="0.6.1"/>
+        <vers prev="1" num="0.6.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0018" published="2014-02-14" name="CVE-2014-0018" modified="2014-02-18" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="1.9" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.4" CVSS_base_score="1.9">
+    <desc>
+      <descript source="cve">Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1052783" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1052783</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0172.html" source="REDHAT" adv="1">RHSA-2014:0172</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0171.html" source="REDHAT" adv="1">RHSA-2014:0171</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0170.html" source="REDHAT" adv="1">RHSA-2014:0170</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="redhat" name="jboss_enterprise_application_platform">
+        <vers num="6.2.0"/>
+      </prod>
+      <prod vendor="redhat" name="jboss_wildfly_application_server">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0019" published="2014-02-04" name="CVE-2014-0019" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="1.9" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.4" CVSS_base_score="1.9">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.dest-unreach.org/socat" source="CONFIRM" patch="1">http://www.dest-unreach.org/socat</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/159" source="MLIST" patch="1">[oss-security] 20140128 Socat security advisory 5 - PROXY-CONNECT address overflow</ref>
+      <ref url="http://www.securityfocus.com/bid/65201" source="BID">65201</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:033" source="MANDRIVA">MDVSA-2014:033</ref>
+      <ref url="http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt" source="MISC">http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt</ref>
+      <ref url="http://osvdb.org/102612" source="OSVDB">102612</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128229.html" source="FEDORA">FEDORA-2014-1795</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128190.html" source="FEDORA">FEDORA-2014-1811</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="dest-unreach" name="socat">
+        <vers num="1.3.0.0"/>
+        <vers num="1.3.0.1"/>
+        <vers num="1.3.1.0"/>
+        <vers num="1.3.2.0"/>
+        <vers num="1.3.2.1"/>
+        <vers num="1.3.2.2"/>
+        <vers num="1.4.0.0"/>
+        <vers num="1.4.0.1"/>
+        <vers num="1.4.0.2"/>
+        <vers num="1.4.0.3"/>
+        <vers num="1.4.1.0"/>
+        <vers num="1.4.2.0"/>
+        <vers num="1.4.3.0"/>
+        <vers num="1.4.3.1"/>
+        <vers num="1.5.0.0"/>
+        <vers num="1.6.0.0"/>
+        <vers num="1.6.0.1"/>
+        <vers num="1.7.0.0"/>
+        <vers num="1.7.0.1"/>
+        <vers num="1.7.1.0"/>
+        <vers num="1.7.1.1"/>
+        <vers num="1.7.1.2"/>
+        <vers num="1.7.1.3"/>
+        <vers num="1.7.2.0"/>
+        <vers num="1.7.2.1"/>
+        <vers num="1.7.2.2"/>
+        <vers num="2.0.0" edition="b1"/>
+        <vers num="2.0.0" edition="b2"/>
+        <vers num="2.0.0" edition="b3"/>
+        <vers num="2.0.0" edition="b4"/>
+        <vers num="2.0.0" edition="b5"/>
+        <vers num="2.0.0" edition="b6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0020" published="2014-02-06" name="CVE-2014-0020" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://rhn.redhat.com/errata/RHSA-2014-0139.html" source="REDHAT">RHSA-2014:0139</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2100-1" source="UBUNTU">USN-2100-1</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2859" source="DEBIAN">DSA-2859</ref>
+      <ref url="http://pidgin.im/news/security/?id=85" source="CONFIRM" adv="1">http://pidgin.im/news/security/?id=85</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html" source="SUSE">openSUSE-SU-2014:0326</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html" source="SUSE">openSUSE-SU-2014:0239</ref>
+      <ref url="http://hg.pidgin.im/pidgin/main/rev/a167504359e5" source="CONFIRM">http://hg.pidgin.im/pidgin/main/rev/a167504359e5</ref>
+      <ref url="http://hg.pidgin.im/pidgin/main/rev/9f132a6855cd" source="CONFIRM">http://hg.pidgin.im/pidgin/main/rev/9f132a6855cd</ref>
+      <ref url="http://hg.pidgin.im/pidgin/main/rev/7d0fb0c6d8d4" source="CONFIRM">http://hg.pidgin.im/pidgin/main/rev/7d0fb0c6d8d4</ref>
+      <ref url="http://hg.pidgin.im/pidgin/main/rev/6b0e0566af20" source="CONFIRM">http://hg.pidgin.im/pidgin/main/rev/6b0e0566af20</ref>
+      <ref url="http://hg.pidgin.im/pidgin/main/rev/5845d9fa7084" source="CONFIRM">http://hg.pidgin.im/pidgin/main/rev/5845d9fa7084</ref>
+      <ref url="http://hg.pidgin.im/pidgin/main/rev/4d9be297d399" source="CONFIRM">http://hg.pidgin.im/pidgin/main/rev/4d9be297d399</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="pidgin" name="pidgin">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.10.0"/>
+        <vers num="2.10.1"/>
+        <vers num="2.10.2"/>
+        <vers num="2.10.3"/>
+        <vers num="2.10.4"/>
+        <vers num="2.10.5"/>
+        <vers num="2.10.6"/>
+        <vers prev="1" num="2.10.7"/>
+        <vers num="2.2.0"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.2"/>
+        <vers num="2.3.0"/>
+        <vers num="2.3.1"/>
+        <vers num="2.4.0"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.5.0"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="2.5.5"/>
+        <vers num="2.5.6"/>
+        <vers num="2.5.7"/>
+        <vers num="2.5.8"/>
+        <vers num="2.5.9"/>
+        <vers num="2.6.0"/>
+        <vers num="2.6.1"/>
+        <vers num="2.6.2"/>
+        <vers num="2.6.3"/>
+        <vers num="2.6.4"/>
+        <vers num="2.6.5"/>
+        <vers num="2.6.6"/>
+        <vers num="2.7.0"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.10"/>
+        <vers num="2.7.11"/>
+        <vers num="2.7.2"/>
+        <vers num="2.7.3"/>
+        <vers num="2.7.4"/>
+        <vers num="2.7.5"/>
+        <vers num="2.7.6"/>
+        <vers num="2.7.7"/>
+        <vers num="2.7.8"/>
+        <vers num="2.7.9"/>
+        <vers num="2.8.0"/>
+        <vers num="2.9.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0022" published="2014-01-26" name="CVE-2014-0022" modified="2014-01-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=9df69e5794" source="CONFIRM" patch="1">http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=9df69e5794</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1057377" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1057377</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1052440" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1052440</ref>
+      <ref url="http://www.securityfocus.com/bid/65119" source="BID">65119</ref>
+      <ref url="http://secunia.com/advisories/56637" source="SECUNIA" adv="1">56637</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="baseurl" name="yum">
+        <vers num="3.4.0"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.2"/>
+        <vers prev="1" num="3.4.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-0025" reject="1" published="2014-01-28" name="CVE-2014-0025" modified="2014-01-28">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-1690.  Reason: This candidate is a reservation duplicate of CVE-2014-1690.  Notes: All CVE users should reference CVE-2014-1690 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
+    </desc>
+    <refs/>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0027" published="2014-01-25" name="CVE-2014-0027" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="3.3" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="3.4" CVSS_base_score="3.3">
+    <desc>
+      <descript source="cve">The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav.  NOTE: some of these details are obtained from third party information.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1048678" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1048678</ref>
+      <ref url="http://www.securityfocus.com/bid/64791" source="BID">64791</ref>
+      <ref url="http://www.osvdb.org/101948" source="OSVDB">101948</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:032" source="MANDRIVA">MDVSA-2014:032</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/59" source="MLIST">[oss-security] 20140110 temporary file issue in flite</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127776.html" source="FEDORA">FEDORA-2014-0579</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127748.html" source="FEDORA">FEDORA-2014-0574</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cmu" name="flite">
+        <vers num="1.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0028" published="2014-01-24" name="CVE-2014-0028" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:N/C:P/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="5.5" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html" source="MLIST">[libvirt] 20140115 [PATCH 0/4] CVE-2014-0028: domain events vs. ACL filtering</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1048637" source="CONFIRM" adv="1">https://bugzilla.redhat.com/show_bug.cgi?id=1048637</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2093-1" source="UBUNTU">USN-2093-1</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html" source="SUSE">openSUSE-SU-2014:0268</ref>
+      <ref url="http://libvirt.org/news.html" source="CONFIRM">http://libvirt.org/news.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="redhat" name="libvirt">
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.3"/>
+        <vers num="1.1.4"/>
+        <vers num="1.2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0031" published="2014-01-15" name="CVE-2014-0031" modified="2014-02-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://issues.apache.org/jira/browse/CLOUDSTACK-5145" source="CONFIRM">https://issues.apache.org/jira/browse/CLOUDSTACK-5145</ref>
+      <ref url="https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl" source="CONFIRM" adv="1">https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl</ref>
+      <ref url="http://secunia.com/advisories/55960" source="SECUNIA" adv="1">55960</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="cloudstack">
+        <vers num="2.0" edition="-:community"/>
+        <vers num="2.0.1"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2.0"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.11"/>
+        <vers num="2.2.12"/>
+        <vers num="2.2.13"/>
+        <vers num="2.2.14"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+        <vers num="3.0.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="4.0.0" edition="incubating"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers prev="1" num="4.2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0032" published="2014-02-14" name="CVE-2014-0032" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://svn.apache.org/viewvc?view=revision&amp;revision=1557320" source="CONFIRM" patch="1">http://svn.apache.org/viewvc?view=revision&amp;revision=1557320</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90986" source="XF">apache-subversion-cve20140032-dos(90986)</ref>
+      <ref url="http://www.securityfocus.com/bid/65434" source="BID">65434</ref>
+      <ref url="http://www.osvdb.org/102927" source="OSVDB">102927</ref>
+      <ref url="http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES" source="CONFIRM">http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES</ref>
+      <ref url="http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES" source="CONFIRM">http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES</ref>
+      <ref url="http://secunia.com/advisories/56822" source="SECUNIA" adv="1">56822</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0255.html" source="REDHAT">RHSA-2014:0255</ref>
+      <ref url="http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA@mail.gmail.com%3E" source="MLIST">[subversion-dev] 20140110 Sin mod_dav_svn with repositories on /</ref>
+      <ref url="http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C871u0gqb0d.fsf@ntlworld.com%3E" source="MLIST">[subversion-dev] 20140110 Re: Segfault in mod_dav_svn with repositories on /</ref>
+      <ref url="http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C52D328AB.8090502@reser.org%3E" source="MLIST">[subversion-dev] 20140110 2 Re: Segfault in mod_dav_svn with repositories on /</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00011.html" source="SUSE">openSUSE-SU-2014:0334</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html" source="SUSE">openSUSE-SU-2014:0307</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="subversion">
+        <vers num="1.7.0"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.10"/>
+        <vers num="1.7.11"/>
+        <vers num="1.7.12"/>
+        <vers num="1.7.13"/>
+        <vers prev="1" num="1.7.14"/>
+        <vers num="1.7.2"/>
+        <vers num="1.7.3"/>
+        <vers num="1.7.4"/>
+        <vers num="1.7.5"/>
+        <vers num="1.7.6"/>
+        <vers num="1.7.7"/>
+        <vers num="1.7.8"/>
+        <vers num="1.7.9"/>
+        <vers num="1.8.0"/>
+        <vers num="1.8.1"/>
+        <vers num="1.8.2"/>
+        <vers num="1.8.3"/>
+        <vers num="1.8.4"/>
+        <vers num="1.8.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0033" published="2014-02-26" name="CVE-2014-0033" modified="2014-02-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1069919" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1069919</ref>
+      <ref url="http://tomcat.apache.org/security-6.html" source="CONFIRM" adv="1">http://tomcat.apache.org/security-6.html</ref>
+      <ref url="http://svn.apache.org/viewvc?view=revision&amp;revision=1558822" source="CONFIRM">http://svn.apache.org/viewvc?view=revision&amp;revision=1558822</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="tomcat">
+        <vers num="6.0.33"/>
+        <vers num="6.0.34"/>
+        <vers num="6.0.35"/>
+        <vers num="6.0.36"/>
+        <vers num="6.0.37"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0036" published="2014-04-17" name="CVE-2014-0036" modified="2014-04-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1058595" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1058595</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/509" source="MLIST">[oss-security] 20140306 CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130180.html" source="FEDORA">FEDORA-2014-3526</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130148.html" source="FEDORA">FEDORA-2014-3573</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="amos_benari" name="rbovirt">
+        <vers num="0.0.1" edition=":~~~ruby~~"/>
+        <vers num="0.0.10" edition=":~~~ruby~~"/>
+        <vers num="0.0.11" edition=":~~~ruby~~"/>
+        <vers num="0.0.12" edition=":~~~ruby~~"/>
+        <vers num="0.0.13" edition=":~~~ruby~~"/>
+        <vers num="0.0.14" edition=":~~~ruby~~"/>
+        <vers num="0.0.15" edition=":~~~ruby~~"/>
+        <vers num="0.0.16" edition=":~~~ruby~~"/>
+        <vers num="0.0.17" edition=":~~~ruby~~"/>
+        <vers num="0.0.18" edition=":~~~ruby~~"/>
+        <vers num="0.0.19" edition=":~~~ruby~~"/>
+        <vers num="0.0.2" edition=":~~~ruby~~"/>
+        <vers num="0.0.20" edition=":~~~ruby~~"/>
+        <vers num="0.0.21" edition=":~~~ruby~~"/>
+        <vers num="0.0.22" edition=":~~~ruby~~"/>
+        <vers prev="1" num="0.0.23" edition=":~~~ruby~~"/>
+        <vers num="0.0.3" edition=":~~~ruby~~"/>
+        <vers num="0.0.4" edition=":~~~ruby~~"/>
+        <vers num="0.0.5" edition=":~~~ruby~~"/>
+        <vers num="0.0.6" edition=":~~~ruby~~"/>
+        <vers num="0.0.7" edition=":~~~ruby~~"/>
+        <vers num="0.0.8" edition=":~~~ruby~~"/>
+        <vers num="0.0.9" edition=":~~~ruby~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0037" published="2014-04-28" name="CVE-2014-0037" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1059903" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1059903</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1056767" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1056767</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/31/14" source="MLIST">[oss-security] 20140131 Security Flaw CVE-2014-0037</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:044" source="MANDRIVA">MDVSA-2014:044</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="zarafa" name="zarafa">
+        <vers num="5.00"/>
+        <vers num="5.01"/>
+        <vers num="5.02"/>
+        <vers num="5.10"/>
+        <vers num="5.11"/>
+        <vers num="5.20"/>
+        <vers num="5.22"/>
+        <vers num="6.00"/>
+        <vers num="6.01"/>
+        <vers num="6.02"/>
+        <vers num="6.03"/>
+        <vers num="6.10"/>
+        <vers num="6.11"/>
+        <vers num="6.20"/>
+        <vers num="6.20.10"/>
+        <vers num="6.20.11"/>
+        <vers num="6.20.12"/>
+        <vers num="6.20.2"/>
+        <vers num="6.20.3"/>
+        <vers num="6.20.5"/>
+        <vers num="6.20.6"/>
+        <vers num="6.20.7"/>
+        <vers num="6.30.0"/>
+        <vers num="6.30.10"/>
+        <vers num="6.30.11"/>
+        <vers num="6.30.13"/>
+        <vers num="6.30.16"/>
+        <vers num="6.30.17"/>
+        <vers num="6.30.3"/>
+        <vers num="6.30.4"/>
+        <vers num="6.30.5"/>
+        <vers num="6.30.6"/>
+        <vers num="6.30.7"/>
+        <vers num="6.30.8"/>
+        <vers num="6.30.9"/>
+        <vers num="6.40.0"/>
+        <vers num="6.40.10"/>
+        <vers num="6.40.11"/>
+        <vers num="6.40.12"/>
+        <vers num="6.40.13"/>
+        <vers num="6.40.14"/>
+        <vers num="6.40.15"/>
+        <vers num="6.40.16"/>
+        <vers num="6.40.17"/>
+        <vers num="6.40.2"/>
+        <vers num="6.40.3"/>
+        <vers num="6.40.4"/>
+        <vers num="6.40.5"/>
+        <vers num="6.40.6"/>
+        <vers num="6.40.7"/>
+        <vers num="6.40.8"/>
+        <vers num="6.40.9"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.10"/>
+        <vers num="7.0.11"/>
+        <vers num="7.0.12"/>
+        <vers num="7.0.13"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers num="7.0.6"/>
+        <vers num="7.0.7"/>
+        <vers num="7.0.8"/>
+        <vers num="7.0.9"/>
+        <vers num="7.1.0"/>
+        <vers num="7.1.1"/>
+        <vers num="7.1.2"/>
+        <vers num="7.1.3"/>
+        <vers num="7.1.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0038" published="2014-02-06" name="CVE-2014-0038" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/2def2ef2ae5f3990aabdbe8a755911902707d268</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2def2ef2ae5f3990aabdbe8a755911902707d268" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2def2ef2ae5f3990aabdbe8a755911902707d268</ref>
+      <ref url="https://github.com/saelo/cve-2014-0038" source="MISC" adv="1">https://github.com/saelo/cve-2014-0038</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=338594" source="MISC">https://code.google.com/p/chromium/issues/detail?id=338594</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1060023" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1060023</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2096-1" source="UBUNTU">USN-2096-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2095-1" source="UBUNTU">USN-2095-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2094-1" source="UBUNTU">USN-2094-1</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/31/2" source="MLIST">[oss-security] 20140131 Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:038" source="MANDRIVA">MDVSA-2014:038</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2</ref>
+      <ref url="http://www.exploit-db.com/exploits/31347" source="EXPLOIT-DB">31347</ref>
+      <ref url="http://www.exploit-db.com/exploits/31346" source="EXPLOIT-DB">31346</ref>
+      <ref url="http://pastebin.com/raw.php?i=DH3Lbg54" source="MISC">http://pastebin.com/raw.php?i=DH3Lbg54</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html" source="SUSE">openSUSE-SU-2014:0205</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html" source="SUSE">openSUSE-SU-2014:0204</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers prev="1" num="3.13.1"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0039" published="2014-02-07" name="CVE-2014-0039" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="4.4" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.4" CVSS_base_score="4.4">
+    <desc>
+      <descript source="cve">Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/426.html
+
+"CWE-426: Untrusted Search Path"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348" source="CONFIRM" patch="1">https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348</ref>
+      <ref url="https://github.com/mrash/fwsnort/blob/master/ChangeLog" source="CONFIRM">https://github.com/mrash/fwsnort/blob/master/ChangeLog</ref>
+      <ref url="http://www.securityfocus.com/bid/65341" source="BID">65341</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/221" source="MLIST">[oss-security] 20140203 CVE-2014-0039: fwsnort loaded configuration file from cwd when run as a non-root user</ref>
+      <ref url="http://osvdb.org/102822" source="OSVDB">102822</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128205.html" source="FEDORA">FEDORA-2014-1972</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128188.html" source="FEDORA">FEDORA-2014-1975</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cipherdyne" name="fwsnort">
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.6.2"/>
+        <vers num="0.6.3"/>
+        <vers num="0.6.4"/>
+        <vers num="0.6.5"/>
+        <vers num="0.7.0"/>
+        <vers num="0.8.0"/>
+        <vers num="0.8.1"/>
+        <vers num="0.8.2"/>
+        <vers num="0.9.0"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.5"/>
+        <vers num="1.6"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.2"/>
+        <vers num="1.6.3"/>
+        <vers prev="1" num="1.6.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0044" published="2014-02-07" name="CVE-2014-0044" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The opus_packet_get_samples_per_frame function in client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots allows remote attackers to cause a denial of service (crash) via a crafted length prefix value, which triggers a NULL pointer dereference or a heap-based buffer over-read (aka "out-of-bounds array access").</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.debian.org/security/2014/dsa-2854" source="DEBIAN">DSA-2854</ref>
+      <ref url="http://osvdb.org/102904" source="OSVDB">102904</ref>
+      <ref url="http://mumble.info/security/Mumble-SA-2014-001.txt" source="CONFIRM" adv="1">http://mumble.info/security/Mumble-SA-2014-001.txt</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00063.html" source="SUSE">openSUSE-SU-2014:0271</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="light_speed_gaming" name="mumble">
+        <vers num="1.2.3" edition="rc1"/>
+        <vers num="1.2.3" edition="rc2"/>
+        <vers num="1.2.3" edition="rc3"/>
+        <vers num="1.2.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0045" published="2014-02-07" name="CVE-2014-0045" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative integer to an unsigned integer, and a heap-based buffer over-read and over-write.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.debian.org/security/2014/dsa-2854" source="DEBIAN">DSA-2854</ref>
+      <ref url="http://osvdb.org/102958" source="OSVDB">102958</ref>
+      <ref url="http://osvdb.org/102905" source="OSVDB">102905</ref>
+      <ref url="http://mumble.info/security/Mumble-SA-2014-004.txt" source="CONFIRM" adv="1">http://mumble.info/security/Mumble-SA-2014-004.txt</ref>
+      <ref url="http://mumble.info/security/Mumble-SA-2014-002.txt" source="CONFIRM">http://mumble.info/security/Mumble-SA-2014-002.txt</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00063.html" source="SUSE">openSUSE-SU-2014:0271</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="light_speed_gaming" name="mumble">
+        <vers num="1.1" edition=":~~~iphone_os~~"/>
+        <vers num="1.1" edition="rc1:~~~iphone_os~~"/>
+        <vers num="1.1.1" edition=":~~~iphone_os~~"/>
+        <vers num="1.2" edition=":~~~iphone_os~~"/>
+        <vers num="1.2.1" edition=":~~~iphone_os~~"/>
+        <vers num="1.2.2" edition=":~~~iphone_os~~"/>
+        <vers num="1.2.3" edition="rc1"/>
+        <vers num="1.2.3" edition="rc2"/>
+        <vers num="1.2.3" edition="rc3"/>
+        <vers num="1.2.4"/>
+      </prod>
+      <prod vendor="light_speed_gaming" name="mumblekit">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0046" published="2014-02-27" name="CVE-2014-0046" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:P/A:N)" CVSS_score="2.6" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://groups.google.com/forum/#%21topic/ember-security/1h6FRgr8lXQ" source="CONFIRM">https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91242" source="XF">emberjs-linkto-xss(91242)</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/14/6" source="MLIST">[oss-security] 20140214 [CVE-2014-0046] XSS Vulnerability With {{link-to}} Helper in Non-block Form</ref>
+      <ref url="http://secunia.com/advisories/56965" source="SECUNIA" adv="1">56965</ref>
+      <ref url="http://emberjs.com/blog/2014/02/07/ember-security-releases.html" source="CONFIRM" adv="1">http://emberjs.com/blog/2014/02/07/ember-security-releases.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emberjs" name="ember.js">
+        <vers num="1.2.0"/>
+        <vers num="1.2.1"/>
+        <vers num="1.3.0"/>
+        <vers num="1.3.1"/>
+        <vers num="1.4.0" edition="beta"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0049" published="2014-03-11" name="CVE-2014-0049" modified="2014-03-11" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:S/C:C/I:C/A:C)" CVSS_score="7.4" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="4.4" CVSS_base_score="7.4">
+    <desc>
+      <descript source="cve">Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/03/1" source="MLIST" patch="1">[oss-security] 20140303 CVE-2014-0049 -- Linux kernel: kvm: mmio_fragments out-of-the-bounds access</ref>
+      <ref url="https://github.com/torvalds/linux/commit/a08d3b3b99efd509133946056531cdf8f3a0c09b" source="CONFIRM">https://github.com/torvalds/linux/commit/a08d3b3b99efd509133946056531cdf8f3a0c09b</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1062368" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1062368</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6" source="CONFIRM" adv="1">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a08d3b3b99efd509133946056531cdf8f3a0c09b" source="CONFIRM">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a08d3b3b99efd509133946056531cdf8f3a0c09b</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers prev="1" num="3.13.5"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0050" published="2014-04-01" name="CVE-2014-0050" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tomcat.apache.org/security-8.html" source="CONFIRM" patch="1" adv="1">http://tomcat.apache.org/security-8.html</ref>
+      <ref url="http://tomcat.apache.org/security-7.html" source="CONFIRM" patch="1" adv="1">http://tomcat.apache.org/security-7.html</ref>
+      <ref url="http://svn.apache.org/r1565143" source="CONFIRM" patch="1">http://svn.apache.org/r1565143</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1062337" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1062337</ref>
+      <ref url="http://secunia.com/advisories/57915" source="SECUNIA">57915</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0400.html" source="REDHAT">RHSA-2014:0400</ref>
+      <ref url="http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3C52F373FC.9030907@apache.org%3E" source="MLIST">[commons-dev] 20140206 [SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000017" source="JVNDB">JVNDB-2014-000017</ref>
+      <ref url="http://jvn.jp/en/jp/JVN14876762/index.html" source="JVN">JVN#14876762</ref>
+      <ref url="http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html" source="MISC">http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="commons_fileupload">
+        <vers num="1.0"/>
+        <vers num="1.1"/>
+        <vers num="1.1.1"/>
+        <vers num="1.2"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.3"/>
+        <vers prev="1" num="1.3.1"/>
+      </prod>
+      <prod vendor="apache" name="tomcat">
+        <vers num="7.0.0" edition="beta"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.10"/>
+        <vers num="7.0.11"/>
+        <vers num="7.0.12"/>
+        <vers num="7.0.13"/>
+        <vers num="7.0.14"/>
+        <vers num="7.0.15"/>
+        <vers num="7.0.16"/>
+        <vers num="7.0.17"/>
+        <vers num="7.0.18"/>
+        <vers num="7.0.19"/>
+        <vers num="7.0.2" edition="beta"/>
+        <vers num="7.0.20"/>
+        <vers num="7.0.21"/>
+        <vers num="7.0.22"/>
+        <vers num="7.0.23"/>
+        <vers num="7.0.24"/>
+        <vers num="7.0.25"/>
+        <vers num="7.0.26"/>
+        <vers num="7.0.27"/>
+        <vers num="7.0.28"/>
+        <vers num="7.0.29"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.30"/>
+        <vers num="7.0.31"/>
+        <vers num="7.0.32"/>
+        <vers num="7.0.33"/>
+        <vers num="7.0.34"/>
+        <vers num="7.0.35"/>
+        <vers num="7.0.36"/>
+        <vers num="7.0.37"/>
+        <vers num="7.0.38"/>
+        <vers num="7.0.39"/>
+        <vers num="7.0.4" edition="beta"/>
+        <vers num="7.0.40"/>
+        <vers num="7.0.41"/>
+        <vers num="7.0.42"/>
+        <vers num="7.0.43"/>
+        <vers num="7.0.44"/>
+        <vers num="7.0.45"/>
+        <vers num="7.0.46"/>
+        <vers num="7.0.47"/>
+        <vers num="7.0.48"/>
+        <vers num="7.0.49"/>
+        <vers num="7.0.5"/>
+        <vers num="7.0.50"/>
+        <vers num="7.0.6"/>
+        <vers num="7.0.7"/>
+        <vers num="7.0.8"/>
+        <vers num="7.0.9"/>
+        <vers num="8.0.0" edition="rc1"/>
+        <vers num="8.0.0" edition="rc10"/>
+        <vers num="8.0.0" edition="rc2"/>
+        <vers num="8.0.0" edition="rc5"/>
+        <vers num="8.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0053" published="2014-04-15" name="CVE-2014-0053" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 before 2.3.6 does not properly restrict access to files in the WEB-INF directory, which allows remote attackers to obtain sensitive information via a direct request.  NOTE: this identifier has been SPLIT due to different researchers and different vulnerability types. See CVE-2014-2857 for the META-INF variant and CVE-2014-2858 for the directory traversal.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://twitter.com/Ramsharan065/status/434975409134792704" source="MISC">https://twitter.com/Ramsharan065/status/434975409134792704</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91270" source="XF">grails-cve20140053-info-disc(91270)</ref>
+      <ref url="http://www.securityfocus.com/bid/65678" source="BID">65678</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531281/100/0/threaded" source="BUGTRAQ">20140227 Update: CVE-2014-0053 Information Disclosure when using Grails</ref>
+      <ref url="http://www.gopivotal.com/security/cve-2014-0053" source="CONFIRM">http://www.gopivotal.com/security/cve-2014-0053</ref>
+      <ref url="http://secunia.com/advisories/56841" source="SECUNIA" adv="1">56841</ref>
+      <ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html" source="FULLDISC">20140227 Update: CVE-2014-0053 Information Disclosure when using Grails</ref>
+      <ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0194.html" source="FULLDISC">20140219 CVE-2014-0053 Information Disclosure when using Grails</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="gopivotal" name="grails">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.2.0"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.3.0"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+      </prod>
+      <prod vendor="gopivotal" name="grails-resources">
+        <vers num="1.0.0"/>
+        <vers num="1.0.2"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.4"/>
+        <vers num="1.1.5"/>
+        <vers num="1.1.6"/>
+        <vers num="1.2.0"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0054" published="2014-04-17" name="CVE-2014-0054" modified="2014-04-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://jira.spring.io/browse/SPR-11376" source="CONFIRM">https://jira.spring.io/browse/SPR-11376</ref>
+      <ref url="http://secunia.com/advisories/57915" source="SECUNIA" adv="1">57915</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0400.html" source="REDHAT">RHSA-2014:0400</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="springsource" name="spring_framework">
+        <vers num="3.0.0" edition="m1"/>
+        <vers num="3.0.0" edition="m2"/>
+        <vers num="3.0.0" edition="m3"/>
+        <vers num="3.0.0" edition="m4"/>
+        <vers num="3.0.0" edition="rc1"/>
+        <vers num="3.0.0" edition="rc2"/>
+        <vers num="3.0.0" edition="rc3"/>
+        <vers num="3.0.0.m1"/>
+        <vers num="3.0.0.m2"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.2.0"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers prev="1" num="3.2.7"/>
+        <vers num="4.0.0" edition="m1"/>
+        <vers num="4.0.0" edition="m2"/>
+        <vers num="4.0.0" edition="rc1"/>
+        <vers num="4.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0055" published="2014-03-26" name="CVE-2014-0055" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:S/C:N/I:N/A:C)" CVSS_score="5.5" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="5.1" CVSS_base_score="5.5">
+    <desc>
+      <descript source="cve">The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1062577" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1062577</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0339.html" source="REDHAT">RHSA-2014:0339</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0328.html" source="REDHAT">RHSA-2014:0328</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="redhat" name="enterprise_linux">
+        <vers num="6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0057" published="2014-03-18" name="CVE-2014-0057" modified="2014-03-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1064140" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1064140</ref>
+      <ref url="http://secunia.com/advisories/57376" source="SECUNIA" adv="1">57376</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0215.html" source="REDHAT" adv="1">RHSA-2014:0215</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="redhat" name="cloudforms">
+        <vers num="3.0"/>
+      </prod>
+      <prod vendor="redhat" name="cloudforms_3.0_management_engine">
+        <vers num="5.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0058" published="2014-02-26" name="CVE-2014-0058" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="1.9" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.4" CVSS_base_score="1.9">
+    <desc>
+      <descript source="cve">The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0205.html" source="REDHAT" adv="1">RHSA-2014:0205</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0204.html" source="REDHAT" adv="1">RHSA-2014:0204</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="redhat" name="jboss_enterprise_application_platform">
+        <vers num="6.0.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.1.0"/>
+        <vers num="6.2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0060" published="2014-03-31" name="CVE-2014-0060" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.postgresql.org/about/news/1506/" source="CONFIRM" adv="1">http://www.postgresql.org/about/news/1506/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2865" source="DEBIAN">DSA-2865</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2864" source="DEBIAN">DSA-2864</ref>
+      <ref url="http://wiki.postgresql.org/wiki/20140220securityrelease" source="CONFIRM" adv="1">http://wiki.postgresql.org/wiki/20140220securityrelease</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="postgresql" name="postgresql">
+        <vers num="8.4.1"/>
+        <vers num="8.4.10"/>
+        <vers num="8.4.11"/>
+        <vers num="8.4.12"/>
+        <vers num="8.4.13"/>
+        <vers num="8.4.14"/>
+        <vers num="8.4.15"/>
+        <vers num="8.4.16"/>
+        <vers num="8.4.17"/>
+        <vers num="8.4.18"/>
+        <vers prev="1" num="8.4.19"/>
+        <vers num="8.4.2"/>
+        <vers num="8.4.3"/>
+        <vers num="8.4.4"/>
+        <vers num="8.4.5"/>
+        <vers num="8.4.6"/>
+        <vers num="8.4.7"/>
+        <vers num="8.4.8"/>
+        <vers num="8.4.9"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+        <vers num="9.0.10"/>
+        <vers num="9.0.11"/>
+        <vers num="9.0.12"/>
+        <vers num="9.0.13"/>
+        <vers num="9.0.14"/>
+        <vers num="9.0.15"/>
+        <vers num="9.0.2"/>
+        <vers num="9.0.3"/>
+        <vers num="9.0.4"/>
+        <vers num="9.0.5"/>
+        <vers num="9.0.6"/>
+        <vers num="9.0.7"/>
+        <vers num="9.0.8"/>
+        <vers num="9.0.9"/>
+        <vers num="9.1"/>
+        <vers num="9.1.1"/>
+        <vers num="9.1.10"/>
+        <vers num="9.1.11"/>
+        <vers num="9.1.2"/>
+        <vers num="9.1.3"/>
+        <vers num="9.1.4"/>
+        <vers num="9.1.5"/>
+        <vers num="9.1.6"/>
+        <vers num="9.1.7"/>
+        <vers num="9.1.8"/>
+        <vers num="9.1.9"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.2.3"/>
+        <vers num="9.2.4"/>
+        <vers num="9.2.5"/>
+        <vers num="9.2.6"/>
+        <vers num="9.3"/>
+        <vers num="9.3.1"/>
+        <vers num="9.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0061" published="2014-03-31" name="CVE-2014-0061" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.postgresql.org/about/news/1506/" source="CONFIRM" adv="1">http://www.postgresql.org/about/news/1506/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2865" source="DEBIAN">DSA-2865</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2864" source="DEBIAN">DSA-2864</ref>
+      <ref url="http://wiki.postgresql.org/wiki/20140220securityrelease" source="CONFIRM" adv="1">http://wiki.postgresql.org/wiki/20140220securityrelease</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="postgresql" name="postgresql">
+        <vers num="8.4.1"/>
+        <vers num="8.4.10"/>
+        <vers num="8.4.11"/>
+        <vers num="8.4.12"/>
+        <vers num="8.4.13"/>
+        <vers num="8.4.14"/>
+        <vers num="8.4.15"/>
+        <vers num="8.4.16"/>
+        <vers num="8.4.17"/>
+        <vers num="8.4.18"/>
+        <vers prev="1" num="8.4.19"/>
+        <vers num="8.4.2"/>
+        <vers num="8.4.3"/>
+        <vers num="8.4.4"/>
+        <vers num="8.4.5"/>
+        <vers num="8.4.6"/>
+        <vers num="8.4.7"/>
+        <vers num="8.4.8"/>
+        <vers num="8.4.9"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+        <vers num="9.0.10"/>
+        <vers num="9.0.11"/>
+        <vers num="9.0.12"/>
+        <vers num="9.0.13"/>
+        <vers num="9.0.14"/>
+        <vers num="9.0.15"/>
+        <vers num="9.0.2"/>
+        <vers num="9.0.3"/>
+        <vers num="9.0.4"/>
+        <vers num="9.0.5"/>
+        <vers num="9.0.6"/>
+        <vers num="9.0.7"/>
+        <vers num="9.0.8"/>
+        <vers num="9.0.9"/>
+        <vers num="9.1"/>
+        <vers num="9.1.1"/>
+        <vers num="9.1.10"/>
+        <vers num="9.1.11"/>
+        <vers num="9.1.2"/>
+        <vers num="9.1.3"/>
+        <vers num="9.1.4"/>
+        <vers num="9.1.5"/>
+        <vers num="9.1.6"/>
+        <vers num="9.1.7"/>
+        <vers num="9.1.8"/>
+        <vers num="9.1.9"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.2.3"/>
+        <vers num="9.2.4"/>
+        <vers num="9.2.5"/>
+        <vers num="9.2.6"/>
+        <vers num="9.3"/>
+        <vers num="9.3.1"/>
+        <vers num="9.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0062" published="2014-03-31" name="CVE-2014-0062" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:N)" CVSS_score="4.9" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="6.8" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.postgresql.org/about/news/1506/" source="CONFIRM" adv="1">http://www.postgresql.org/about/news/1506/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2865" source="DEBIAN">DSA-2865</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2864" source="DEBIAN">DSA-2864</ref>
+      <ref url="http://wiki.postgresql.org/wiki/20140220securityrelease" source="CONFIRM" adv="1">http://wiki.postgresql.org/wiki/20140220securityrelease</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="postgresql" name="postgresql">
+        <vers num="8.4.1"/>
+        <vers num="8.4.10"/>
+        <vers num="8.4.11"/>
+        <vers num="8.4.12"/>
+        <vers num="8.4.13"/>
+        <vers num="8.4.14"/>
+        <vers num="8.4.15"/>
+        <vers num="8.4.16"/>
+        <vers num="8.4.17"/>
+        <vers num="8.4.18"/>
+        <vers prev="1" num="8.4.19"/>
+        <vers num="8.4.2"/>
+        <vers num="8.4.3"/>
+        <vers num="8.4.4"/>
+        <vers num="8.4.5"/>
+        <vers num="8.4.6"/>
+        <vers num="8.4.7"/>
+        <vers num="8.4.8"/>
+        <vers num="8.4.9"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+        <vers num="9.0.10"/>
+        <vers num="9.0.11"/>
+        <vers num="9.0.12"/>
+        <vers num="9.0.13"/>
+        <vers num="9.0.14"/>
+        <vers num="9.0.15"/>
+        <vers num="9.0.2"/>
+        <vers num="9.0.3"/>
+        <vers num="9.0.4"/>
+        <vers num="9.0.5"/>
+        <vers num="9.0.6"/>
+        <vers num="9.0.7"/>
+        <vers num="9.0.8"/>
+        <vers num="9.0.9"/>
+        <vers num="9.1"/>
+        <vers num="9.1.1"/>
+        <vers num="9.1.10"/>
+        <vers num="9.1.11"/>
+        <vers num="9.1.2"/>
+        <vers num="9.1.3"/>
+        <vers num="9.1.4"/>
+        <vers num="9.1.5"/>
+        <vers num="9.1.6"/>
+        <vers num="9.1.7"/>
+        <vers num="9.1.8"/>
+        <vers num="9.1.9"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.2.3"/>
+        <vers num="9.2.4"/>
+        <vers num="9.2.5"/>
+        <vers num="9.2.6"/>
+        <vers num="9.3"/>
+        <vers num="9.3.1"/>
+        <vers num="9.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0063" published="2014-03-31" name="CVE-2014-0063" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/postgres/postgres/commit/4318daecc959886d001a6e79c6ea853e8b1dfb4b" source="CONFIRM">https://github.com/postgres/postgres/commit/4318daecc959886d001a6e79c6ea853e8b1dfb4b</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1065226" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1065226</ref>
+      <ref url="http://www.postgresql.org/support/security/" source="CONFIRM">http://www.postgresql.org/support/security/</ref>
+      <ref url="http://www.postgresql.org/about/news/1506/" source="CONFIRM" adv="1">http://www.postgresql.org/about/news/1506/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2865" source="DEBIAN">DSA-2865</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2864" source="DEBIAN">DSA-2864</ref>
+      <ref url="http://wiki.postgresql.org/wiki/20140220securityrelease" source="CONFIRM" adv="1">http://wiki.postgresql.org/wiki/20140220securityrelease</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="postgresql" name="postgresql">
+        <vers num="8.4.1"/>
+        <vers num="8.4.10"/>
+        <vers num="8.4.11"/>
+        <vers num="8.4.12"/>
+        <vers num="8.4.13"/>
+        <vers num="8.4.14"/>
+        <vers num="8.4.15"/>
+        <vers num="8.4.16"/>
+        <vers num="8.4.17"/>
+        <vers num="8.4.18"/>
+        <vers prev="1" num="8.4.19"/>
+        <vers num="8.4.2"/>
+        <vers num="8.4.3"/>
+        <vers num="8.4.4"/>
+        <vers num="8.4.5"/>
+        <vers num="8.4.6"/>
+        <vers num="8.4.7"/>
+        <vers num="8.4.8"/>
+        <vers num="8.4.9"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+        <vers num="9.0.10"/>
+        <vers num="9.0.11"/>
+        <vers num="9.0.12"/>
+        <vers num="9.0.13"/>
+        <vers num="9.0.14"/>
+        <vers num="9.0.15"/>
+        <vers num="9.0.2"/>
+        <vers num="9.0.3"/>
+        <vers num="9.0.4"/>
+        <vers num="9.0.5"/>
+        <vers num="9.0.6"/>
+        <vers num="9.0.7"/>
+        <vers num="9.0.8"/>
+        <vers num="9.0.9"/>
+        <vers num="9.1"/>
+        <vers num="9.1.1"/>
+        <vers num="9.1.10"/>
+        <vers num="9.1.11"/>
+        <vers num="9.1.2"/>
+        <vers num="9.1.3"/>
+        <vers num="9.1.4"/>
+        <vers num="9.1.5"/>
+        <vers num="9.1.6"/>
+        <vers num="9.1.7"/>
+        <vers num="9.1.8"/>
+        <vers num="9.1.9"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.2.3"/>
+        <vers num="9.2.4"/>
+        <vers num="9.2.5"/>
+        <vers num="9.2.6"/>
+        <vers num="9.3"/>
+        <vers num="9.3.1"/>
+        <vers num="9.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0064" published="2014-03-31" name="CVE-2014-0064" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow.  NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a" source="CONFIRM">https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1065230" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1065230</ref>
+      <ref url="http://www.postgresql.org/support/security/" source="CONFIRM" adv="1">http://www.postgresql.org/support/security/</ref>
+      <ref url="http://www.postgresql.org/about/news/1506/" source="CONFIRM" adv="1">http://www.postgresql.org/about/news/1506/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2865" source="DEBIAN">DSA-2865</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2864" source="DEBIAN">DSA-2864</ref>
+      <ref url="http://wiki.postgresql.org/wiki/20140220securityrelease" source="CONFIRM">http://wiki.postgresql.org/wiki/20140220securityrelease</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="postgresql" name="postgresql">
+        <vers num="8.4.1"/>
+        <vers num="8.4.10"/>
+        <vers num="8.4.11"/>
+        <vers num="8.4.12"/>
+        <vers num="8.4.13"/>
+        <vers num="8.4.14"/>
+        <vers num="8.4.15"/>
+        <vers num="8.4.16"/>
+        <vers num="8.4.17"/>
+        <vers num="8.4.18"/>
+        <vers prev="1" num="8.4.19"/>
+        <vers num="8.4.2"/>
+        <vers num="8.4.3"/>
+        <vers num="8.4.4"/>
+        <vers num="8.4.5"/>
+        <vers num="8.4.6"/>
+        <vers num="8.4.7"/>
+        <vers num="8.4.8"/>
+        <vers num="8.4.9"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+        <vers num="9.0.10"/>
+        <vers num="9.0.11"/>
+        <vers num="9.0.12"/>
+        <vers num="9.0.13"/>
+        <vers num="9.0.14"/>
+        <vers num="9.0.15"/>
+        <vers num="9.0.2"/>
+        <vers num="9.0.3"/>
+        <vers num="9.0.4"/>
+        <vers num="9.0.5"/>
+        <vers num="9.0.6"/>
+        <vers num="9.0.7"/>
+        <vers num="9.0.8"/>
+        <vers num="9.0.9"/>
+        <vers num="9.1"/>
+        <vers num="9.1.1"/>
+        <vers num="9.1.10"/>
+        <vers num="9.1.11"/>
+        <vers num="9.1.2"/>
+        <vers num="9.1.3"/>
+        <vers num="9.1.4"/>
+        <vers num="9.1.5"/>
+        <vers num="9.1.6"/>
+        <vers num="9.1.7"/>
+        <vers num="9.1.8"/>
+        <vers num="9.1.9"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.2.3"/>
+        <vers num="9.2.4"/>
+        <vers num="9.2.5"/>
+        <vers num="9.2.6"/>
+        <vers num="9.3"/>
+        <vers num="9.3.1"/>
+        <vers num="9.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0065" published="2014-03-31" name="CVE-2014-0065" modified="2014-04-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.postgresql.org/about/news/1506/" source="CONFIRM" adv="1">http://www.postgresql.org/about/news/1506/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2865" source="DEBIAN">DSA-2865</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2864" source="DEBIAN">DSA-2864</ref>
+      <ref url="http://wiki.postgresql.org/wiki/20140220securityrelease" source="CONFIRM" adv="1">http://wiki.postgresql.org/wiki/20140220securityrelease</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="postgresql" name="postgresql">
+        <vers num="8.4.1"/>
+        <vers num="8.4.10"/>
+        <vers num="8.4.11"/>
+        <vers num="8.4.12"/>
+        <vers num="8.4.13"/>
+        <vers num="8.4.14"/>
+        <vers num="8.4.15"/>
+        <vers num="8.4.16"/>
+        <vers num="8.4.17"/>
+        <vers num="8.4.18"/>
+        <vers prev="1" num="8.4.19"/>
+        <vers num="8.4.2"/>
+        <vers num="8.4.3"/>
+        <vers num="8.4.4"/>
+        <vers num="8.4.5"/>
+        <vers num="8.4.6"/>
+        <vers num="8.4.7"/>
+        <vers num="8.4.8"/>
+        <vers num="8.4.9"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+        <vers num="9.0.10"/>
+        <vers num="9.0.11"/>
+        <vers num="9.0.12"/>
+        <vers num="9.0.13"/>
+        <vers num="9.0.14"/>
+        <vers num="9.0.15"/>
+        <vers num="9.0.2"/>
+        <vers num="9.0.3"/>
+        <vers num="9.0.4"/>
+        <vers num="9.0.5"/>
+        <vers num="9.0.6"/>
+        <vers num="9.0.7"/>
+        <vers num="9.0.8"/>
+        <vers num="9.0.9"/>
+        <vers num="9.1"/>
+        <vers num="9.1.1"/>
+        <vers num="9.1.10"/>
+        <vers num="9.1.11"/>
+        <vers num="9.1.2"/>
+        <vers num="9.1.3"/>
+        <vers num="9.1.4"/>
+        <vers num="9.1.5"/>
+        <vers num="9.1.6"/>
+        <vers num="9.1.7"/>
+        <vers num="9.1.8"/>
+        <vers num="9.1.9"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.2.3"/>
+        <vers num="9.2.4"/>
+        <vers num="9.2.5"/>
+        <vers num="9.2.6"/>
+        <vers num="9.3"/>
+        <vers num="9.3.1"/>
+        <vers num="9.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0066" published="2014-03-31" name="CVE-2014-0066" modified="2014-04-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.postgresql.org/about/news/1506/" source="CONFIRM" adv="1">http://www.postgresql.org/about/news/1506/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2865" source="DEBIAN">DSA-2865</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2864" source="DEBIAN">DSA-2864</ref>
+      <ref url="http://wiki.postgresql.org/wiki/20140220securityrelease" source="CONFIRM" adv="1">http://wiki.postgresql.org/wiki/20140220securityrelease</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="postgresql" name="postgresql">
+        <vers num="8.4.1"/>
+        <vers num="8.4.10"/>
+        <vers num="8.4.11"/>
+        <vers num="8.4.12"/>
+        <vers num="8.4.13"/>
+        <vers num="8.4.14"/>
+        <vers num="8.4.15"/>
+        <vers num="8.4.16"/>
+        <vers num="8.4.17"/>
+        <vers num="8.4.18"/>
+        <vers prev="1" num="8.4.19"/>
+        <vers num="8.4.2"/>
+        <vers num="8.4.3"/>
+        <vers num="8.4.4"/>
+        <vers num="8.4.5"/>
+        <vers num="8.4.6"/>
+        <vers num="8.4.7"/>
+        <vers num="8.4.8"/>
+        <vers num="8.4.9"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+        <vers num="9.0.10"/>
+        <vers num="9.0.11"/>
+        <vers num="9.0.12"/>
+        <vers num="9.0.13"/>
+        <vers num="9.0.14"/>
+        <vers num="9.0.15"/>
+        <vers num="9.0.2"/>
+        <vers num="9.0.3"/>
+        <vers num="9.0.4"/>
+        <vers num="9.0.5"/>
+        <vers num="9.0.6"/>
+        <vers num="9.0.7"/>
+        <vers num="9.0.8"/>
+        <vers num="9.0.9"/>
+        <vers num="9.1"/>
+        <vers num="9.1.1"/>
+        <vers num="9.1.10"/>
+        <vers num="9.1.11"/>
+        <vers num="9.1.2"/>
+        <vers num="9.1.3"/>
+        <vers num="9.1.4"/>
+        <vers num="9.1.5"/>
+        <vers num="9.1.6"/>
+        <vers num="9.1.7"/>
+        <vers num="9.1.8"/>
+        <vers num="9.1.9"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.2.3"/>
+        <vers num="9.2.4"/>
+        <vers num="9.2.5"/>
+        <vers num="9.2.6"/>
+        <vers num="9.3"/>
+        <vers num="9.3.1"/>
+        <vers num="9.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0067" published="2014-03-31" name="CVE-2014-0067" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.postgresql.org/about/news/1506/" source="CONFIRM">http://www.postgresql.org/about/news/1506/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2865" source="DEBIAN">DSA-2865</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2864" source="DEBIAN">DSA-2864</ref>
+      <ref url="http://wiki.postgresql.org/wiki/20140220securityrelease" source="CONFIRM" adv="1">http://wiki.postgresql.org/wiki/20140220securityrelease</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="postgresql" name="postgresql">
+        <vers num="8.4.1"/>
+        <vers num="8.4.10"/>
+        <vers num="8.4.11"/>
+        <vers num="8.4.12"/>
+        <vers num="8.4.13"/>
+        <vers num="8.4.14"/>
+        <vers num="8.4.15"/>
+        <vers num="8.4.16"/>
+        <vers num="8.4.17"/>
+        <vers num="8.4.18"/>
+        <vers prev="1" num="8.4.19"/>
+        <vers num="8.4.2"/>
+        <vers num="8.4.3"/>
+        <vers num="8.4.4"/>
+        <vers num="8.4.5"/>
+        <vers num="8.4.6"/>
+        <vers num="8.4.7"/>
+        <vers num="8.4.8"/>
+        <vers num="8.4.9"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+        <vers num="9.0.10"/>
+        <vers num="9.0.11"/>
+        <vers num="9.0.12"/>
+        <vers num="9.0.13"/>
+        <vers num="9.0.14"/>
+        <vers num="9.0.15"/>
+        <vers num="9.0.2"/>
+        <vers num="9.0.3"/>
+        <vers num="9.0.4"/>
+        <vers num="9.0.5"/>
+        <vers num="9.0.6"/>
+        <vers num="9.0.7"/>
+        <vers num="9.0.8"/>
+        <vers num="9.0.9"/>
+        <vers num="9.1"/>
+        <vers num="9.1.1"/>
+        <vers num="9.1.10"/>
+        <vers num="9.1.11"/>
+        <vers num="9.1.2"/>
+        <vers num="9.1.3"/>
+        <vers num="9.1.4"/>
+        <vers num="9.1.5"/>
+        <vers num="9.1.6"/>
+        <vers num="9.1.7"/>
+        <vers num="9.1.8"/>
+        <vers num="9.1.9"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.2.3"/>
+        <vers num="9.2.4"/>
+        <vers num="9.2.5"/>
+        <vers num="9.2.6"/>
+        <vers num="9.3"/>
+        <vers num="9.3.1"/>
+        <vers num="9.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0069" published="2014-02-28" name="CVE-2014-0069" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:L/AC:H/Au:N/C:C/I:C/A:C)" CVSS_score="6.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="1.9" CVSS_base_score="6.2">
+    <desc>
+      <descript source="cve">The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/5d81de8e8667da7135d3a32a964087c0faf5483f</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d81de8e8667da7135d3a32a964087c0faf5483f" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5d81de8e8667da7135d3a32a964087c0faf5483f</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1064253" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1064253</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/17/4" source="MLIST">[oss-security] 20140217 CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0328.html" source="REDHAT">RHSA-2014:0328</ref>
+      <ref url="http://article.gmane.org/gmane.linux.kernel.cifs/9401" source="MLIST">[linux-cifs] 20140214 [PATCH] cifs: ensure that uncached writes handle unmapped areas correctly</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers prev="1" num="3.13.5"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-0070" reject="1" published="2014-02-26" name="CVE-2014-0070" modified="2014-02-26">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: This candidate was withdrawn by its CNA.  Further investigation showed that it was not a security issue.  Notes: none.</descript>
+    </desc>
+    <refs/>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0071" published="2014-04-17" name="CVE-2014-0071" modified="2014-04-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1064163" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1064163</ref>
+      <ref url="http://www.securityfocus.com/bid/66001" source="BID">66001</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0233.html" source="REDHAT" adv="1">RHSA-2014:0233</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="redhat" name="openstack">
+        <vers num="4.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0076" published="2014-03-25" name="CVE-2014-0076" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.novell.com/show_bug.cgi?id=869945" source="CONFIRM">https://bugzilla.novell.com/show_bug.cgi?id=869945</ref>
+      <ref url="https://bugs.gentoo.org/show_bug.cgi?id=505278" source="CONFIRM">https://bugs.gentoo.org/show_bug.cgi?id=505278</ref>
+      <ref url="http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29" source="CONFIRM">http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29</ref>
+      <ref url="http://eprint.iacr.org/2014/140" source="MISC">http://eprint.iacr.org/2014/140</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openssl" name="openssl">
+        <vers num="0.9.1c"/>
+        <vers num="0.9.2b"/>
+        <vers num="0.9.3"/>
+        <vers num="0.9.3a"/>
+        <vers num="0.9.4"/>
+        <vers num="0.9.5" edition="beta1"/>
+        <vers num="0.9.5" edition="beta2"/>
+        <vers num="0.9.5a" edition="beta1"/>
+        <vers num="0.9.5a" edition="beta2"/>
+        <vers num="0.9.6" edition="beta1"/>
+        <vers num="0.9.6" edition="beta2"/>
+        <vers num="0.9.6" edition="beta3"/>
+        <vers num="0.9.6a" edition="beta1"/>
+        <vers num="0.9.6a" edition="beta2"/>
+        <vers num="0.9.6a" edition="beta3"/>
+        <vers num="0.9.6b"/>
+        <vers num="0.9.6c"/>
+        <vers num="0.9.6d"/>
+        <vers num="0.9.6e"/>
+        <vers num="0.9.6f"/>
+        <vers num="0.9.6g"/>
+        <vers num="0.9.6h"/>
+        <vers num="0.9.6i"/>
+        <vers num="0.9.6j"/>
+        <vers num="0.9.6k"/>
+        <vers num="0.9.6l"/>
+        <vers num="0.9.6m"/>
+        <vers num="0.9.7" edition="beta1"/>
+        <vers num="0.9.7" edition="beta2"/>
+        <vers num="0.9.7" edition="beta3"/>
+        <vers num="0.9.7" edition="beta4"/>
+        <vers num="0.9.7" edition="beta5"/>
+        <vers num="0.9.7" edition="beta6"/>
+        <vers num="0.9.7a"/>
+        <vers num="0.9.7b"/>
+        <vers num="0.9.7c"/>
+        <vers num="0.9.7d"/>
+        <vers num="0.9.7e"/>
+        <vers num="0.9.7f"/>
+        <vers num="0.9.7g"/>
+        <vers num="0.9.7h"/>
+        <vers num="0.9.7i"/>
+        <vers num="0.9.7j"/>
+        <vers num="0.9.7k"/>
+        <vers num="0.9.7l"/>
+        <vers num="0.9.7m"/>
+        <vers num="0.9.8"/>
+        <vers num="0.9.8a"/>
+        <vers num="0.9.8b"/>
+        <vers num="0.9.8c"/>
+        <vers num="0.9.8d"/>
+        <vers num="0.9.8e"/>
+        <vers num="0.9.8f"/>
+        <vers num="0.9.8g"/>
+        <vers num="0.9.8h"/>
+        <vers num="0.9.8i"/>
+        <vers num="0.9.8j"/>
+        <vers num="0.9.8k"/>
+        <vers num="0.9.8l"/>
+        <vers num="0.9.8m" edition="beta1"/>
+        <vers num="0.9.8n"/>
+        <vers num="0.9.8o"/>
+        <vers num="0.9.8p"/>
+        <vers num="0.9.8q"/>
+        <vers num="0.9.8r"/>
+        <vers num="0.9.8s"/>
+        <vers num="0.9.8t"/>
+        <vers num="0.9.8u"/>
+        <vers num="0.9.8v"/>
+        <vers num="0.9.8w"/>
+        <vers num="0.9.8x"/>
+        <vers num="0.9.8y"/>
+        <vers num="1.0.0" edition="beta1"/>
+        <vers num="1.0.0" edition="beta2"/>
+        <vers num="1.0.0" edition="beta3"/>
+        <vers num="1.0.0" edition="beta4"/>
+        <vers num="1.0.0" edition="beta5"/>
+        <vers num="1.0.0a"/>
+        <vers num="1.0.0b"/>
+        <vers num="1.0.0c"/>
+        <vers num="1.0.0d"/>
+        <vers num="1.0.0e"/>
+        <vers num="1.0.0f"/>
+        <vers num="1.0.0g"/>
+        <vers num="1.0.0h"/>
+        <vers num="1.0.0i"/>
+        <vers num="1.0.0j"/>
+        <vers num="1.0.0k"/>
+        <vers prev="1" num="1.0.0l"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0077" published="2014-04-14" name="CVE-2014-0077" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:A/AC:H/Au:S/C:P/I:P/A:C)" CVSS_score="5.5" CVSS_impact_subscore="8.5" CVSS_exploit_subscore="2.5" CVSS_base_score="5.5">
+    <desc>
+      <descript source="cve">drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10" source="CONFIRM" patch="1">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d8316f3991d207fe32881a9ac20241be8fa2bad0" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d8316f3991d207fe32881a9ac20241be8fa2bad0</ref>
+      <ref url="https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0" source="CONFIRM">https://github.com/torvalds/linux/commit/d8316f3991d207fe32881a9ac20241be8fa2bad0</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1064440" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1064440</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.14"/>
+        <vers num="3.12.15"/>
+        <vers num="3.12.16"/>
+        <vers num="3.12.17"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers num="3.13.6"/>
+        <vers num="3.13.7"/>
+        <vers num="3.13.8"/>
+        <vers prev="1" num="3.13.9"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0079" published="2014-04-28" name="CVE-2014-0079" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1059903" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1059903</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:044" source="MANDRIVA">MDVSA-2014:044</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="zarafa" name="zarafa">
+        <vers num="5.00"/>
+        <vers num="5.01"/>
+        <vers num="5.02"/>
+        <vers num="5.10"/>
+        <vers num="5.11"/>
+        <vers num="5.20"/>
+        <vers num="5.22"/>
+        <vers num="6.00"/>
+        <vers num="6.01"/>
+        <vers num="6.02"/>
+        <vers num="6.03"/>
+        <vers num="6.10"/>
+        <vers num="6.11"/>
+        <vers prev="1" num="6.20"/>
+        <vers num="7.1.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0080" published="2014-02-20" name="CVE-2014-0080" modified="2014-02-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ" source="MLIST">[rubyonrails-security] 20140218 Data Injection Vulnerability in Active Record (CVE-2014-0080)</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/18/9" source="MLIST">[oss-security] 20140218 Data Injection Vulnerability in Active Record (CVE-2014-0080)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="rubyonrails" name="ruby_on_rails">
+        <vers num="4.0.0" edition="-"/>
+        <vers num="4.0.0" edition="beta"/>
+        <vers num="4.0.0" edition="rc1"/>
+        <vers num="4.0.0" edition="rc2"/>
+        <vers num="4.0.1" edition="-"/>
+        <vers num="4.0.1" edition="rc1"/>
+        <vers num="4.0.1" edition="rc2"/>
+        <vers num="4.0.1" edition="rc3"/>
+        <vers num="4.0.1" edition="rc4"/>
+        <vers num="4.0.2" edition="-"/>
+        <vers num="4.1.0" edition="beta1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0081" published="2014-02-20" name="CVE-2014-0081" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ" source="MLIST">[rubyonrails-security] 20140218 XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081)</ref>
+      <ref url="http://secunia.com/advisories/57376" source="SECUNIA">57376</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0306.html" source="REDHAT">RHSA-2014:0306</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0215.html" source="REDHAT">RHSA-2014:0215</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/18/8" source="MLIST">[oss-security] 20140218 XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081)</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" source="SUSE">openSUSE-SU-2014:0295</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="rubyonrails" name="ruby_on_rails">
+        <vers num="0.10.0"/>
+        <vers num="0.10.1"/>
+        <vers num="0.11.0"/>
+        <vers num="0.11.1"/>
+        <vers num="0.12.0"/>
+        <vers num="0.12.1"/>
+        <vers num="0.13.0"/>
+        <vers num="0.13.1"/>
+        <vers num="0.14.1"/>
+        <vers num="0.14.2"/>
+        <vers num="0.14.3"/>
+        <vers num="0.14.4"/>
+        <vers num="0.5.0"/>
+        <vers num="0.5.5"/>
+        <vers num="0.5.6"/>
+        <vers num="0.5.7"/>
+        <vers num="0.6.0"/>
+        <vers num="0.6.5"/>
+        <vers num="0.7.0"/>
+        <vers num="0.8.0"/>
+        <vers num="0.8.5"/>
+        <vers num="0.9.0"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="0.9.4"/>
+        <vers num="0.9.4.1"/>
+        <vers num="1.0.0"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.3"/>
+        <vers num="1.1.4"/>
+        <vers num="1.1.5"/>
+        <vers num="1.1.6"/>
+        <vers num="1.2.0"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5"/>
+        <vers num="1.2.6"/>
+        <vers num="1.9.5"/>
+        <vers num="2.0.0" edition="rc1"/>
+        <vers num="2.0.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.4"/>
+        <vers num="2.1"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.2.0"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.2"/>
+        <vers num="2.3.0"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers num="2.3.11"/>
+        <vers num="2.3.12"/>
+        <vers num="2.3.13"/>
+        <vers num="2.3.14"/>
+        <vers num="2.3.15"/>
+        <vers num="2.3.16"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.9"/>
+        <vers num="3.0.0" edition="beta"/>
+        <vers num="3.0.0" edition="beta2"/>
+        <vers num="3.0.0" edition="beta3"/>
+        <vers num="3.0.0" edition="beta4"/>
+        <vers num="3.0.0" edition="rc"/>
+        <vers num="3.0.0" edition="rc2"/>
+        <vers num="3.0.1" edition="pre"/>
+        <vers num="3.0.10" edition="rc1"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12" edition="rc1"/>
+        <vers num="3.0.13" edition="rc1"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2" edition="pre"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4" edition="rc"/>
+        <vers num="3.0.4" edition="rc1"/>
+        <vers num="3.0.5" edition="rc1"/>
+        <vers num="3.0.6" edition="rc1"/>
+        <vers num="3.0.6" edition="rc2"/>
+        <vers num="3.0.7" edition="rc1"/>
+        <vers num="3.0.7" edition="rc2"/>
+        <vers num="3.0.8" edition="rc1"/>
+        <vers num="3.0.8" edition="rc2"/>
+        <vers num="3.0.8" edition="rc3"/>
+        <vers num="3.0.8" edition="rc4"/>
+        <vers num="3.0.9" edition="rc1"/>
+        <vers num="3.0.9" edition="rc2"/>
+        <vers num="3.0.9" edition="rc3"/>
+        <vers num="3.0.9" edition="rc4"/>
+        <vers num="3.0.9" edition="rc5"/>
+        <vers num="3.1.0" edition="beta1"/>
+        <vers num="3.1.0" edition="rc1"/>
+        <vers num="3.1.0" edition="rc2"/>
+        <vers num="3.1.0" edition="rc3"/>
+        <vers num="3.1.0" edition="rc4"/>
+        <vers num="3.1.0" edition="rc5"/>
+        <vers num="3.1.0" edition="rc6"/>
+        <vers num="3.1.0" edition="rc7"/>
+        <vers num="3.1.0" edition="rc8"/>
+        <vers num="3.1.1" edition="rc1"/>
+        <vers num="3.1.1" edition="rc2"/>
+        <vers num="3.1.1" edition="rc3"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2" edition="rc1"/>
+        <vers num="3.1.2" edition="rc2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4" edition="rc1"/>
+        <vers num="3.1.5" edition="rc1"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.2.0" edition="rc1"/>
+        <vers num="3.2.0" edition="rc2"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13" edition="rc1"/>
+        <vers num="3.2.13" edition="rc2"/>
+        <vers num="3.2.14" edition="rc1"/>
+        <vers num="3.2.14" edition="rc2"/>
+        <vers num="3.2.15" edition="rc1"/>
+        <vers num="3.2.15" edition="rc2"/>
+        <vers num="3.2.15" edition="rc3"/>
+        <vers prev="1" num="3.2.16"/>
+        <vers num="3.2.2" edition="rc1"/>
+        <vers num="3.2.3" edition="rc1"/>
+        <vers num="3.2.3" edition="rc2"/>
+        <vers num="3.2.4" edition="rc1"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="4.0.0" edition="-"/>
+        <vers num="4.0.0" edition="beta"/>
+        <vers num="4.0.0" edition="rc1"/>
+        <vers num="4.0.0" edition="rc2"/>
+        <vers num="4.0.1" edition="-"/>
+        <vers num="4.0.1" edition="rc1"/>
+        <vers num="4.0.1" edition="rc2"/>
+        <vers num="4.0.1" edition="rc3"/>
+        <vers num="4.0.1" edition="rc4"/>
+        <vers num="4.0.2" edition="-"/>
+        <vers num="4.1.0" edition="beta1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0082" published="2014-02-20" name="CVE-2014-0082" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ" source="MLIST">[rubyonrails-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</ref>
+      <ref url="http://secunia.com/advisories/57836" source="SECUNIA">57836</ref>
+      <ref url="http://secunia.com/advisories/57376" source="SECUNIA">57376</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0306.html" source="REDHAT">RHSA-2014:0306</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0215.html" source="REDHAT">RHSA-2014:0215</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/18/10" source="MLIST">[oss-security] 20140218 Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082)</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" source="SUSE">openSUSE-SU-2014:0295</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="rubyonrails" name="ruby_on_rails">
+        <vers num="3.0.0" edition="beta"/>
+        <vers num="3.0.0" edition="beta2"/>
+        <vers num="3.0.0" edition="beta3"/>
+        <vers num="3.0.0" edition="beta4"/>
+        <vers num="3.0.0" edition="rc"/>
+        <vers num="3.0.0" edition="rc2"/>
+        <vers num="3.0.1" edition="pre"/>
+        <vers num="3.0.10" edition="rc1"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12" edition="rc1"/>
+        <vers num="3.0.13" edition="rc1"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2" edition="pre"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4" edition="rc"/>
+        <vers num="3.0.4" edition="rc1"/>
+        <vers num="3.0.5" edition="rc1"/>
+        <vers num="3.0.6" edition="rc1"/>
+        <vers num="3.0.6" edition="rc2"/>
+        <vers num="3.0.7" edition="rc1"/>
+        <vers num="3.0.7" edition="rc2"/>
+        <vers num="3.0.8" edition="rc1"/>
+        <vers num="3.0.8" edition="rc2"/>
+        <vers num="3.0.8" edition="rc3"/>
+        <vers num="3.0.8" edition="rc4"/>
+        <vers num="3.0.9" edition="rc1"/>
+        <vers num="3.0.9" edition="rc2"/>
+        <vers num="3.0.9" edition="rc3"/>
+        <vers num="3.0.9" edition="rc4"/>
+        <vers num="3.0.9" edition="rc5"/>
+        <vers num="3.1.0" edition="beta1"/>
+        <vers num="3.1.0" edition="rc1"/>
+        <vers num="3.1.0" edition="rc2"/>
+        <vers num="3.1.0" edition="rc3"/>
+        <vers num="3.1.0" edition="rc4"/>
+        <vers num="3.1.0" edition="rc5"/>
+        <vers num="3.1.0" edition="rc6"/>
+        <vers num="3.1.0" edition="rc7"/>
+        <vers num="3.1.0" edition="rc8"/>
+        <vers num="3.1.1" edition="rc1"/>
+        <vers num="3.1.1" edition="rc2"/>
+        <vers num="3.1.1" edition="rc3"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2" edition="rc1"/>
+        <vers num="3.1.2" edition="rc2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4" edition="rc1"/>
+        <vers num="3.1.5" edition="rc1"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.2.0" edition="rc1"/>
+        <vers num="3.2.0" edition="rc2"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13" edition="rc1"/>
+        <vers num="3.2.13" edition="rc2"/>
+        <vers num="3.2.14" edition="rc1"/>
+        <vers num="3.2.14" edition="rc2"/>
+        <vers num="3.2.15" edition="rc1"/>
+        <vers num="3.2.15" edition="rc2"/>
+        <vers num="3.2.15" edition="rc3"/>
+        <vers prev="1" num="3.2.16"/>
+        <vers num="3.2.2" edition="rc1"/>
+        <vers num="3.2.3" edition="rc1"/>
+        <vers num="3.2.3" edition="rc2"/>
+        <vers num="3.2.4" edition="rc1"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0085" published="2014-04-17" name="CVE-2014-0085" modified="2014-04-17" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1067265" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1067265</ref>
+      <ref url="http://secunia.com/advisories/57915" source="SECUNIA" adv="1">57915</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0400.html" source="REDHAT">RHSA-2014:0400</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="zookeeper">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="redhat" name="jboss_fuse">
+        <vers num="6.0.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0086" published="2014-03-31" name="CVE-2014-0086" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://issues.jboss.org/browse/RF-13250" source="CONFIRM" patch="1">https://issues.jboss.org/browse/RF-13250</ref>
+      <ref url="https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757" source="CONFIRM" patch="1">https://github.com/pslegr/core-1/commit/8131f15003f5bec73d475d2b724472e4b87d0757</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1067268" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1067268</ref>
+      <ref url="http://secunia.com/advisories/57053" source="SECUNIA" adv="1">57053</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="redhat" name="jboss_web_framework_kit">
+        <vers num="2.5.0"/>
+      </prod>
+      <prod vendor="redhat" name="richfaces">
+        <vers num="4.3.4"/>
+        <vers num="4.3.5"/>
+        <vers num="5.0.0" edition="alpha1"/>
+        <vers num="5.0.0" edition="alpha2"/>
+        <vers num="5.0.0" edition="alpha3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0088" published="2014-04-29" name="CVE-2014-0088" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html" source="MLIST" patch="1">[nginx-announce] 20140304 nginx security advisory (CVE-2014-0088)</ref>
+      <ref url="http://www.securitytracker.com/id/1030150" source="SECTRACK">1030150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="igor_sysoev" name="nginx">
+        <vers num="1.5.10"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0089" published="2014-03-27" name="CVE-2014-0089" modified="2014-03-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://projects.theforeman.org/issues/4456" source="CONFIRM" patch="1">http://projects.theforeman.org/issues/4456</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1071741" source="MISC">https://bugzilla.redhat.com/show_bug.cgi?id=1071741</ref>
+      <ref url="http://theforeman.org/security.html" source="CONFIRM" adv="1">http://theforeman.org/security.html</ref>
+      <ref url="http://secunia.com/advisories/57575" source="SECUNIA" adv="1">57575</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="theforeman" name="foreman">
+        <vers num="1.4.0"/>
+        <vers num="1.4.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0092" published="2014-03-06" name="CVE-2014-0092" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1069865" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1069865</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2127-1" source="UBUNTU">USN-2127-1</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2869" source="DEBIAN">DSA-2869</ref>
+      <ref url="http://secunia.com/advisories/57321" source="SECUNIA">57321</ref>
+      <ref url="http://secunia.com/advisories/57274" source="SECUNIA">57274</ref>
+      <ref url="http://secunia.com/advisories/57260" source="SECUNIA">57260</ref>
+      <ref url="http://secunia.com/advisories/57254" source="SECUNIA">57254</ref>
+      <ref url="http://secunia.com/advisories/57204" source="SECUNIA" adv="1">57204</ref>
+      <ref url="http://secunia.com/advisories/57103" source="SECUNIA">57103</ref>
+      <ref url="http://secunia.com/advisories/56933" source="SECUNIA" adv="1">56933</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0339.html" source="REDHAT">RHSA-2014:0339</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0288.html" source="REDHAT">RHSA-2014:0288</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0247.html" source="REDHAT">RHSA-2014:0247</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0246.html" source="REDHAT">RHSA-2014:0246</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html" source="SUSE">SUSE-SU-2014:0445</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html" source="SUSE">openSUSE-SU-2014:0346</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html" source="SUSE">openSUSE-SU-2014:0328</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html" source="SUSE">openSUSE-SU-2014:0325</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html" source="SUSE">SUSE-SU-2014:0324</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html" source="SUSE">SUSE-SU-2014:0323</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html" source="SUSE">SUSE-SU-2014:0322</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html" source="SUSE">SUSE-SU-2014:0321</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" source="SUSE">SUSE-SU-2014:0320</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html" source="SUSE">SUSE-SU-2014:0319</ref>
+      <ref url="http://gnutls.org/security.html#GNUTLS-SA-2014-2" source="CONFIRM">http://gnutls.org/security.html#GNUTLS-SA-2014-2</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="gnu" name="gnutls">
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.18"/>
+        <vers num="3.1.19"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.20"/>
+        <vers prev="1" num="3.1.21"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.2.0"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers prev="1" num="3.2.11"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.8.1"/>
+        <vers num="3.2.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0093" published="2014-04-03" name="CVE-2014-0093" modified="2014-04-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://secunia.com/advisories/57675" source="SECUNIA" adv="1">57675</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0345.html" source="REDHAT" adv="1">RHSA-2014:0345</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0344.html" source="REDHAT" adv="1">RHSA-2014:0344</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0343.html" source="REDHAT" adv="1">RHSA-2014:0343</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="redhat" name="jboss_enterprise_application_platform">
+        <vers num="6.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0094" published="2014-03-11" name="CVE-2014-0094" modified="2014-03-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The ParametersInterceptor in Apache Struts before 2.3.16.1 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029876" source="SECTRACK">1029876</ref>
+      <ref url="http://www.securityfocus.com/bid/65999" source="BID">65999</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531362/100/0/threaded" source="BUGTRAQ">20140306 [ANN] Struts 2.3.16.1 GA release available - security fix</ref>
+      <ref url="http://struts.apache.org/release/2.3.x/docs/s2-020.html" source="CONFIRM" adv="1">http://struts.apache.org/release/2.3.x/docs/s2-020.html</ref>
+      <ref url="http://secunia.com/advisories/56440" source="SECUNIA" adv="1">56440</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="struts">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.11.1"/>
+        <vers num="2.0.11.2"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.8.1"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.1.1"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.3.1"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.1.1"/>
+        <vers num="2.3.1.2"/>
+        <vers num="2.3.12"/>
+        <vers num="2.3.14"/>
+        <vers num="2.3.14.1"/>
+        <vers num="2.3.14.2"/>
+        <vers num="2.3.14.3"/>
+        <vers num="2.3.15"/>
+        <vers num="2.3.15.1"/>
+        <vers num="2.3.15.2"/>
+        <vers num="2.3.15.3"/>
+        <vers prev="1" num="2.3.16"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.4.1"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0098" published="2014-03-18" name="CVE-2014-0098" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394&amp;r2=1575400&amp;diff_format=h" source="CONFIRM" patch="1">http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394&amp;r2=1575400&amp;diff_format=h</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2152-1" source="UBUNTU">USN-2152-1</ref>
+      <ref url="http://www.apache.org/dist/httpd/CHANGES_2.4.9" source="CONFIRM">http://www.apache.org/dist/httpd/CHANGES_2.4.9</ref>
+      <ref url="http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c" source="CONFIRM">http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="http_server">
+        <vers num="2.0"/>
+        <vers num="2.0.28" edition="beta"/>
+        <vers num="2.0.32" edition="beta"/>
+        <vers num="2.0.34" edition="beta"/>
+        <vers num="2.0.35"/>
+        <vers num="2.0.36"/>
+        <vers num="2.0.37"/>
+        <vers num="2.0.38"/>
+        <vers num="2.0.39"/>
+        <vers num="2.0.40"/>
+        <vers num="2.0.41"/>
+        <vers num="2.0.42"/>
+        <vers num="2.0.43"/>
+        <vers num="2.0.44"/>
+        <vers num="2.0.45"/>
+        <vers num="2.0.46"/>
+        <vers num="2.0.47"/>
+        <vers num="2.0.48"/>
+        <vers num="2.0.49"/>
+        <vers num="2.0.50"/>
+        <vers num="2.0.51"/>
+        <vers num="2.0.52"/>
+        <vers num="2.0.53"/>
+        <vers num="2.0.54"/>
+        <vers num="2.0.55"/>
+        <vers num="2.0.56"/>
+        <vers num="2.0.57"/>
+        <vers num="2.0.58"/>
+        <vers num="2.0.59"/>
+        <vers num="2.0.60"/>
+        <vers num="2.0.61"/>
+        <vers num="2.0.63"/>
+        <vers num="2.0.64"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2"/>
+        <vers num="2.2.0"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers num="2.2.11"/>
+        <vers num="2.2.12"/>
+        <vers num="2.2.13"/>
+        <vers num="2.2.14"/>
+        <vers num="2.2.15"/>
+        <vers num="2.2.16"/>
+        <vers num="2.2.17"/>
+        <vers num="2.2.18"/>
+        <vers num="2.2.19"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.20"/>
+        <vers num="2.2.21"/>
+        <vers num="2.2.22"/>
+        <vers num="2.2.23"/>
+        <vers num="2.2.24"/>
+        <vers num="2.2.25"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+        <vers num="2.3.0"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers num="2.3.11"/>
+        <vers num="2.3.12"/>
+        <vers num="2.3.13"/>
+        <vers num="2.3.14"/>
+        <vers num="2.3.15"/>
+        <vers num="2.3.16"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4.0"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.6"/>
+        <vers prev="1" num="2.4.7"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0100" published="2014-03-11" name="CVE-2014-0100" modified="2014-03-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/04/4" source="MLIST" patch="1">[oss-security] 20140304 CVE-2014-0100 -- Linux kernel: net: inet frag code race condition leading to user-after-free</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1070618" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1070618</ref>
+      <ref url="http://patchwork.ozlabs.org/patch/325844/" source="MISC">http://patchwork.ozlabs.org/patch/325844/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers num="3.13.6"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0101" published="2014-03-11" name="CVE-2014-0101" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/04/6" source="MLIST" patch="1">[oss-security] 20140304 CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk</ref>
+      <ref url="https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729" source="CONFIRM">https://github.com/torvalds/linux/commit/ec0223ec48a90cb605244b45f7c62de856403729</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1070705" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1070705</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0328.html" source="REDHAT">RHSA-2014:0328</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ec0223ec48a90cb605244b45f7c62de856403729" source="CONFIRM">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ec0223ec48a90cb605244b45f7c62de856403729</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers num="3.13.6"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0102" published="2014-03-11" name="CVE-2014-0102" modified="2014-03-11" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:S/C:N/I:N/A:C)" CVSS_score="5.2" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="4.4" CVSS_base_score="5.2">
+    <desc>
+      <descript source="cve">The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/04/21" source="MLIST" patch="1">[oss-security] 20140304 CVE-2014-0102 -- Linux kernel: security: keyring cycle detector DoS</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1072419" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1072419</ref>
+      <ref url="http://www.kernelhub.org/?msg=425013&amp;p=2" source="MISC">http://www.kernelhub.org/?msg=425013&amp;p=2</ref>
+      <ref url="http://lkml.org/lkml/2014/2/27/507" source="MLIST">[linux-kernel] 20140227 kernel BUG at security/keys/keyring.c:1003!</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers num="3.13.6"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0105" published="2014-04-15" name="CVE-2014-0105" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="6.0" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.8" CVSS_base_score="6.0">
+    <desc>
+      <descript source="cve">The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/27/4" source="MLIST" patch="1">[oss-security] 20140327 [OSSA 2014-007] Potential context confusion in Keystone middleware  (CVE-2014-0105)</ref>
+      <ref url="https://bugs.launchpad.net/python-keystoneclient/+bug/1282865" source="CONFIRM" adv="1">https://bugs.launchpad.net/python-keystoneclient/+bug/1282865</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0382.html" source="REDHAT">RHSA-2014:0382</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openstack" name="python-keystoneclient">
+        <vers num="0.2.2"/>
+        <vers num="0.2.3"/>
+        <vers num="0.2.4"/>
+        <vers num="0.3.0"/>
+        <vers num="0.3.1"/>
+        <vers num="0.3.2"/>
+        <vers prev="1" num="0.4.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0106" published="2014-03-11" name="CVE-2014-0106" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:S/C:C/I:C/A:C)" CVSS_score="6.6" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="2.7" CVSS_base_score="6.6">
+    <desc>
+      <descript source="cve">Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.sudo.ws/sudo/alerts/env_add.html" source="CONFIRM" patch="1" adv="1">http://www.sudo.ws/sudo/alerts/env_add.html</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2146-1" source="UBUNTU">USN-2146-1</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/06/2" source="MLIST">[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0266.html" source="REDHAT">RHSA-2014:0266</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="todd_miller" name="sudo">
+        <vers num="1.6.9"/>
+        <vers num="1.6.9p20"/>
+        <vers num="1.6.9p21"/>
+        <vers num="1.6.9p22"/>
+        <vers num="1.6.9p23"/>
+        <vers num="1.7.0"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.10"/>
+        <vers num="1.7.10p1"/>
+        <vers num="1.7.10p10"/>
+        <vers num="1.7.10p2"/>
+        <vers num="1.7.10p3"/>
+        <vers num="1.7.10p4"/>
+        <vers num="1.7.10p5"/>
+        <vers num="1.7.10p6"/>
+        <vers num="1.7.10p7"/>
+        <vers num="1.7.10p8"/>
+        <vers num="1.7.10p9"/>
+        <vers num="1.7.2"/>
+        <vers num="1.7.2p1"/>
+        <vers num="1.7.2p2"/>
+        <vers num="1.7.2p3"/>
+        <vers num="1.7.2p4"/>
+        <vers num="1.7.2p5"/>
+        <vers num="1.7.2p6"/>
+        <vers num="1.7.2p7"/>
+        <vers num="1.7.3b1"/>
+        <vers num="1.7.4"/>
+        <vers num="1.7.4p1"/>
+        <vers num="1.7.4p2"/>
+        <vers num="1.7.4p3"/>
+        <vers num="1.7.4p4"/>
+        <vers num="1.7.4p5"/>
+        <vers num="1.7.4p6"/>
+        <vers num="1.7.5"/>
+        <vers num="1.7.6"/>
+        <vers num="1.7.6p1"/>
+        <vers num="1.7.6p2"/>
+        <vers num="1.7.7"/>
+        <vers num="1.7.8"/>
+        <vers num="1.7.8p1"/>
+        <vers num="1.7.8p2"/>
+        <vers num="1.7.9"/>
+        <vers num="1.7.9p1"/>
+        <vers num="1.8.0"/>
+        <vers num="1.8.1"/>
+        <vers num="1.8.1p1"/>
+        <vers num="1.8.1p2"/>
+        <vers num="1.8.2"/>
+        <vers num="1.8.3"/>
+        <vers num="1.8.3p1"/>
+        <vers num="1.8.3p2"/>
+        <vers num="1.8.4"/>
+        <vers num="1.8.4p1"/>
+        <vers num="1.8.4p2"/>
+        <vers num="1.8.4p3"/>
+        <vers num="1.8.4p4"/>
+        <vers num="1.8.4p5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0107" published="2014-04-15" name="CVE-2014-0107" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.ocert.org/advisories/ocert-2014-002.html" source="MISC">http://www.ocert.org/advisories/ocert-2014-002.html</ref>
+      <ref url="http://svn.apache.org/viewvc?view=revision&amp;revision=1581058" source="CONFIRM" patch="1">http://svn.apache.org/viewvc?view=revision&amp;revision=1581058</ref>
+      <ref url="https://issues.apache.org/jira/browse/XALANJ-2435" source="CONFIRM">https://issues.apache.org/jira/browse/XALANJ-2435</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92023" source="XF">apache-xalanjava-cve20140107-sec-bypass(92023)</ref>
+      <ref url="http://www.securityfocus.com/bid/66397" source="BID">66397</ref>
+      <ref url="http://secunia.com/advisories/57563" source="SECUNIA">57563</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="xalan-java">
+        <vers num="1.0.0"/>
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.1.0"/>
+        <vers num="2.2.0"/>
+        <vers num="2.4.0"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5.0"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.6.0"/>
+        <vers num="2.7.0"/>
+        <vers prev="1" num="2.7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0111" published="2014-04-17" name="CVE-2014-0111" modified="2014-04-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531841/100/0/threaded" source="BUGTRAQ">20140415 [SECURITY] CVE-2014-0111 Apache Syncope</ref>
+      <ref url="http://syncope.apache.org/security.html" source="CONFIRM" adv="1">http://syncope.apache.org/security.html</ref>
+      <ref url="http://mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/%3C534CE273.9020601@apache.org%3E" source="MLIST">[www-announce] 20140415 [SECURITY] CVE-2014-0111 Apache Syncope</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="syncope">
+        <vers num="1.0.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.3"/>
+        <vers num="1.1.4"/>
+        <vers num="1.1.5"/>
+        <vers num="1.1.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0112" published="2014-04-29" name="CVE-2014-0112" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://cwiki.apache.org/confluence/display/WW/S2-021" source="CONFIRM" patch="1" adv="1">https://cwiki.apache.org/confluence/display/WW/S2-021</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1091939" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1091939</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045" source="JVNDB">JVNDB-2014-000045</ref>
+      <ref url="http://jvn.jp/en/jp/JVN19294237/index.html" source="JVN">JVN#19294237</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="struts">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.11.1"/>
+        <vers num="2.0.11.2"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.8.1"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.1.1"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.3.1"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.1.1"/>
+        <vers num="2.3.1.2"/>
+        <vers num="2.3.12"/>
+        <vers num="2.3.14"/>
+        <vers num="2.3.14.1"/>
+        <vers num="2.3.14.2"/>
+        <vers num="2.3.14.3"/>
+        <vers num="2.3.15"/>
+        <vers num="2.3.15.1"/>
+        <vers num="2.3.15.2"/>
+        <vers num="2.3.15.3"/>
+        <vers num="2.3.16"/>
+        <vers prev="1" num="2.3.16.1"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.4.1"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0113" published="2014-04-29" name="CVE-2014-0113" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://cwiki.apache.org/confluence/display/WW/S2-021" source="CONFIRM" patch="1" adv="1">https://cwiki.apache.org/confluence/display/WW/S2-021</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="struts">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.11.1"/>
+        <vers num="2.0.11.2"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.8.1"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.1.1"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.3.1"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.1.1"/>
+        <vers num="2.3.1.2"/>
+        <vers num="2.3.12"/>
+        <vers num="2.3.14"/>
+        <vers num="2.3.14.1"/>
+        <vers num="2.3.14.2"/>
+        <vers num="2.3.14.3"/>
+        <vers num="2.3.15"/>
+        <vers num="2.3.15.1"/>
+        <vers num="2.3.15.2"/>
+        <vers num="2.3.15.3"/>
+        <vers num="2.3.16"/>
+        <vers prev="1" num="2.3.16.1"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.4.1"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0114" published="2014-04-30" name="CVE-2014-0114" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1091938" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1091938</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="struts">
+        <vers num="1.0"/>
+        <vers num="1.0.2"/>
+        <vers num="1.1" edition="b1"/>
+        <vers num="1.1" edition="b2"/>
+        <vers num="1.1" edition="b3"/>
+        <vers num="1.1" edition="rc1"/>
+        <vers num="1.1" edition="rc2"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.6"/>
+        <vers num="1.2.7"/>
+        <vers num="1.2.8"/>
+        <vers num="1.2.9"/>
+        <vers num="1.3.10"/>
+        <vers num="1.3.5"/>
+        <vers num="1.3.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0122" published="2014-03-24" name="CVE-2014-0122" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:N)" CVSS_score="4.9" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="6.8" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://moodle.org/mod/forum/discuss.php?d=256418" source="CONFIRM" adv="1">https://moodle.org/mod/forum/discuss.php?d=256418</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/17/1" source="MLIST">[oss-security] 20140317 Moodle security notifications public</ref>
+      <ref url="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-44082" source="CONFIRM">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-44082</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="moodle" name="moodle">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers num="2.2.11"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers prev="1" num="2.3.11"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+        <vers num="2.4.7"/>
+        <vers num="2.4.8"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="2.6"/>
+        <vers num="2.6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0123" published="2014-03-24" name="CVE-2014-0123" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:N)" CVSS_score="4.9" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="6.8" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://moodle.org/mod/forum/discuss.php?d=256419" source="CONFIRM" adv="1">https://moodle.org/mod/forum/discuss.php?d=256419</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/17/1" source="MLIST">[oss-security] 20140317 Moodle security notifications public</ref>
+      <ref url="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-39990" source="CONFIRM">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-39990</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="moodle" name="moodle">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers num="2.2.11"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers prev="1" num="2.3.11"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+        <vers num="2.4.7"/>
+        <vers num="2.4.8"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="2.6"/>
+        <vers num="2.6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0124" published="2014-03-24" name="CVE-2014-0124" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://moodle.org/mod/forum/discuss.php?d=256421" source="CONFIRM" adv="1">https://moodle.org/mod/forum/discuss.php?d=256421</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/17/1" source="MLIST">[oss-security] 20140317 Moodle security notifications public</ref>
+      <ref url="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43916" source="CONFIRM">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43916</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="moodle" name="moodle">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers num="2.2.11"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers prev="1" num="2.3.11"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+        <vers num="2.4.7"/>
+        <vers num="2.4.8"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="2.6"/>
+        <vers num="2.6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0125" published="2014-03-24" name="CVE-2014-0125" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://moodle.org/mod/forum/discuss.php?d=256422" source="CONFIRM" adv="1">https://moodle.org/mod/forum/discuss.php?d=256422</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/17/1" source="MLIST">[oss-security] 20140317 Moodle security notifications public</ref>
+      <ref url="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-29409" source="CONFIRM">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-29409</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="moodle" name="moodle">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers num="2.2.11"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers prev="1" num="2.3.11"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+        <vers num="2.4.7"/>
+        <vers num="2.4.8"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="2.6"/>
+        <vers num="2.6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0126" published="2014-03-24" name="CVE-2014-0126" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://moodle.org/mod/forum/discuss.php?d=256423" source="CONFIRM" adv="1">https://moodle.org/mod/forum/discuss.php?d=256423</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/17/1" source="MLIST">[oss-security] 20140317 Moodle security notifications public</ref>
+      <ref url="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43146" source="CONFIRM">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43146</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="moodle" name="moodle">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers num="2.2.11"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers prev="1" num="2.3.11"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+        <vers num="2.4.7"/>
+        <vers num="2.4.8"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="2.6"/>
+        <vers num="2.6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0127" published="2014-03-24" name="CVE-2014-0127" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:N)" CVSS_score="4.9" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="6.8" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://moodle.org/mod/forum/discuss.php?d=256417" source="CONFIRM" adv="1">https://moodle.org/mod/forum/discuss.php?d=256417</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/17/1" source="MLIST">[oss-security] 20140317 Moodle security notifications public</ref>
+      <ref url="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43656" source="CONFIRM">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43656</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="moodle" name="moodle">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers num="2.2.11"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers prev="1" num="2.3.11"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+        <vers num="2.4.7"/>
+        <vers num="2.4.8"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="2.6"/>
+        <vers num="2.6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0128" published="2014-04-14" name="CVE-2014-0128" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://secunia.com/advisories/57288" source="SECUNIA" adv="1">57288</ref>
+      <ref url="http://www.squid-cache.org/Advisories/SQUID-2014_1.txt" source="CONFIRM" adv="1">http://www.squid-cache.org/Advisories/SQUID-2014_1.txt</ref>
+      <ref url="http://secunia.com/advisories/57889" source="SECUNIA" adv="1">57889</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html" source="SUSE" adv="1">openSUSE-SU-2014:0513</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="squid-cache" name="squid">
+        <vers num="3.1"/>
+        <vers num="3.1.0.1"/>
+        <vers num="3.1.0.10"/>
+        <vers num="3.1.0.11"/>
+        <vers num="3.1.0.12"/>
+        <vers num="3.1.0.13"/>
+        <vers num="3.1.0.14"/>
+        <vers num="3.1.0.15"/>
+        <vers num="3.1.0.16"/>
+        <vers num="3.1.0.17"/>
+        <vers num="3.1.0.18"/>
+        <vers num="3.1.0.2"/>
+        <vers num="3.1.0.3"/>
+        <vers num="3.1.0.4"/>
+        <vers num="3.1.0.5"/>
+        <vers num="3.1.0.6"/>
+        <vers num="3.1.0.7"/>
+        <vers num="3.1.0.8"/>
+        <vers num="3.1.0.9"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.5.1"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.2.0.1"/>
+        <vers num="3.2.0.10"/>
+        <vers num="3.2.0.11"/>
+        <vers num="3.2.0.12"/>
+        <vers num="3.2.0.13"/>
+        <vers num="3.2.0.14"/>
+        <vers num="3.2.0.15"/>
+        <vers num="3.2.0.16"/>
+        <vers num="3.2.0.17"/>
+        <vers num="3.2.0.18"/>
+        <vers num="3.2.0.19"/>
+        <vers num="3.2.0.2"/>
+        <vers num="3.2.0.3"/>
+        <vers num="3.2.0.4"/>
+        <vers num="3.2.0.5"/>
+        <vers num="3.2.0.6"/>
+        <vers num="3.2.0.7"/>
+        <vers num="3.2.0.8"/>
+        <vers num="3.2.0.9"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3.0"/>
+        <vers num="3.3.0.2"/>
+        <vers num="3.3.0.3"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.10"/>
+        <vers num="3.3.11"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.3.9"/>
+        <vers num="3.4.0.1"/>
+        <vers num="3.4.0.2"/>
+        <vers num="3.4.0.3"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.3"/>
+      </prod>
+      <prod vendor="novell" name="opensuse">
+        <vers num="11.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0129" published="2014-03-24" name="CVE-2014-0129" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://moodle.org/mod/forum/discuss.php?d=256424" source="CONFIRM" adv="1">https://moodle.org/mod/forum/discuss.php?d=256424</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/17/1" source="MLIST">[oss-security] 20140317 Moodle security notifications public</ref>
+      <ref url="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-44140" source="CONFIRM">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-44140</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="moodle" name="moodle">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers num="2.2.11"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers prev="1" num="2.3.11"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+        <vers num="2.4.7"/>
+        <vers num="2.4.8"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="2.6"/>
+        <vers num="2.6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0131" published="2014-03-24" name="CVE-2014-0131" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="2.9" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="5.5" CVSS_base_score="2.9">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/1fd819ecb90cc9b822cd84d3056ddba315d3340f" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/1fd819ecb90cc9b822cd84d3056ddba315d3340f</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1fd819ecb90cc9b822cd84d3056ddba315d3340f" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1fd819ecb90cc9b822cd84d3056ddba315d3340f</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1074589" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1074589</ref>
+      <ref url="http://www.spinics.net/lists/netdev/msg274316.html" source="MLIST">[netdev] 20140310 [PATCH 5/5] skbuff: skb_segment: orphan frags before copying</ref>
+      <ref url="http://www.spinics.net/lists/netdev/msg274250.html" source="MLIST">[netdev] 20140310 [PATCH 0/5] skbuff: fix skb_segment with zero copy skbs</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/10/4" source="MLIST">[oss-security] 20140310 CVE-2014-0131 -- kernel: net: use-after-free during segmentation with zerocopy</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers prev="1" num="3.13.6"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0132" published="2014-03-18" name="CVE-2014-0132" modified="2014-03-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://fedorahosted.org/389/ticket/47739" source="CONFIRM" patch="1">https://fedorahosted.org/389/ticket/47739</ref>
+      <ref url="https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/" source="CONFIRM">https://fedorahosted.org/389/changeset/76acff12a86110d4165f94e2cba13ef5c7ebc38a/</ref>
+      <ref url="http://secunia.com/advisories/57427" source="SECUNIA" adv="1">57427</ref>
+      <ref url="http://secunia.com/advisories/57412" source="SECUNIA" adv="1">57412</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0292.html" source="REDHAT">RHSA-2014:0292</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="fedoraproject" name="389_directory_server">
+        <vers num="1.2.11.1"/>
+        <vers num="1.2.11.10"/>
+        <vers num="1.2.11.11"/>
+        <vers num="1.2.11.12"/>
+        <vers num="1.2.11.13"/>
+        <vers num="1.2.11.14"/>
+        <vers num="1.2.11.15"/>
+        <vers num="1.2.11.17"/>
+        <vers num="1.2.11.19"/>
+        <vers num="1.2.11.20"/>
+        <vers num="1.2.11.21"/>
+        <vers num="1.2.11.22"/>
+        <vers num="1.2.11.23"/>
+        <vers prev="1" num="1.2.11.25"/>
+        <vers num="1.2.11.5"/>
+        <vers num="1.2.11.6"/>
+        <vers num="1.2.11.8"/>
+        <vers num="1.2.11.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0133" published="2014-03-28" name="CVE-2014-0133" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:P)" CVSS_score="5.1" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="4.9" CVSS_base_score="5.1">
+    <desc>
+      <descript source="cve">Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" source="MLIST">[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133)</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00095.html" source="SUSE">openSUSE-SU-2014:0450</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="igor_sysoev" name="nginx">
+        <vers num="1.3.15"/>
+        <vers num="1.3.16"/>
+        <vers num="1.4.0"/>
+        <vers num="1.4.1"/>
+        <vers num="1.4.2"/>
+        <vers num="1.4.3"/>
+        <vers num="1.5.0"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.10"/>
+        <vers num="1.5.11"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="1.5.9"/>
+      </prod>
+      <prod vendor="novell" name="opensuse">
+        <vers num="13.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0138" published="2014-04-15" name="CVE-2014-0138" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2902" source="DEBIAN">DSA-2902</ref>
+      <ref url="http://secunia.com/advisories/57968" source="SECUNIA">57968</ref>
+      <ref url="http://secunia.com/advisories/57966" source="SECUNIA">57966</ref>
+      <ref url="http://secunia.com/advisories/57836" source="SECUNIA">57836</ref>
+      <ref url="http://curl.haxx.se/docs/adv_20140326A.html" source="CONFIRM" adv="1">http://curl.haxx.se/docs/adv_20140326A.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="haxx" name="curl">
+        <vers num="7.10.6"/>
+        <vers num="7.10.7"/>
+        <vers num="7.10.8"/>
+        <vers num="7.11.0"/>
+        <vers num="7.11.1"/>
+        <vers num="7.11.2"/>
+        <vers num="7.12.0"/>
+        <vers num="7.12.1"/>
+        <vers num="7.12.2"/>
+        <vers num="7.12.3"/>
+        <vers num="7.13.0"/>
+        <vers num="7.13.1"/>
+        <vers num="7.13.2"/>
+        <vers num="7.14.0"/>
+        <vers num="7.14.1"/>
+        <vers num="7.15.0"/>
+        <vers num="7.15.1"/>
+        <vers num="7.15.2"/>
+        <vers num="7.15.3"/>
+        <vers num="7.15.4"/>
+        <vers num="7.15.5"/>
+        <vers num="7.16.0"/>
+        <vers num="7.16.1"/>
+        <vers num="7.16.2"/>
+        <vers num="7.16.3"/>
+        <vers num="7.16.4"/>
+        <vers num="7.17.0"/>
+        <vers num="7.17.1"/>
+        <vers num="7.18.0"/>
+        <vers num="7.18.1"/>
+        <vers num="7.18.2"/>
+        <vers num="7.19.0"/>
+        <vers num="7.19.1"/>
+        <vers num="7.19.2"/>
+        <vers num="7.19.3"/>
+        <vers num="7.19.4"/>
+        <vers num="7.19.5"/>
+        <vers num="7.19.6"/>
+        <vers num="7.19.7"/>
+        <vers num="7.20.0"/>
+        <vers num="7.20.1"/>
+        <vers num="7.21.0"/>
+        <vers num="7.21.1"/>
+        <vers num="7.21.2"/>
+        <vers num="7.21.3"/>
+        <vers num="7.21.4"/>
+        <vers num="7.21.5"/>
+        <vers num="7.21.6"/>
+        <vers num="7.21.7"/>
+        <vers num="7.22.0"/>
+        <vers num="7.23.0"/>
+        <vers num="7.23.1"/>
+        <vers num="7.24.0"/>
+        <vers num="7.25.0"/>
+        <vers num="7.26.0"/>
+        <vers num="7.27.0"/>
+        <vers num="7.28.0"/>
+        <vers num="7.28.1"/>
+        <vers num="7.29.0"/>
+        <vers num="7.30.0"/>
+        <vers num="7.31.0"/>
+        <vers num="7.32.0"/>
+        <vers num="7.33.0"/>
+        <vers num="7.34.0"/>
+        <vers num="7.35.0"/>
+      </prod>
+      <prod vendor="haxx" name="libcurl">
+        <vers num="7.10.6"/>
+        <vers num="7.10.7"/>
+        <vers num="7.10.8"/>
+        <vers num="7.11.0"/>
+        <vers num="7.11.1"/>
+        <vers num="7.11.2"/>
+        <vers num="7.12.0"/>
+        <vers num="7.12.1"/>
+        <vers num="7.12.2"/>
+        <vers num="7.12.3"/>
+        <vers num="7.13.0"/>
+        <vers num="7.13.1"/>
+        <vers num="7.13.2"/>
+        <vers num="7.14.0"/>
+        <vers num="7.14.1"/>
+        <vers num="7.15.0"/>
+        <vers num="7.15.1"/>
+        <vers num="7.15.2"/>
+        <vers num="7.15.3"/>
+        <vers num="7.15.4"/>
+        <vers num="7.15.5"/>
+        <vers num="7.16.0"/>
+        <vers num="7.16.1"/>
+        <vers num="7.16.2"/>
+        <vers num="7.16.3"/>
+        <vers num="7.16.4"/>
+        <vers num="7.17.0"/>
+        <vers num="7.17.1"/>
+        <vers num="7.18.0"/>
+        <vers num="7.18.1"/>
+        <vers num="7.18.2"/>
+        <vers num="7.19.0"/>
+        <vers num="7.19.1"/>
+        <vers num="7.19.2"/>
+        <vers num="7.19.3"/>
+        <vers num="7.19.4"/>
+        <vers num="7.19.5"/>
+        <vers num="7.19.6"/>
+        <vers num="7.19.7"/>
+        <vers num="7.20.0"/>
+        <vers num="7.20.1"/>
+        <vers num="7.21.0"/>
+        <vers num="7.21.1"/>
+        <vers num="7.21.2"/>
+        <vers num="7.21.3"/>
+        <vers num="7.21.4"/>
+        <vers num="7.21.5"/>
+        <vers num="7.21.6"/>
+        <vers num="7.21.7"/>
+        <vers num="7.22.0"/>
+        <vers num="7.23.0"/>
+        <vers num="7.23.1"/>
+        <vers num="7.24.0"/>
+        <vers num="7.25.0"/>
+        <vers num="7.26.0"/>
+        <vers num="7.27.0"/>
+        <vers num="7.28.0"/>
+        <vers num="7.28.1"/>
+        <vers num="7.29.0"/>
+        <vers num="7.30.0"/>
+        <vers num="7.31.0"/>
+        <vers num="7.32.0"/>
+        <vers num="7.33.0"/>
+        <vers num="7.34.0"/>
+        <vers num="7.35.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0139" published="2014-04-15" name="CVE-2014-0139" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2902" source="DEBIAN">DSA-2902</ref>
+      <ref url="http://secunia.com/advisories/57968" source="SECUNIA">57968</ref>
+      <ref url="http://secunia.com/advisories/57966" source="SECUNIA">57966</ref>
+      <ref url="http://secunia.com/advisories/57836" source="SECUNIA">57836</ref>
+      <ref url="http://curl.haxx.se/docs/adv_20140326B.html" source="CONFIRM" adv="1">http://curl.haxx.se/docs/adv_20140326B.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="haxx" name="curl">
+        <vers num="7.10.6"/>
+        <vers num="7.10.7"/>
+        <vers num="7.10.8"/>
+        <vers num="7.11.0"/>
+        <vers num="7.11.1"/>
+        <vers num="7.11.2"/>
+        <vers num="7.12.0"/>
+        <vers num="7.12.1"/>
+        <vers num="7.12.2"/>
+        <vers num="7.12.3"/>
+        <vers num="7.13.0"/>
+        <vers num="7.13.1"/>
+        <vers num="7.13.2"/>
+        <vers num="7.14.0"/>
+        <vers num="7.14.1"/>
+        <vers num="7.15.0"/>
+        <vers num="7.15.1"/>
+        <vers num="7.15.2"/>
+        <vers num="7.15.3"/>
+        <vers num="7.15.4"/>
+        <vers num="7.15.5"/>
+        <vers num="7.16.0"/>
+        <vers num="7.16.1"/>
+        <vers num="7.16.2"/>
+        <vers num="7.16.3"/>
+        <vers num="7.16.4"/>
+        <vers num="7.17.0"/>
+        <vers num="7.17.1"/>
+        <vers num="7.18.0"/>
+        <vers num="7.18.1"/>
+        <vers num="7.18.2"/>
+        <vers num="7.19.0"/>
+        <vers num="7.19.1"/>
+        <vers num="7.19.2"/>
+        <vers num="7.19.3"/>
+        <vers num="7.19.4"/>
+        <vers num="7.19.5"/>
+        <vers num="7.19.6"/>
+        <vers num="7.19.7"/>
+        <vers num="7.20.0"/>
+        <vers num="7.20.1"/>
+        <vers num="7.21.0"/>
+        <vers num="7.21.1"/>
+        <vers num="7.21.2"/>
+        <vers num="7.21.3"/>
+        <vers num="7.21.4"/>
+        <vers num="7.21.5"/>
+        <vers num="7.21.6"/>
+        <vers num="7.21.7"/>
+        <vers num="7.22.0"/>
+        <vers num="7.23.0"/>
+        <vers num="7.23.1"/>
+        <vers num="7.24.0"/>
+        <vers num="7.25.0"/>
+        <vers num="7.26.0"/>
+        <vers num="7.27.0"/>
+        <vers num="7.28.0"/>
+        <vers num="7.28.1"/>
+        <vers num="7.29.0"/>
+        <vers num="7.30.0"/>
+        <vers num="7.31.0"/>
+        <vers num="7.32.0"/>
+        <vers num="7.33.0"/>
+        <vers num="7.34.0"/>
+        <vers num="7.35.0"/>
+      </prod>
+      <prod vendor="haxx" name="libcurl">
+        <vers num="7.10.6"/>
+        <vers num="7.10.7"/>
+        <vers num="7.10.8"/>
+        <vers num="7.11.0"/>
+        <vers num="7.11.1"/>
+        <vers num="7.11.2"/>
+        <vers num="7.12.0"/>
+        <vers num="7.12.1"/>
+        <vers num="7.12.2"/>
+        <vers num="7.12.3"/>
+        <vers num="7.13.0"/>
+        <vers num="7.13.1"/>
+        <vers num="7.13.2"/>
+        <vers num="7.14.0"/>
+        <vers num="7.14.1"/>
+        <vers num="7.15.0"/>
+        <vers num="7.15.1"/>
+        <vers num="7.15.2"/>
+        <vers num="7.15.3"/>
+        <vers num="7.15.4"/>
+        <vers num="7.15.5"/>
+        <vers num="7.16.0"/>
+        <vers num="7.16.1"/>
+        <vers num="7.16.2"/>
+        <vers num="7.16.3"/>
+        <vers num="7.16.4"/>
+        <vers num="7.17.0"/>
+        <vers num="7.17.1"/>
+        <vers num="7.18.0"/>
+        <vers num="7.18.1"/>
+        <vers num="7.18.2"/>
+        <vers num="7.19.0"/>
+        <vers num="7.19.1"/>
+        <vers num="7.19.2"/>
+        <vers num="7.19.3"/>
+        <vers num="7.19.4"/>
+        <vers num="7.19.5"/>
+        <vers num="7.19.6"/>
+        <vers num="7.19.7"/>
+        <vers num="7.20.0"/>
+        <vers num="7.20.1"/>
+        <vers num="7.21.0"/>
+        <vers num="7.21.1"/>
+        <vers num="7.21.2"/>
+        <vers num="7.21.3"/>
+        <vers num="7.21.4"/>
+        <vers num="7.21.5"/>
+        <vers num="7.21.6"/>
+        <vers num="7.21.7"/>
+        <vers num="7.22.0"/>
+        <vers num="7.23.0"/>
+        <vers num="7.23.1"/>
+        <vers num="7.24.0"/>
+        <vers num="7.25.0"/>
+        <vers num="7.26.0"/>
+        <vers num="7.27.0"/>
+        <vers num="7.28.0"/>
+        <vers num="7.28.1"/>
+        <vers num="7.29.0"/>
+        <vers num="7.30.0"/>
+        <vers num="7.31.0"/>
+        <vers num="7.32.0"/>
+        <vers num="7.33.0"/>
+        <vers num="7.34.0"/>
+        <vers num="7.35.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0150" published="2014-04-18" name="CVE-2014-0150" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="4.9" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="4.4" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://thread.gmane.org/gmane.comp.emulators.qemu/266713" source="MLIST" patch="1">[Qemu-devel] 20140411 [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1078846" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1078846</ref>
+      <ref url="http://secunia.com/advisories/57878" source="SECUNIA" adv="1">57878</ref>
+      <ref url="http://article.gmane.org/gmane.comp.emulators.qemu/266768" source="MLIST">[Qemu-devel] 20140411 Re: [PATCH for-2.0] virtio-net: fix guest-triggerable buffer overrun</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="qemu" name="qemu">
+        <vers num="0.1"/>
+        <vers num="0.1.1"/>
+        <vers num="0.1.2"/>
+        <vers num="0.1.3"/>
+        <vers num="0.1.4"/>
+        <vers num="0.1.5"/>
+        <vers num="0.1.6"/>
+        <vers num="0.10.0"/>
+        <vers num="0.10.1"/>
+        <vers num="0.10.2"/>
+        <vers num="0.10.3"/>
+        <vers num="0.10.4"/>
+        <vers num="0.10.5"/>
+        <vers num="0.10.6"/>
+        <vers num="0.11.0" edition="rc0"/>
+        <vers num="0.11.0" edition="rc1"/>
+        <vers num="0.11.0" edition="rc2"/>
+        <vers num="0.11.0-rc0"/>
+        <vers num="0.11.0-rc1"/>
+        <vers num="0.11.0-rc2"/>
+        <vers num="0.11.1"/>
+        <vers num="0.12.0" edition="rc1"/>
+        <vers num="0.12.0" edition="rc2"/>
+        <vers num="0.12.1"/>
+        <vers num="0.12.2"/>
+        <vers num="0.12.3"/>
+        <vers num="0.12.4"/>
+        <vers num="0.12.5"/>
+        <vers num="0.13.0" edition="rc0"/>
+        <vers num="0.13.0" edition="rc1"/>
+        <vers num="0.14.0" edition="rc0"/>
+        <vers num="0.14.0" edition="rc1"/>
+        <vers num="0.14.0" edition="rc2"/>
+        <vers num="0.14.1"/>
+        <vers num="0.15.0" edition="rc1"/>
+        <vers num="0.15.0" edition="rc2"/>
+        <vers num="0.15.1"/>
+        <vers num="0.15.2"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.4.1"/>
+        <vers num="0.4.2"/>
+        <vers num="0.4.3"/>
+        <vers num="0.5.0"/>
+        <vers num="0.5.1"/>
+        <vers num="0.5.2"/>
+        <vers num="0.5.3"/>
+        <vers num="0.5.4"/>
+        <vers num="0.5.5"/>
+        <vers num="0.6.0"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7.0"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.8.0"/>
+        <vers num="0.8.1"/>
+        <vers num="0.8.2"/>
+        <vers num="0.9.0"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.1-5"/>
+        <vers num="1.0" edition="rc1"/>
+        <vers num="1.0" edition="rc2"/>
+        <vers num="1.0" edition="rc3"/>
+        <vers num="1.0" edition="rc4"/>
+        <vers num="1.0.1"/>
+        <vers num="1.1" edition="rc1"/>
+        <vers num="1.1" edition="rc2"/>
+        <vers num="1.1" edition="rc3"/>
+        <vers num="1.1" edition="rc4"/>
+        <vers num="1.4.1"/>
+        <vers num="1.4.2"/>
+        <vers num="1.5.0" edition="rc1"/>
+        <vers num="1.5.0" edition="rc2"/>
+        <vers num="1.5.0" edition="rc3"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.6.0" edition="rc1"/>
+        <vers num="1.6.0" edition="rc2"/>
+        <vers num="1.6.0" edition="rc3"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.2"/>
+        <vers num="1.7.1"/>
+        <vers prev="1" num="2.0"/>
+        <vers prev="1" num="2.0.0" edition="-"/>
+        <vers prev="1" num="2.0.0" edition="rc0"/>
+        <vers prev="1" num="2.0.0" edition="rc1"/>
+        <vers prev="1" num="2.0.0" edition="rc2"/>
+        <vers prev="1" num="2.0.0" edition="rc3"/>
+      </prod>
+      <prod vendor="redhat" name="enterprise_linux">
+        <vers num="6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0155" published="2014-04-14" name="CVE-2014-0155" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:S/C:N/I:N/A:C)" CVSS_score="5.5" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="5.1" CVSS_base_score="5.5">
+    <desc>
+      <descript source="cve">The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC.  NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60" source="CONFIRM" patch="1">http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1081589" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1081589</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/07/2" source="MLIST">[oss-security] 20140407 CVE-2014-0155 -- kernel: kvm: BUG caused by invalid entry in guest ioapic redirection table</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.14"/>
+        <vers num="3.12.15"/>
+        <vers num="3.12.16"/>
+        <vers num="3.12.17"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers num="3.13.6"/>
+        <vers num="3.13.7"/>
+        <vers num="3.13.8"/>
+        <vers num="3.13.9"/>
+        <vers prev="1" num="3.14.1"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0157" published="2014-04-15" name="CVE-2014-0157" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/08/8" source="MLIST" patch="1">[oss-security] 20140408 [OSSA 2014-010] XSS in Horizon orchestration dashboard (CVE-2014-0157)</ref>
+      <ref url="https://launchpad.net/bugs/1289033" source="CONFIRM" adv="1">https://launchpad.net/bugs/1289033</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openstack" name="horizon">
+        <vers num="2013.2"/>
+        <vers num="2013.2.1"/>
+        <vers num="2013.2.2"/>
+        <vers num="2013.2.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0159" published="2014-04-14" name="CVE-2014-0159" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog" source="CONFIRM">http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2899" source="DEBIAN">DSA-2899</ref>
+      <ref url="http://secunia.com/advisories/57832" source="SECUNIA" adv="1">57832</ref>
+      <ref url="http://secunia.com/advisories/57779" source="SECUNIA" adv="1">57779</ref>
+      <ref url="http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt" source="CONFIRM" adv="1">http://openafs.org/pages/security/OPENAFS-SA-2014-001.txt</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openafs" name="openafs">
+        <vers num="1.4.10"/>
+        <vers num="1.4.11"/>
+        <vers num="1.4.12"/>
+        <vers num="1.4.14"/>
+        <vers num="1.4.14.1"/>
+        <vers num="1.4.15"/>
+        <vers num="1.4.8"/>
+        <vers num="1.4.9"/>
+        <vers num="1.6.0"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.2"/>
+        <vers num="1.6.2.1"/>
+        <vers num="1.6.3"/>
+        <vers num="1.6.4"/>
+        <vers num="1.6.5"/>
+        <vers num="1.6.5.1"/>
+        <vers num="1.6.5.2"/>
+        <vers num="1.6.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0160" published="2014-04-07" name="CVE-2014-0160" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.</descript>
+    </desc>
+    <impacts>
+      <impact source="nvd">CVSS V2 scoring evaluates the impact of the vulnerability on the host where the vulnerability is located. When evaluating the impact of this vulnerability to your organization, take into account the nature of the data that is being protected and act according to your organization’s risk acceptance. While CVE-2014-0160 does not allow unrestricted access to memory on the targeted host, a successful exploit does leak information from memory locations which have the potential to contain particularly sensitive information, e.g., cryptographic keys and passwords.  Theft of this information could enable other attacks on the information system, the impact of which would depend on the sensitivity of the data and functions of that system.</impact>
+    </impacts>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.us-cert.gov/ncas/alerts/TA14-098A" source="CERT">TA14-098A</ref>
+      <ref url="http://www.kb.cert.org/vuls/id/720951" source="CERT-VN">VU#720951</ref>
+      <ref url="https://www.cert.fi/en/reports/2014/vulnerability788210.html" source="MISC">https://www.cert.fi/en/reports/2014/vulnerability788210.html</ref>
+      <ref url="https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html" source="MLIST">[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released</ref>
+      <ref url="https://gist.github.com/chapmajs/10473815" source="MISC">https://gist.github.com/chapmajs/10473815</ref>
+      <ref url="https://code.google.com/p/mod-spdy/issues/detail?id=85" source="CONFIRM">https://code.google.com/p/mod-spdy/issues/detail?id=85</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1084875" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1084875</ref>
+      <ref url="https://blog.torproject.org/blog/openssl-bug-cve-2014-0160" source="MISC">https://blog.torproject.org/blog/openssl-bug-cve-2014-0160</ref>
+      <ref url="http://www.splunk.com/view/SP-CAAAMB3" source="CONFIRM">http://www.splunk.com/view/SP-CAAAMB3</ref>
+      <ref url="http://www.securitytracker.com/id/1030082" source="SECTRACK">1030082</ref>
+      <ref url="http://www.securitytracker.com/id/1030081" source="SECTRACK">1030081</ref>
+      <ref url="http://www.securitytracker.com/id/1030080" source="SECTRACK">1030080</ref>
+      <ref url="http://www.securitytracker.com/id/1030079" source="SECTRACK">1030079</ref>
+      <ref url="http://www.securitytracker.com/id/1030078" source="SECTRACK">1030078</ref>
+      <ref url="http://www.securitytracker.com/id/1030077" source="SECTRACK">1030077</ref>
+      <ref url="http://www.securitytracker.com/id/1030074" source="SECTRACK">1030074</ref>
+      <ref url="http://www.securitytracker.com/id/1030026" source="SECTRACK">1030026</ref>
+      <ref url="http://www.securityfocus.com/bid/66690" source="BID">66690</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html" source="CONFIRM">http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html</ref>
+      <ref url="http://www.openssl.org/news/secadv_20140407.txt" source="CONFIRM" adv="1">http://www.openssl.org/news/secadv_20140407.txt</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/</ref>
+      <ref url="http://www.f-secure.com/en/web/labs_global/fsc-2014-1" source="CONFIRM">http://www.f-secure.com/en/web/labs_global/fsc-2014-1</ref>
+      <ref url="http://www.exploit-db.com/exploits/32764" source="EXPLOIT-DB">32764</ref>
+      <ref url="http://www.exploit-db.com/exploits/32745" source="EXPLOIT-DB">32745</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2896" source="DEBIAN">DSA-2896</ref>
+      <ref url="http://www.blackberry.com/btsc/KB35882" source="CONFIRM">http://www.blackberry.com/btsc/KB35882</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21670161" source="CONFIRM">http://www-01.ibm.com/support/docview.wss?uid=swg21670161</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed" source="CISCO">20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products</ref>
+      <ref url="http://secunia.com/advisories/57968" source="SECUNIA" adv="1">57968</ref>
+      <ref url="http://secunia.com/advisories/57966" source="SECUNIA" adv="1">57966</ref>
+      <ref url="http://secunia.com/advisories/57836" source="SECUNIA" adv="1">57836</ref>
+      <ref url="http://secunia.com/advisories/57721" source="SECUNIA" adv="1">57721</ref>
+      <ref url="http://secunia.com/advisories/57483" source="SECUNIA" adv="1">57483</ref>
+      <ref url="http://secunia.com/advisories/57347" source="SECUNIA" adv="1">57347</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/91" source="FULLDISC">20140408 Re: heartbleed OpenSSL bug CVE-2014-0160</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/90" source="FULLDISC">20140408 heartbleed OpenSSL bug CVE-2014-0160</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/190" source="FULLDISC">20140412 Re: heartbleed OpenSSL bug CVE-2014-0160</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/173" source="FULLDISC">20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/109" source="FULLDISC">20140409 Re: heartbleed OpenSSL bug CVE-2014-0160</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0396.html" source="REDHAT">RHSA-2014:0396</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0378.html" source="REDHAT">RHSA-2014:0378</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0377.html" source="REDHAT">RHSA-2014:0377</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0376.html" source="REDHAT">RHSA-2014:0376</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139722163017074&amp;w=2" source="HP">HPSBMU02995</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html" source="SUSE">SUSE-SA:2014:002</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html" source="SUSE">openSUSE-SU-2014:0492</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html" source="FEDORA">FEDORA-2014-4910</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html" source="FEDORA">FEDORA-2014-4879</ref>
+      <ref url="http://heartbleed.com/" source="MISC">http://heartbleed.com/</ref>
+      <ref url="http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3" source="CONFIRM" adv="1">http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3</ref>
+      <ref url="http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/" source="MISC">http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openssl" name="openssl">
+        <vers num="1.0.1" edition="beta1"/>
+        <vers num="1.0.1" edition="beta2"/>
+        <vers num="1.0.1" edition="beta3"/>
+        <vers num="1.0.1a"/>
+        <vers num="1.0.1b"/>
+        <vers num="1.0.1c"/>
+        <vers num="1.0.1d"/>
+        <vers num="1.0.1e"/>
+        <vers num="1.0.1f"/>
+        <vers num="1.0.2" edition="beta1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0162" published="2014-04-27" name="CVE-2014-0162" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="6.0" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.8" CVSS_base_score="6.0">
+    <desc>
+      <descript source="cve">The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://launchpad.net/bugs/1298698" source="CONFIRM">https://launchpad.net/bugs/1298698</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/10/13" source="MLIST">[oss-security] 20140410 [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openstack" name="icehouse">
+        <vers num="rc-1"/>
+      </prod>
+      <prod vendor="openstack" name="image_registry_and_delivery_service_(glance)">
+        <vers num="2013.2"/>
+        <vers num="2013.2.1"/>
+        <vers num="2013.2.2"/>
+        <vers num="2013.2.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0165" published="2014-04-09" name="CVE-2014-0165" modified="2014-04-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1085866" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1085866</ref>
+      <ref url="http://core.trac.wordpress.org/changeset/27976" source="CONFIRM">http://core.trac.wordpress.org/changeset/27976</ref>
+      <ref url="http://codex.wordpress.org/Version_3.8.2" source="CONFIRM" adv="1">http://codex.wordpress.org/Version_3.8.2</ref>
+      <ref url="http://codex.wordpress.org/Version_3.7.2" source="CONFIRM" adv="1">http://codex.wordpress.org/Version_3.7.2</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="wordpress" name="wordpress">
+        <vers num="0.71"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.1.1"/>
+        <vers num="1.2"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5" edition="a"/>
+        <vers num="1.3"/>
+        <vers num="1.3.2"/>
+        <vers num="1.3.3"/>
+        <vers num="1.5"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.1.1"/>
+        <vers num="1.5.1.2"/>
+        <vers num="1.5.1.3"/>
+        <vers num="1.5.2"/>
+        <vers num="1.6.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.6"/>
+        <vers num="2.6.1"/>
+        <vers num="2.6.2"/>
+        <vers num="2.6.3"/>
+        <vers num="2.6.5"/>
+        <vers num="2.7"/>
+        <vers num="2.7.1"/>
+        <vers num="2.8"/>
+        <vers num="2.8.1"/>
+        <vers num="2.8.2"/>
+        <vers num="2.8.3"/>
+        <vers num="2.8.4" edition="a"/>
+        <vers num="2.8.5"/>
+        <vers num="2.8.5.1"/>
+        <vers num="2.8.5.2"/>
+        <vers num="2.8.6"/>
+        <vers num="2.9"/>
+        <vers num="2.9.1"/>
+        <vers num="2.9.1.1"/>
+        <vers num="2.9.2"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.2" edition="beta1"/>
+        <vers num="3.2.1"/>
+        <vers num="3.3"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.4.0"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.2"/>
+        <vers num="3.5.0"/>
+        <vers num="3.5.1"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.7"/>
+        <vers prev="1" num="3.7.1"/>
+        <vers num="3.8"/>
+        <vers num="3.8.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0166" published="2014-04-09" name="CVE-2014-0166" modified="2014-04-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1085858" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1085858</ref>
+      <ref url="http://core.trac.wordpress.org/changeset/28054" source="CONFIRM">http://core.trac.wordpress.org/changeset/28054</ref>
+      <ref url="http://codex.wordpress.org/Version_3.8.2" source="CONFIRM" adv="1">http://codex.wordpress.org/Version_3.8.2</ref>
+      <ref url="http://codex.wordpress.org/Version_3.7.2" source="CONFIRM" adv="1">http://codex.wordpress.org/Version_3.7.2</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="wordpress" name="wordpress">
+        <vers num="0.71"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.1.1"/>
+        <vers num="1.2"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5" edition="a"/>
+        <vers num="1.3"/>
+        <vers num="1.3.2"/>
+        <vers num="1.3.3"/>
+        <vers num="1.5"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.1.1"/>
+        <vers num="1.5.1.2"/>
+        <vers num="1.5.1.3"/>
+        <vers num="1.5.2"/>
+        <vers num="1.6.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.6"/>
+        <vers num="2.6.1"/>
+        <vers num="2.6.2"/>
+        <vers num="2.6.3"/>
+        <vers num="2.6.5"/>
+        <vers num="2.7"/>
+        <vers num="2.7.1"/>
+        <vers num="2.8"/>
+        <vers num="2.8.1"/>
+        <vers num="2.8.2"/>
+        <vers num="2.8.3"/>
+        <vers num="2.8.4" edition="a"/>
+        <vers num="2.8.5"/>
+        <vers num="2.8.5.1"/>
+        <vers num="2.8.5.2"/>
+        <vers num="2.8.6"/>
+        <vers num="2.9"/>
+        <vers num="2.9.1"/>
+        <vers num="2.9.1.1"/>
+        <vers num="2.9.2"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.2" edition="beta1"/>
+        <vers num="3.2.1"/>
+        <vers num="3.3"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.4.0"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.2"/>
+        <vers num="3.5.0"/>
+        <vers num="3.5.1"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.7"/>
+        <vers prev="1" num="3.7.1"/>
+        <vers num="3.8"/>
+        <vers num="3.8.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0167" published="2014-04-15" name="CVE-2014-0167" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="6.0" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.8" CVSS_base_score="6.0">
+    <desc>
+      <descript source="cve">The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/09/26" source="MLIST" patch="1">[oss-security] 20140409 [OSSA 2014-011] RBAC policy not properly enforced in Nova EC2 API  (CVE-2014-0167)</ref>
+      <ref url="https://launchpad.net/bugs/1290537" source="CONFIRM" adv="1">https://launchpad.net/bugs/1290537</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openstack" name="compute">
+        <vers num="2013.1"/>
+        <vers num="2013.1.1"/>
+        <vers num="2013.1.2"/>
+        <vers num="2013.1.3"/>
+        <vers num="2013.2"/>
+        <vers num="2013.2.1"/>
+        <vers num="2013.2.2"/>
+        <vers num="2013.2.3"/>
+      </prod>
+      <prod vendor="openstack" name="icehouse">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0172" published="2014-04-11" name="CVE-2014-0172" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-April/003921.html" source="MLIST" patch="1">[elfutils-devel] 20140409 [PATCH] CVE-2014-0172 Check for overflow before calling malloc to uncompress data.</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1085663" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1085663</ref>
+      <ref url="http://www.securityfocus.com/bid/66714" source="BID">66714</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/54" source="MLIST">[oss-security] 20140409 Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="elfutils_project" name="elfutils">
+        <vers num="0.153"/>
+        <vers num="0.154"/>
+        <vers num="0.155"/>
+        <vers num="0.156"/>
+        <vers num="0.157"/>
+        <vers num="0.158"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0173" published="2014-04-22" name="CVE-2014-0173" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors.  NOTE: some of these details are obtained from third party information.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92560" source="XF">jetpack-wordpress-cve20140173-sec-bypass(92560)</ref>
+      <ref url="http://www.securityfocus.com/bid/66789" source="BID">66789</ref>
+      <ref url="http://secunia.com/advisories/57729" source="SECUNIA" adv="1">57729</ref>
+      <ref url="http://jetpack.me/2014/04/10/jetpack-security-update/" source="CONFIRM" adv="1">http://jetpack.me/2014/04/10/jetpack-security-update/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="automattic" name="jetpack">
+        <vers num="1.9" edition=":~~~wordpress~~"/>
+        <vers num="1.9.1" edition=":~~~wordpress~~"/>
+        <vers num="1.9.2" edition=":~~~wordpress~~"/>
+        <vers num="2.0" edition=":~~~wordpress~~"/>
+        <vers num="2.0.1" edition=":~~~wordpress~~"/>
+        <vers num="2.0.2" edition=":~~~wordpress~~"/>
+        <vers num="2.0.3" edition=":~~~wordpress~~"/>
+        <vers num="2.0.4" edition=":~~~wordpress~~"/>
+        <vers num="2.1" edition=":~~~wordpress~~"/>
+        <vers num="2.1.1" edition=":~~~wordpress~~"/>
+        <vers num="2.1.2" edition=":~~~wordpress~~"/>
+        <vers num="2.2" edition=":~~~wordpress~~"/>
+        <vers num="2.2.1" edition=":~~~wordpress~~"/>
+        <vers num="2.2.2" edition=":~~~wordpress~~"/>
+        <vers num="2.2.3" edition=":~~~wordpress~~"/>
+        <vers num="2.2.4" edition=":~~~wordpress~~"/>
+        <vers num="2.2.5" edition=":~~~wordpress~~"/>
+        <vers num="2.3" edition=":~~~wordpress~~"/>
+        <vers num="2.3.1" edition=":~~~wordpress~~"/>
+        <vers num="2.3.2" edition=":~~~wordpress~~"/>
+        <vers num="2.3.3" edition=":~~~wordpress~~"/>
+        <vers num="2.3.4" edition=":~~~wordpress~~"/>
+        <vers num="2.3.5" edition=":~~~wordpress~~"/>
+        <vers num="2.4" edition=":~~~wordpress~~"/>
+        <vers num="2.4.1" edition=":~~~wordpress~~"/>
+        <vers num="2.4.2" edition=":~~~wordpress~~"/>
+        <vers num="2.5" edition=":~~~wordpress~~"/>
+        <vers num="2.6" edition=":~~~wordpress~~"/>
+        <vers num="2.6.1" edition=":~~~wordpress~~"/>
+        <vers num="2.7" edition=":~~~wordpress~~"/>
+        <vers num="2.8" edition=":~~~wordpress~~"/>
+        <vers num="2.9" edition=":~~~wordpress~~"/>
+        <vers num="2.9.1" edition=":~~~wordpress~~"/>
+        <vers num="2.9.2" edition=":~~~wordpress~~"/>
+        <vers num="2.9.3" edition=":~~~wordpress~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0181" published="2014-04-26" name="CVE-2014-0181" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e" source="CONFIRM">https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=90f62cf30a78721641e08737bda787552428061e</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/23/6" source="MLIST">[oss-security] 20140423 Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks</ref>
+      <ref url="http://marc.info/?l=linux-netdev&amp;m=139828832919748&amp;w=2" source="MLIST">[netdev] 20140423 [PATCH 0/5]: Preventing abuse when passing file descriptors</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.14"/>
+        <vers num="3.12.15"/>
+        <vers num="3.12.16"/>
+        <vers num="3.12.17"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers num="3.13.6"/>
+        <vers num="3.13.7"/>
+        <vers num="3.13.8"/>
+        <vers num="3.13.9"/>
+        <vers prev="1" num="3.14.1"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0187" published="2014-04-28" name="CVE-2014-0187" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="9.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.0" CVSS_base_score="9.0">
+    <desc>
+      <descript source="cve">The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugs.launchpad.net/neutron/+bug/1300785" source="CONFIRM" adv="1">https://bugs.launchpad.net/neutron/+bug/1300785</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/22/8" source="MLIST">[oss-security] 20140422 [OSSA 2014-014] Neutron security groups bypass through invalid CIDR (CVE-2014-0187)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openstack" name="neutron">
+        <vers num="2013.1"/>
+        <vers num="2013.1.1"/>
+        <vers num="2013.1.2"/>
+        <vers num="2013.1.3"/>
+        <vers num="2013.1.4"/>
+        <vers num="2013.1.5"/>
+        <vers num="2013.2"/>
+        <vers num="2013.2.1"/>
+        <vers num="2013.2.2"/>
+        <vers num="2013.2.3"/>
+        <vers num="2014.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0188" published="2014-04-24" name="CVE-2014-0188" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1090120" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1090120</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0423.html" source="REDHAT" adv="1">RHSA-2014:0423</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0422.html" source="REDHAT" adv="1">RHSA-2014:0422</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="redhat" name="openshift">
+        <vers num="1.0" edition="-:enterprise"/>
+        <vers num="1.1" edition="-:enterprise"/>
+        <vers num="1.2" edition=":enterprise"/>
+        <vers num="1.2.1" edition=":enterprise"/>
+        <vers num="1.2.2" edition="-:enterprise"/>
+        <vers num="1.2.3" edition=":enterprise"/>
+        <vers num="1.2.4" edition=":enterprise"/>
+        <vers num="1.2.5" edition=":enterprise"/>
+        <vers num="1.2.6" edition=":enterprise"/>
+        <vers prev="1" num="1.2.7" edition=":enterprise"/>
+        <vers num="2.0" edition=":enterprise"/>
+        <vers num="2.0.1" edition=":enterprise"/>
+        <vers num="2.0.2" edition=":enterprise"/>
+        <vers num="2.0.3" edition=":enterprise"/>
+        <vers num="2.0.4" edition=":enterprise"/>
+        <vers prev="1" num="2.0.5" edition=":enterprise"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-0189" published="2014-05-02" name="CVE-2014-0189" modified="2014-05-02">
+    <desc>
+      <descript source="cve">virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.</descript>
+    </desc>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1088732" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1088732</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1081286" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1081286</ref>
+      <ref url="http://www.securityfocus.com/bid/67089" source="BID">67089</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/28/2" source="MLIST">[oss-security] 20140428 CVE-2014-0189: /etc/sysconfig/virt-who is world-readable (contains unencrypted passwords)</ref>
+    </refs>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0235" published="2014-04-08" name="CVE-2014-0235" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-018" source="MS" adv="1">MS14-018</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0253" published="2014-02-11" name="CVE-2014-0253" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-009" source="MS" patch="1" adv="1">MS14-009</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name=".net_framework">
+        <vers num="1.1" edition="sp1"/>
+        <vers num="2.0" edition="sp2"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="4.0"/>
+        <vers num="4.5"/>
+        <vers num="4.5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0254" published="2014-02-11" name="CVE-2014-0254" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, and Windows RT does not properly validate packets, which allows remote attackers to cause a denial of service (system hang) via crafted ICMPv6 Router Advertisement packets, aka "TCP/IP Version 6 (IPv6) Denial of Service Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-006" source="MS" patch="1" adv="1">MS14-006</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_8">
+        <vers num="-" edition="-:x86"/>
+        <vers num="-" edition="-:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_rt">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2012">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0257" published="2014-02-11" name="CVE-2014-0257" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-009" source="MS" patch="1" adv="1">MS14-009</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name=".net_framework">
+        <vers num="1.0" edition="sp3"/>
+        <vers num="1.1" edition="sp1"/>
+        <vers num="2.0" edition="sp2"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="4.0"/>
+        <vers num="4.5"/>
+        <vers num="4.5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0258" published="2014-01-15" name="CVE-2014-0258" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-001" source="MS" patch="1" adv="1">MS14-001</ref>
+      <ref url="http://www.securitytracker.com/id/1029599" source="SECTRACK">1029599</ref>
+      <ref url="http://www.securitytracker.com/id/1029598" source="SECTRACK">1029598</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="office_compatibility_pack">
+        <vers num="" edition="sp3"/>
+      </prod>
+      <prod vendor="microsoft" name="word">
+        <vers num="2003" edition="sp3"/>
+        <vers num="2007" edition="sp3"/>
+      </prod>
+      <prod vendor="microsoft" name="word_viewer">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0259" published="2014-01-15" name="CVE-2014-0259" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-001" source="MS" patch="1" adv="1">MS14-001</ref>
+      <ref url="http://www.securitytracker.com/id/1029599" source="SECTRACK">1029599</ref>
+      <ref url="http://www.securitytracker.com/id/1029598" source="SECTRACK">1029598</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="office_compatibility_pack">
+        <vers num="" edition="sp3"/>
+      </prod>
+      <prod vendor="microsoft" name="word">
+        <vers num="2007" edition="sp3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0260" published="2014-01-15" name="CVE-2014-0260" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-001" source="MS" patch="1" adv="1">MS14-001</ref>
+      <ref url="http://www.securitytracker.com/id/1029599" source="SECTRACK">1029599</ref>
+      <ref url="http://www.securitytracker.com/id/1029598" source="SECTRACK">1029598</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="office_compatibility_pack">
+        <vers num="" edition="sp3"/>
+      </prod>
+      <prod vendor="microsoft" name="office_web_apps">
+        <vers num="2010" edition="sp1"/>
+        <vers num="2010" edition="sp2"/>
+      </prod>
+      <prod vendor="microsoft" name="office_web_apps_server">
+        <vers num="2013"/>
+      </prod>
+      <prod vendor="microsoft" name="sharepoint_server">
+        <vers num="2010" edition="sp1"/>
+        <vers num="2010" edition="sp2"/>
+        <vers num="2013"/>
+      </prod>
+      <prod vendor="microsoft" name="word">
+        <vers num="2003" edition="sp3"/>
+        <vers num="2007" edition="sp3"/>
+        <vers num="2010" edition="sp1"/>
+        <vers num="2010" edition="sp2"/>
+        <vers num="2013" edition="-:~-~-~rt~~"/>
+      </prod>
+      <prod vendor="microsoft" name="word_viewer">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0261" published="2014-01-15" name="CVE-2014-0261" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS) instance, aka "Query Filter DoS Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-004" source="MS" patch="1" adv="1">MS14-004</ref>
+      <ref url="http://www.securitytracker.com/id/1029601" source="SECTRACK">1029601</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="dynamics_ax">
+        <vers num="2009" edition="sp1"/>
+        <vers num="2012" edition="r2"/>
+        <vers num="4.0" edition="sp2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0262" published="2014-01-15" name="CVE-2014-0262" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
+    <desc>
+      <descript source="cve">win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-003" source="MS" patch="1" adv="1">MS14-003</ref>
+      <ref url="http://www.securitytracker.com/id/1029600" source="SECTRACK">1029600</ref>
+      <ref url="http://www.securityfocus.com/bid/64725" source="BID">64725</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_7">
+        <vers num="" edition="sp1:x64"/>
+        <vers num="" edition="sp1:x86"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="r2" edition="sp1:itanium"/>
+        <vers num="r2" edition="sp1:x64"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0263" published="2014-02-11" name="CVE-2014-0263" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a large 2D geometric figure that is encountered with Internet Explorer, aka "Microsoft Graphics Component Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-007" source="MS" patch="1" adv="1">MS14-007</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_7">
+        <vers num="" edition="sp1:x64"/>
+        <vers num="" edition="sp1:x86"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_8">
+        <vers num="-" edition="-:x86"/>
+        <vers num="-" edition="-:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_8.1">
+        <vers num="-" edition="-:~-~-~-~x64~"/>
+        <vers num="-" edition="-:~-~-~-~x86~"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_rt">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_rt_8.1">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="r2" edition="sp1:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2012">
+        <vers num="-"/>
+        <vers num="r2" edition="-:~-~essentials~~~"/>
+        <vers num="r2" edition="-:~-~standard~~~"/>
+        <vers num="r2" edition="-:~-~datacenter~~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0266" published="2014-02-11" name="CVE-2014-0266" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:N/A:N)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-005" source="MS" patch="1" adv="1">MS14-005</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="xml_core_services">
+        <vers num="3.0"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_7">
+        <vers num="" edition="sp1:x64"/>
+        <vers num="" edition="sp1:x86"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_8">
+        <vers num="-" edition="-:x86"/>
+        <vers num="-" edition="-:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_8.1">
+        <vers num="-" edition="-:~-~-~-~x64~"/>
+        <vers num="-" edition="-:~-~-~-~x86~"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_rt">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_rt_8.1">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2:x64"/>
+        <vers num="" edition="sp2:itanium"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2:x64"/>
+        <vers num="" edition="sp2:x86"/>
+        <vers num="" edition="sp2:itanium"/>
+        <vers num="r2" edition="sp1:x64"/>
+        <vers num="r2" edition="sp1:itanium"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2012">
+        <vers num="-"/>
+        <vers num="r2" edition="-:~-~essentials~~~"/>
+        <vers num="r2" edition="-:~-~standard~~~"/>
+        <vers num="r2" edition="-:~-~datacenter~~~"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_vista">
+        <vers num="" edition="sp2:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp3"/>
+        <vers num="-" edition="sp2:x64"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0267" published="2014-02-11" name="CVE-2014-0267" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0289 and CVE-2014-0290.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="11" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0268" published="2014-02-11" name="CVE-2014-0268" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0269" published="2014-02-11" name="CVE-2014-0269" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="6"/>
+        <vers num="7"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0270" published="2014-02-11" name="CVE-2014-0270" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0273, CVE-2014-0274, and CVE-2014-0288.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0271" published="2014-02-11" name="CVE-2014-0271" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The VBScript engine in Microsoft Internet Explorer 6 through 11, and VBScript 5.6 through 5.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-011" source="MS" patch="1" adv="1">MS14-011</ref>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="6"/>
+        <vers num="7"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+      <prod vendor="microsoft" name="vbscript">
+        <vers num="5.6"/>
+        <vers num="5.7"/>
+        <vers num="5.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0272" published="2014-02-11" name="CVE-2014-0272" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0273" published="2014-02-11" name="CVE-2014-0273" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0274, and CVE-2014-0288.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0274" published="2014-02-11" name="CVE-2014-0274" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0288.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0275" published="2014-02-11" name="CVE-2014-0275" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0285 and CVE-2014-0286.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="6"/>
+        <vers num="7"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0276" published="2014-02-11" name="CVE-2014-0276" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0277" published="2014-02-11" name="CVE-2014-0277" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0278 and CVE-2014-0279.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0278" published="2014-02-11" name="CVE-2014-0278" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0279.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0279" published="2014-02-11" name="CVE-2014-0279" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0278.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0280" published="2014-02-11" name="CVE-2014-0280" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="6"/>
+        <vers num="7"/>
+        <vers num="8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0281" published="2014-02-11" name="CVE-2014-0281" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0287.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0283" published="2014-02-11" name="CVE-2014-0283" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0284" published="2014-02-11" name="CVE-2014-0284" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0285" published="2014-02-11" name="CVE-2014-0285" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0286.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="6"/>
+        <vers num="7"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0286" published="2014-02-11" name="CVE-2014-0286" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0275 and CVE-2014-0285.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="6"/>
+        <vers num="7"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0287" published="2014-02-11" name="CVE-2014-0287" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0281.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0288" published="2014-02-11" name="CVE-2014-0288" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0270, CVE-2014-0273, and CVE-2014-0274.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0289" published="2014-02-11" name="CVE-2014-0289" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0290.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="11" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0290" published="2014-02-11" name="CVE-2014-0290" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0289.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="11" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0293" published="2014-02-11" name="CVE-2014-0293" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-010" source="MS" patch="1" adv="1">MS14-010</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0294" published="2014-02-11" name="CVE-2014-0294" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-008" source="MS" patch="1" adv="1">MS14-008</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="microsoft_forefront_protection_2010">
+        <vers num="-" edition=":~~~exchange_server~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0295" published="2014-02-11" name="CVE-2014-0295" modified="2014-02-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-009" source="MS" patch="1" adv="1">MS14-009</ref>
+      <ref url="http://www.greyhathacker.net/?p=585" source="MISC">http://www.greyhathacker.net/?p=585</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name=".net_framework">
+        <vers num="2.0" edition="sp2"/>
+        <vers num="3.5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0297" published="2014-03-12" name="CVE-2014-0297" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0308, CVE-2014-0312, and CVE-2014-0324.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0298" published="2014-03-12" name="CVE-2014-0298" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0299" published="2014-03-12" name="CVE-2014-0299" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0305 and CVE-2014-0311.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="6"/>
+        <vers num="7"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0300" published="2014-03-12" name="CVE-2014-0300" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
+    <desc>
+      <descript source="cve">win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-015" source="MS" patch="1" adv="1">MS14-015</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_7">
+        <vers num="" edition="sp1:x64"/>
+        <vers num="" edition="sp1:x86"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_8">
+        <vers num="-" edition="-:x86"/>
+        <vers num="-" edition="-:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_8.1">
+        <vers num="-" edition="-:~-~-~-~x64~"/>
+        <vers num="-" edition="-:~-~-~-~x86~"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_rt">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_rt_8.1">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2:itanium"/>
+        <vers num="" edition="sp2:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2:x64"/>
+        <vers num="" edition="sp2:x86"/>
+        <vers num="" edition="sp2:itanium"/>
+        <vers num="r2" edition="sp1:x64"/>
+        <vers num="r2" edition="sp1:itanium"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2012">
+        <vers num="-"/>
+        <vers num="r2" edition="-:~-~essentials~~~"/>
+        <vers num="r2" edition="-:~-~standard~~~"/>
+        <vers num="r2" edition="-:~-~datacenter~~~"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_vista">
+        <vers num="" edition="sp2:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp3"/>
+        <vers num="-" edition="sp2:x64"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0301" published="2014-03-12" name="CVE-2014-0301" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Double free vulnerability in qedit.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via a crafted JPEG image, aka "DirectShow Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-013" source="MS" patch="1" adv="1">MS14-013</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_7">
+        <vers num="" edition="sp1:x64"/>
+        <vers num="" edition="sp1:x86"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_8">
+        <vers num="-" edition="-:x86"/>
+        <vers num="-" edition="-:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_8.1">
+        <vers num="-" edition="-:~-~-~-~x64~"/>
+        <vers num="-" edition="-:~-~-~-~x86~"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2:itanium"/>
+        <vers num="" edition="sp2:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2:x64"/>
+        <vers num="" edition="sp2:x86"/>
+        <vers num="" edition="sp2:itanium"/>
+        <vers num="r2" edition="sp1:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2012">
+        <vers num="-"/>
+        <vers num="r2" edition="-:~-~essentials~~~"/>
+        <vers num="r2" edition="-:~-~standard~~~"/>
+        <vers num="r2" edition="-:~-~datacenter~~~"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_vista">
+        <vers num="" edition="sp2:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp3"/>
+        <vers num="-" edition="sp2:x64"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0302" published="2014-03-12" name="CVE-2014-0302" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0303.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="6"/>
+        <vers num="7"/>
+        <vers num="8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0303" published="2014-03-12" name="CVE-2014-0303" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0302.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="6"/>
+        <vers num="7"/>
+        <vers num="8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0304" published="2014-03-12" name="CVE-2014-0304" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="11" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0305" published="2014-03-12" name="CVE-2014-0305" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and CVE-2014-0311.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="6"/>
+        <vers num="7"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0306" published="2014-03-12" name="CVE-2014-0306" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0307" published="2014-03-12" name="CVE-2014-0307" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+      <ref url="http://www.exploit-db.com/exploits/32438" source="EXPLOIT-DB">32438</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0308" published="2014-03-12" name="CVE-2014-0308" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0312, and CVE-2014-0324.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0309" published="2014-03-12" name="CVE-2014-0309" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0311" published="2014-03-12" name="CVE-2014-0311" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and CVE-2014-0305.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="6"/>
+        <vers num="7"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0312" published="2014-03-12" name="CVE-2014-0312" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0324.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0313" published="2014-03-12" name="CVE-2014-0313" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0321.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0314" published="2014-03-12" name="CVE-2014-0314" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0315" published="2014-04-08" name="CVE-2014-0315" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse cmd.exe file in the current working directory, as demonstrated by a directory that contains a .bat or .cmd file, aka "Windows File Handling Vulnerability."</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-019" source="MS" adv="1">MS14-019</ref>
+      <ref url="http://blogs.technet.com/b/srd/archive/2014/04/08/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file.aspx" source="CONFIRM">http://blogs.technet.com/b/srd/archive/2014/04/08/ms14-019-fixing-a-binary-hijacking-via-cmd-or-bat-file.aspx</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_7">
+        <vers num="" edition="sp1:x64"/>
+        <vers num="" edition="sp1:x86"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_8">
+        <vers num="-" edition="-:x86"/>
+        <vers num="-" edition="-:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_8.1">
+        <vers num="-" edition="-:~-~-~-~x64~"/>
+        <vers num="-" edition="-:~-~-~-~x86~"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_rt">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_rt_8.1">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2:itanium"/>
+        <vers num="" edition="sp2:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2:x64"/>
+        <vers num="" edition="sp2:x86"/>
+        <vers num="" edition="sp2:itanium"/>
+        <vers num="r2" edition="sp1:x64"/>
+        <vers num="r2" edition="sp1:itanium"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2012">
+        <vers num="-"/>
+        <vers num="r2" edition="-:~-~essentials~~~"/>
+        <vers num="r2" edition="-:~-~standard~~~"/>
+        <vers num="r2" edition="-:~-~datacenter~~~"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_vista">
+        <vers num="" edition="sp2:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp3"/>
+        <vers num="-" edition="sp2:x64"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0317" published="2014-03-12" name="CVE-2014-0317" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:C/A:N)" CVSS_score="5.4" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="4.9" CVSS_base_score="5.4">
+    <desc>
+      <descript source="cve">The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-016" source="MS" patch="1" adv="1">MS14-016</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2:itanium"/>
+        <vers num="" edition="sp2:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2:x64"/>
+        <vers num="" edition="sp2:x86"/>
+        <vers num="r2" edition="sp1:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2012">
+        <vers num="-"/>
+        <vers num="r2" edition="-:~-~essentials~~~"/>
+        <vers num="r2" edition="-:~-~standard~~~"/>
+        <vers num="r2" edition="-:~-~datacenter~~~"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_vista">
+        <vers num="" edition="sp2:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp3"/>
+        <vers num="-" edition="sp2:x64"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0319" published="2014-03-12" name="CVE-2014-0319" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:C/A:N)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer Runtime before 5.1.30214.0 allow attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors, aka "Silverlight DEP/ASLR Bypass Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-014" source="MS" patch="1" adv="1">MS14-014</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="silverlight">
+        <vers num="5.0.60401.0"/>
+        <vers num="5.0.60818.0" edition="rc"/>
+        <vers num="5.0.61118.0"/>
+        <vers num="5.1.10411.0"/>
+        <vers num="5.1.20125.0"/>
+        <vers num="5.1.20513.0"/>
+        <vers num="5.1.20913.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0321" published="2014-03-12" name="CVE-2014-0321" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0313.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0322" published="2014-02-14" name="CVE-2014-0322" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, as exploited in the wild in January and February 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/732479" source="CERT-VN">VU#732479</ref>
+      <ref url="https://www.dropbox.com/s/pyxjgycmudirbqe/CVE-2014-0322.zip" source="MISC">https://www.dropbox.com/s/pyxjgycmudirbqe/CVE-2014-0322.zip</ref>
+      <ref url="http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html" source="MISC">http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html</ref>
+      <ref url="http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html" source="MISC">http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html</ref>
+      <ref url="http://twitter.com/nanoc0re/statuses/434251658344673281" source="MISC">http://twitter.com/nanoc0re/statuses/434251658344673281</ref>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS">MS14-012</ref>
+      <ref url="http://technet.microsoft.com/security/advisory/2934088" source="CONFIRM">http://technet.microsoft.com/security/advisory/2934088</ref>
+      <ref url="http://community.websense.com/blogs/securitylabs/archive/2014/02/13/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx" source="MISC">http://community.websense.com/blogs/securitylabs/archive/2014/02/13/msie-0-day-exploit-cve-2014-0322-possibly-targeting-french-aerospace-organization.aspx</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0323" published="2014-03-12" name="CVE-2014-0323" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:N/A:C)" CVSS_score="6.6" CVSS_impact_subscore="9.2" CVSS_exploit_subscore="3.9" CVSS_base_score="6.6">
+    <desc>
+      <descript source="cve">win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-015" source="MS" patch="1" adv="1">MS14-015</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_7">
+        <vers num="" edition="sp1:x64"/>
+        <vers num="" edition="sp1:x86"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_8">
+        <vers num="-" edition="-:x86"/>
+        <vers num="-" edition="-:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_8.1">
+        <vers num="-" edition="-:~-~-~-~x64~"/>
+        <vers num="-" edition="-:~-~-~-~x86~"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_rt">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_rt_8.1">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2003">
+        <vers num="" edition="sp2:itanium"/>
+        <vers num="" edition="sp2:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2008">
+        <vers num="" edition="sp2:x64"/>
+        <vers num="" edition="sp2:x86"/>
+        <vers num="" edition="sp2:itanium"/>
+        <vers num="r2" edition="sp1:x64"/>
+        <vers num="r2" edition="sp1:itanium"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_server_2012">
+        <vers num="-"/>
+        <vers num="r2" edition="-:~-~essentials~~~"/>
+        <vers num="r2" edition="-:~-~standard~~~"/>
+        <vers num="r2" edition="-:~-~datacenter~~~"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_vista">
+        <vers num="" edition="sp2:x64"/>
+      </prod>
+      <prod vendor="microsoft" name="windows_xp">
+        <vers num="" edition="sp3"/>
+        <vers num="-" edition="sp2:x64"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0324" published="2014-03-12" name="CVE-2014-0324" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297, CVE-2014-0308, and CVE-2014-0312.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-012" source="MS" patch="1" adv="1">MS14-012</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0329" published="2014-02-04" name="CVE-2014-0329" modified="2014-03-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging knowledge of the MAC address characters present at the beginning of the password.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/228886" source="CERT-VN">VU#228886</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90958" source="XF">zxv10-w300-cve20140329-sec-bypass(90958)</ref>
+      <ref url="http://www.securityfocus.com/bid/65310" source="BID">65310</ref>
+      <ref url="http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html" source="MISC">http://packetstormsecurity.com/files/125142/ZTE-ZXV10-W300-Hardcoded-Credentials.html</ref>
+      <ref url="http://osvdb.org/102816" source="OSVDB">102816</ref>
+      <ref url="http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html" source="MISC">http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="zte" name="zxv10_w300">
+        <vers num="2.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0330" published="2014-02-06" name="CVE-2014-0330" modified="2014-02-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/813382" source="CERT-VN">VU#813382</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="dell" name="kace_k1000_systems_management_appliance_software">
+        <vers num="5.5.90545"/>
+      </prod>
+      <prod vendor="dell" name="kace_k1000_systems_management_appliance">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0331" published="2014-04-10" name="CVE-2014-0331" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.fortiguard.com/advisory/FG-IR-14-004" source="CONFIRM" adv="1">http://www.fortiguard.com/advisory/FG-IR-14-004</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/53" source="FULLDISC">20140403 XSS Reflected vulnerabilities in OS of FortiADC v3.2 (CVE-2014-0331)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="fortinet" name="fortiadc-1000e">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="fortinet" name="fortiadc-1500d">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="fortinet" name="fortiadc-2000d">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="fortinet" name="fortiadc-200d">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="fortinet" name="fortiadc-300e">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="fortinet" name="fortiadc-4000d">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="fortinet" name="fortiadc-400e">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="fortinet" name="fortiadc-600e">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="fortinet" name="fortiadc_firmware">
+        <vers prev="1" num="3.2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0332" published="2014-02-14" name="CVE-2014-0332" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/727318" source="CERT-VN">VU#727318</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91062" source="XF">sonicwall-cve20140332-nodeid-xss(91062)</ref>
+      <ref url="http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf" source="CONFIRM">http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="dell" name="sonicwall_analyzer">
+        <vers num="7.0"/>
+        <vers prev="1" num="7.1" edition="sp1"/>
+      </prod>
+      <prod vendor="dell" name="sonicwall_global_management_system">
+        <vers num="7.0"/>
+        <vers prev="1" num="7.1" edition="sp1"/>
+      </prod>
+      <prod vendor="dell" name="sonicwall_universal_management_appliance_e5000">
+        <vers prev="1" num="7.0" edition="sp1"/>
+        <vers num="7.1" edition="sp1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0333" published="2014-02-27" name="CVE-2014-0333" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/684412" source="CERT-VN" patch="1">VU#684412</ref>
+      <ref url="ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff" source="CONFIRM" patch="1">ftp://ftp.simplesystems.org/pub/png/src/libpng16/patch-libpng16-vu684412.diff</ref>
+      <ref url="https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff" source="CONFIRM">https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00029.html" source="SUSE">openSUSE-SU-2014:0358</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="libpng" name="libpng">
+        <vers num="1.6.0" edition="beta"/>
+        <vers num="1.6.1" edition="beta"/>
+        <vers num="1.6.2" edition="beta"/>
+        <vers num="1.6.3" edition="beta"/>
+        <vers num="1.6.4" edition="beta"/>
+        <vers num="1.6.5"/>
+        <vers num="1.6.6"/>
+        <vers num="1.6.7" edition="beta"/>
+        <vers num="1.6.8" edition="beta"/>
+        <vers num="1.6.9" edition="beta"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0334" published="2014-03-02" name="CVE-2014-0334" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/526062" source="CERT-VN">VU#526062</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cmsmadesimple" name="cms_made_simple">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0335" published="2014-03-06" name="CVE-2014-0335" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/823452" source="CERT-VN">VU#823452</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="serena" name="dimensions_cm">
+        <vers num="12.2" edition="build7.199.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0336" published="2014-03-06" name="CVE-2014-0336" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the adminconsole/ URI.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/823452" source="CERT-VN">VU#823452</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="serena" name="dimensions_cm">
+        <vers num="12.2" edition="build7.199.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0337" published="2014-04-05" name="CVE-2014-0337" modified="2014-04-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during construction of the "failed log-in attempts over telnet" log view.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/917700" source="CERT-VN">VU#917700</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="huawei" name="echo_life">
+        <vers num="hg8247"/>
+      </prod>
+      <prod vendor="huawei" name="echo_life_hg8247_firmware">
+        <vers num="v1r006c00s120"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0338" published="2014-03-16" name="CVE-2014-0338" modified="2014-03-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via the pol_name parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/807134" source="CERT-VN">VU#807134</ref>
+      <ref url="http://watchguardsecuritycenter.com/2014/03/13/fireware-xtm-11-8-3-update-corrects-xss-flaw/" source="CONFIRM" adv="1">http://watchguardsecuritycenter.com/2014/03/13/fireware-xtm-11-8-3-update-corrects-xss-flaw/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="watchguard" name="fireware">
+        <vers num="11.6"/>
+        <vers num="11.6.1"/>
+        <vers num="11.6.3"/>
+        <vers num="11.6.5"/>
+        <vers num="11.6.6"/>
+        <vers num="11.7"/>
+        <vers num="11.7.2"/>
+        <vers num="11.7.3"/>
+        <vers num="11.7.4"/>
+        <vers num="11.8"/>
+        <vers prev="1" num="11.8.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0339" published="2014-03-16" name="CVE-2014-0339" modified="2014-03-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/381692" source="CERT-VN">VU#381692</ref>
+      <ref url="http://www.webmin.com/changes.html" source="CONFIRM">http://www.webmin.com/changes.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="webmin" name="webmin">
+        <vers num="1.600"/>
+        <vers num="1.610"/>
+        <vers num="1.620"/>
+        <vers num="1.630"/>
+        <vers num="1.640"/>
+        <vers num="1.650"/>
+        <vers num="1.660"/>
+        <vers prev="1" num="1.670"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0341" published="2014-04-15" name="CVE-2014-0341" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to objects.php; or the (5) email or (6) nickname field to pages.php, related to templates_internal/users.tpl.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/901156" source="CERT-VN">VU#901156</ref>
+      <ref url="http://sourceforge.net/p/pivot-weblog/code/4349/" source="CONFIRM" patch="1">http://sourceforge.net/p/pivot-weblog/code/4349/</ref>
+      <ref url="http://sourceforge.net/p/pivot-weblog/code/4345/" source="CONFIRM" patch="1">http://sourceforge.net/p/pivot-weblog/code/4345/</ref>
+      <ref url="http://pivotx.net/page/security" source="CONFIRM" adv="1">http://pivotx.net/page/security</ref>
+      <ref url="http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released" source="CONFIRM">http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="pivotx" name="pivotx">
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.2.0" edition="b1"/>
+        <vers num="2.2.0" edition="b2"/>
+        <vers num="2.2.0" edition="rc"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.5"/>
+        <vers num="2.3.0"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers prev="1" num="2.3.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0342" published="2014-04-15" name="CVE-2014-0342" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/434.html
+
+"CWE-434: Unrestricted Upload of File with Dangerous Type"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/901156" source="CERT-VN">VU#901156</ref>
+      <ref url="http://sourceforge.net/p/pivot-weblog/code/4347/" source="CONFIRM">http://sourceforge.net/p/pivot-weblog/code/4347/</ref>
+      <ref url="http://pivotx.net/page/security" source="CONFIRM">http://pivotx.net/page/security</ref>
+      <ref url="http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released" source="CONFIRM">http://blog.pivotx.net/archive/2014/03/03/pivotx-239-released</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="pivotx" name="pivotx">
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.2.0" edition="b1"/>
+        <vers num="2.2.0" edition="b2"/>
+        <vers num="2.2.0" edition="rc"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.5"/>
+        <vers num="2.3.0"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers prev="1" num="2.3.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0343" published="2014-03-25" name="CVE-2014-0343" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="4.9" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="4.4" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable.</descript>
+    </desc>
+    <impacts>
+      <impact source="nvd">Per: http://cwe.mitre.org/data/definitions/472.html
+
+"CWE-472: External Control of Assumed-Immutable Web Parameter"</impact>
+    </impacts>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/213046" source="CERT-VN">VU#213046</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="virtualaccess" name="gw6110a">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="virtualaccess" name="gw6110a_firmware">
+        <vers num="10.00"/>
+        <vers num="9.00"/>
+        <vers num="9.50"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0344" published="2014-03-29" name="CVE-2014-0344" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/140886" source="CERT-VN">VU#140886</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="zohocorp" name="manageengine_opstor">
+        <vers prev="1" num="8.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-0346" reject="1" published="2014-04-07" name="CVE-2014-0346" modified="2014-04-07">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-0160.  Reason: This candidate is a reservation duplicate of CVE-2014-0160.  Notes: All CVE users should reference CVE-2014-0160 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
+    </desc>
+    <refs/>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0347" published="2014-04-12" name="CVE-2014-0347" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:N/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/568252" source="CERT-VN">VU#568252</ref>
+      <ref url="https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&amp;prodidx=20&amp;osidx=0&amp;intidx=0&amp;versionidx=0" source="CONFIRM">https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&amp;prodidx=20&amp;osidx=0&amp;intidx=0&amp;versionidx=0</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="websense" name="triton_unified_security_center">
+        <vers num="7.7.3"/>
+      </prod>
+      <prod vendor="websense" name="triton_web_filter">
+        <vers num="7.7.3"/>
+      </prod>
+      <prod vendor="websense" name="triton_web_security">
+        <vers num="7.7.3"/>
+      </prod>
+      <prod vendor="websense" name="triton_web_security_gateway">
+        <vers num="7.7.3"/>
+      </prod>
+      <prod vendor="websense" name="triton_web_security_gateway_anywhere">
+        <vers num="7.7.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0348" published="2014-04-15" name="CVE-2014-0348" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:N/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding username on a Windows client machine.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/215284" source="CERT-VN">VU#215284</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ontariosystems" name="artiva_architect">
+        <vers num="3.2" edition="mr5"/>
+      </prod>
+      <prod vendor="ontariosystems" name="artiva_healthcare">
+        <vers num="5.2" edition="mr5"/>
+      </prod>
+      <prod vendor="ontariosystems" name="artiva_rm">
+        <vers num="3.1" edition="mr7"/>
+      </prod>
+      <prod vendor="ontariosystems" name="artiva_workstation">
+        <vers num="1.3.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0349" published="2014-04-12" name="CVE-2014-0349" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in J2k-Codec allow remote attackers to execute arbitrary code via a crafted JPEG 2000 file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/345337" source="CERT-VN">VU#345337</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="j2k-codec" name="j2k-codec">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0350" published="2014-04-25" name="CVE-2014-0350" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/118748" source="CERT-VN">VU#118748</ref>
+      <ref url="https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG" source="CONFIRM">https://raw.githubusercontent.com/pocoproject/poco/poco-1.4.6p4-release/CHANGELOG</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="pocoproject" name="poco_c++_libraries">
+        <vers num="1.4.5"/>
+        <vers prev="1" num="1.4.6" edition="-"/>
+        <vers prev="1" num="1.4.6" edition="p1"/>
+        <vers prev="1" num="1.4.6" edition="p2"/>
+        <vers prev="1" num="1.4.6" edition="p3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0353" published="2014-04-15" name="CVE-2014-0353" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:C/I:N/A:N)" CVSS_score="6.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.5" CVSS_base_score="6.1">
+    <desc>
+      <descript source="cve">The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/939260" source="CERT-VN">VU#939260</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="zyxel" name="n300_netusb_nbg-419n">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="zyxel" name="n300_netusb_nbg-419n_firmware">
+        <vers num="1.00(bfq_6)c0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0354" published="2014-04-15" name="CVE-2014-0354" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:C/I:C/A:N)" CVSS_score="7.8" CVSS_impact_subscore="9.2" CVSS_exploit_subscore="6.5" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/939260" source="CERT-VN">VU#939260</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="zyxel" name="n300_netusb_nbg-419n">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="zyxel" name="n300_netusb_nbg-419n_firmware">
+        <vers num="1.00(bfq_6)c0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0355" published="2014-04-15" name="CVE-2014-0355" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="7.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="5.5" CVSS_base_score="7.9">
+    <desc>
+      <descript source="cve">Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather function; the (2) WeatherCity or (3) WeatherDegree variable to the detectWeather function; unspecified input to the (4) UpnpAddRunRLQoS, (5) UpnpDeleteRunRLQoS, or (6) UpnpDeletePortCheckType function; or (7) the SET COUNTRY udps command.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/939260" source="CERT-VN">VU#939260</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="zyxel" name="n300_netusb_nbg-419n">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="zyxel" name="n300_netusb_nbg-419n_firmware">
+        <vers num="1.00(bfq_6)c0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0356" published="2014-04-15" name="CVE-2014-0356" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="7.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="5.5" CVSS_base_score="7.9">
+    <desc>
+      <descript source="cve">The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_language, (3) SystemCommand, or (4) NTPSyncWithHost function in management.c, or a (5) SET COUNTRY, (6) SET WLAN SSID, (7) SET WLAN CHANNEL, (8) SET WLAN STATUS, or (9) SET WLAN COUNTRY udps command.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/939260" source="CERT-VN">VU#939260</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="zyxel" name="n300_netusb_nbg-419n">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="zyxel" name="n300_netusb_nbg-419n_firmware">
+        <vers num="1.00(bfq_6)c0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0357" published="2014-04-15" name="CVE-2014-0357" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/251628" source="CERT-VN">VU#251628</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="amtelco" name="misecuremessages">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0358" published="2014-04-15" name="CVE-2014-0358" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:N/A:N)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatus action to servlet/MGConfigData, (2) the download parameter in a download action to servlet/MGConfigData, (3) the download parameter in a port_svc action to servlet/MGConfigData, (4) the file parameter in a getfile action to servlet/Installer, or (5) the binfile parameter to servlet/MGConfigData.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/657622" source="CERT-VN">VU#657622</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xangati" name="xangati_software_release">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="xangati" name="xangati_xnr">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0359" published="2014-04-15" name="CVE-2014-0359" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="9.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.0" CVSS_base_score="9.0">
+    <desc>
+      <descript source="cve">Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/657622" source="CERT-VN">VU#657622</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xangati" name="xangati_software_release">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="xangati" name="xangati_xnr">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-0360" reject="1" published="2014-04-23" name="CVE-2014-0360" modified="2014-04-23">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-2741.  Reason: This candidate is a duplicate of CVE-2014-2741.  Notes: All CVE users should reference CVE-2014-2741 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
+    </desc>
+    <refs/>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0361" published="2014-04-21" name="CVE-2014-0361" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:S/C:P/I:P/A:N)" CVSS_score="3.0" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="2.7" CVSS_base_score="3.0">
+    <desc>
+      <descript source="cve">The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack against an ADXCSOUF.DAT file.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/622950" source="CERT-VN">VU#622950</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=pos1R1005054" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=pos1R1005054</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="toshibacommerce" name="4690_point_of_sale_operating_system">
+        <vers num="6.2"/>
+        <vers num="6.3"/>
+        <vers num="6.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0363" published="2014-04-30" name="CVE-2014-0363" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/358.html
+
+"CWE-358: Improperly Implemented Security Check for Standard"</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/489228" source="CERT-VN">VU#489228</ref>
+      <ref url="http://issues.igniterealtime.org/browse/SMACK-410" source="CONFIRM">http://issues.igniterealtime.org/browse/SMACK-410</ref>
+      <ref url="http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released" source="CONFIRM">http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="igniterealtime" name="smack">
+        <vers num="2.2.0"/>
+        <vers num="2.2.1"/>
+        <vers num="3.0.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.1.0"/>
+        <vers num="3.2.0"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.2"/>
+        <vers num="3.3.0"/>
+        <vers num="3.3.1"/>
+        <vers num="3.4.0"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-02-16"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-02-18"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-02-19"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-02-20"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-02-21"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-02-23"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-02"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-03"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-10"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-11"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-12"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-13"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-16"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-18"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-21"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-25"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-26"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-29"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-04-06"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-04-09"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-04-13"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-04-15"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0364" published="2014-04-30" name="CVE-2014-0364" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/345.html
+
+"CWE-345: Insufficient Verification of Data Authenticity"</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/489228" source="CERT-VN">VU#489228</ref>
+      <ref url="http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released" source="CONFIRM">http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="igniterealtime" name="smack">
+        <vers num="2.2.0"/>
+        <vers num="2.2.1"/>
+        <vers num="3.0.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.1.0"/>
+        <vers num="3.2.0"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.2"/>
+        <vers num="3.3.0"/>
+        <vers num="3.3.1"/>
+        <vers num="3.4.0"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-02-16"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-02-18"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-02-19"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-02-20"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-02-21"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-02-23"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-02"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-03"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-10"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-11"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-12"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-13"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-16"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-18"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-21"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-25"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-26"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-03-29"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-04-06"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-04-09"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-04-13"/>
+        <vers prev="1" num="4.0.0" edition="snapshot-2014-04-15"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0366" published="2014-01-15" name="CVE-2014-0366" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Attachments.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029619" source="SECTRACK">1029619</ref>
+      <ref url="http://www.securityfocus.com/bid/64828" source="BID">64828</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56471" source="SECUNIA">56471</ref>
+      <ref url="http://osvdb.org/102090" source="OSVDB">102090</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="e-business_suite">
+        <vers num="11.5.10.2"/>
+        <vers num="12.0.6"/>
+        <vers num="12.1.3"/>
+        <vers num="12.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0367" published="2014-01-15" name="CVE-2014-0367" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_score="5.5" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.0" CVSS_base_score="5.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Hyperion Essbase Administration Services component in Oracle Hyperion 11.1.2.1, 11.1.2.2, and 11.1.2.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Admin Console.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/64814" source="BID">64814</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56469" source="SECUNIA">56469</ref>
+      <ref url="http://osvdb.org/102114" source="OSVDB">102114</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="hyperion">
+        <vers num="11.1.2.1"/>
+        <vers num="11.1.2.2"/>
+        <vers num="11.1.2.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0368" published="2014-01-15" name="CVE-2014-0368" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1052919" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1052919</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2124-1" source="UBUNTU">USN-2124-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2089-1" source="UBUNTU">USN-2089-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64930" source="BID">64930</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56486" source="SECUNIA">56486</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://secunia.com/advisories/56432" source="SECUNIA">56432</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0136.html" source="REDHAT">RHSA-2014:0136</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0097.html" source="REDHAT">RHSA-2014:0097</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0027.html" source="REDHAT">RHSA-2014:0027</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0026.html" source="REDHAT">RHSA-2014:0026</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" source="SUSE">openSUSE-SU-2014:0180</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" source="SUSE">openSUSE-SU-2014:0177</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" source="SUSE">openSUSE-SU-2014:0174</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+      <ref url="http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e6160aedadd5" source="MISC">http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e6160aedadd5</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0369" published="2014-01-15" name="CVE-2014-0369" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029622" source="SECTRACK">1029622</ref>
+      <ref url="http://www.securityfocus.com/bid/64832" source="BID">64832</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56480" source="SECUNIA">56480</ref>
+      <ref url="http://osvdb.org/102107" source="OSVDB">102107</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="siebel_crm">
+        <vers num="8.1.1"/>
+        <vers num="8.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0370" published="2014-01-15" name="CVE-2014-0370" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:M/C:N/I:N/A:P)" CVSS_score="2.8" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="5.5" CVSS_base_score="2.8">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Clinical Trip Report.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029622" source="SECTRACK">1029622</ref>
+      <ref url="http://www.securityfocus.com/bid/64837" source="BID">64837</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56481" source="SECUNIA">56481</ref>
+      <ref url="http://osvdb.org/102108" source="OSVDB">102108</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="siebel_crm">
+        <vers num="8.1.1"/>
+        <vers num="8.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0371" published="2014-01-15" name="CVE-2014-0371" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote authenticated users to affect integrity via unknown vectors related to DM Others.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029620" source="SECTRACK">1029620</ref>
+      <ref url="http://www.securityfocus.com/bid/64886" source="BID">64886</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56474" source="SECUNIA">56474</ref>
+      <ref url="http://osvdb.org/102098" source="OSVDB">102098</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="7.2.0.3"/>
+      </prod>
+      <prod vendor="oracle" name="supply_chain_products_suite_sql-server">
+        <vers num="12.2.0"/>
+        <vers num="12.2.1"/>
+        <vers num="12.2.2"/>
+        <vers num="7.3.0"/>
+        <vers num="7.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0372" published="2014-01-15" name="CVE-2014-0372" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_score="5.5" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.0" CVSS_base_score="5.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to DM Others.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029620" source="SECTRACK">1029620</ref>
+      <ref url="http://www.securityfocus.com/bid/64826" source="BID">64826</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56474" source="SECUNIA">56474</ref>
+      <ref url="http://osvdb.org/102103" source="OSVDB">102103</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="7.2.0.3"/>
+      </prod>
+      <prod vendor="oracle" name="supply_chain_products_suite_sql-server">
+        <vers num="12.2.0"/>
+        <vers num="12.2.1"/>
+        <vers num="12.2.2"/>
+        <vers num="7.3.0"/>
+        <vers num="7.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0373" published="2014-01-15" name="CVE-2014-0373" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox.</descript>
+      <descript source="nvd">per http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+
+Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1051699" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1051699</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2124-1" source="UBUNTU">USN-2124-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2089-1" source="UBUNTU">USN-2089-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64922" source="BID">64922</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://secunia.com/advisories/56432" source="SECUNIA">56432</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0136.html" source="REDHAT">RHSA-2014:0136</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0097.html" source="REDHAT">RHSA-2014:0097</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0027.html" source="REDHAT">RHSA-2014:0027</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0026.html" source="REDHAT">RHSA-2014:0026</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" source="SUSE">openSUSE-SU-2014:0180</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" source="SUSE">openSUSE-SU-2014:0177</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" source="SUSE">openSUSE-SU-2014:0174</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+      <ref url="http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/496c51673dec" source="MISC">http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/496c51673dec</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0374" published="2014-01-15" name="CVE-2014-0374" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Page Parameters and Events.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029613" source="SECTRACK">1029613</ref>
+      <ref url="http://www.securityfocus.com/bid/64830" source="BID">64830</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56464" source="SECUNIA">56464</ref>
+      <ref url="http://osvdb.org/102093" source="OSVDB">102093</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="11.1.1.6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0375" published="2014-01-15" name="CVE-2014-0375" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403.</descript>
+      <descript source="nvd">per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+
+
+Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90339" source="XF">oracle-cpujan2014-cve20140375(90339)</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64916" source="BID">64916</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://osvdb.org/102007" source="OSVDB">102007</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0376" published="2014-01-15" name="CVE-2014-0376" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories."</descript>
+      <descript source="nvd">per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+
+
+Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1051923" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1051923</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90350" source="XF">oracle-cpujan2014-cve20140376(90350)</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2124-1" source="UBUNTU">USN-2124-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2089-1" source="UBUNTU">USN-2089-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64907" source="BID">64907</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56486" source="SECUNIA">56486</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://secunia.com/advisories/56432" source="SECUNIA">56432</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0136.html" source="REDHAT">RHSA-2014:0136</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0097.html" source="REDHAT">RHSA-2014:0097</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0027.html" source="REDHAT">RHSA-2014:0027</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0026.html" source="REDHAT">RHSA-2014:0026</ref>
+      <ref url="http://osvdb.org/102018" source="OSVDB">102018</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" source="SUSE">openSUSE-SU-2014:0180</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" source="SUSE">openSUSE-SU-2014:0177</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" source="SUSE">openSUSE-SU-2014:0174</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+      <ref url="http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/783ceae9b736" source="MISC">http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/783ceae9b736</ref>
+      <ref url="http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/42be8e6266ab" source="MISC">http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/42be8e6266ab</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0377" published="2014-01-15" name="CVE-2014-0377" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via vectors related to SYS tables.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029607" source="SECTRACK">1029607</ref>
+      <ref url="http://www.securityfocus.com/bid/64824" source="BID">64824</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56452" source="SECUNIA">56452</ref>
+      <ref url="http://osvdb.org/102081" source="OSVDB">102081</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html" source="SUSE">SUSE-SU-2014:0130</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="database_server">
+        <vers num="11.1.0.7"/>
+        <vers num="11.2.0.3"/>
+        <vers num="11.2.0.4"/>
+        <vers num="12.1.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0378" published="2014-01-15" name="CVE-2014-0378" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="4.1" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="2.7" CVSS_base_score="4.1">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Spatial component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029607" source="SECTRACK">1029607</ref>
+      <ref url="http://www.securityfocus.com/bid/64812" source="BID">64812</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56452" source="SECUNIA">56452</ref>
+      <ref url="http://osvdb.org/102080" source="OSVDB">102080</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00007.html" source="SUSE">SUSE-SU-2014:0130</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="database_server">
+        <vers num="11.1.0.7"/>
+        <vers num="11.2.0.3"/>
+        <vers num="11.2.0.4"/>
+        <vers num="12.1.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0379" published="2014-01-15" name="CVE-2014-0379" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors related to DM Others.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029620" source="SECTRACK">1029620</ref>
+      <ref url="http://www.securityfocus.com/bid/64857" source="BID">64857</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56474" source="SECUNIA">56474</ref>
+      <ref url="http://osvdb.org/102097" source="OSVDB">102097</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="7.2.0.3"/>
+      </prod>
+      <prod vendor="oracle" name="supply_chain_products_suite_sql-server">
+        <vers num="12.2.0"/>
+        <vers num="12.2.1"/>
+        <vers num="12.2.2"/>
+        <vers num="7.3.0"/>
+        <vers num="7.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0380" published="2014-01-15" name="CVE-2014-0380" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to MultiChannel Framework (MCF).</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64865" source="BID">64865</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56478" source="SECUNIA">56478</ref>
+      <ref url="http://osvdb.org/102037" source="OSVDB">102037</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0381" published="2014-01-15" name="CVE-2014-0381" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:P/A:N)" CVSS_score="2.6" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0445.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64892" source="BID">64892</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56478" source="SECUNIA">56478</ref>
+      <ref url="http://osvdb.org/102045" source="OSVDB">102045</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0382" published="2014-01-15" name="CVE-2014-0382" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90355" source="XF">oracle-cpujan2014-cve20140382(90355)</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64936" source="BID">64936</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://secunia.com/advisories/56484" source="SECUNIA">56484</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://osvdb.org/102026" source="OSVDB">102026</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="javafx">
+        <vers num="2.2.45"/>
+      </prod>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0383" published="2014-01-15" name="CVE-2014-0383" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:N/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Identity Console.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029613" source="SECTRACK">1029613</ref>
+      <ref url="http://www.securityfocus.com/bid/64842" source="BID">64842</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56459" source="SECUNIA">56459</ref>
+      <ref url="http://osvdb.org/102102" source="OSVDB">102102</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="11.1.2.0"/>
+        <vers num="11.1.2.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0384" published="2014-04-15" name="CVE-2014-0384" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers num="5.5.33"/>
+        <vers num="5.5.34"/>
+        <vers prev="1" num="5.5.35"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers prev="1" num="5.6.15"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0385" published="2014-01-15" name="CVE-2014-0385" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 7u45, when installing on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.</descript>
+      <descript source="nvd">per:
+http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+
+Applies to installation process on client deployment of Java.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64901" source="BID">64901</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://osvdb.org/101998" source="OSVDB">101998</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0386" published="2014-01-15" name="CVE-2014-0386" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90380" source="XF">oracle-cpujan2014-cve20140386(90380)</ref>
+      <ref url="http://www.securityfocus.com/bid/64904" source="BID">64904</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2848" source="DEBIAN">DSA-2848</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2845" source="DEBIAN">DSA-2845</ref>
+      <ref url="http://ubuntu.com/usn/usn-2086-1" source="UBUNTU">USN-2086-1</ref>
+      <ref url="http://secunia.com/advisories/56580" source="SECUNIA">56580</ref>
+      <ref url="http://secunia.com/advisories/56541" source="SECUNIA">56541</ref>
+      <ref url="http://secunia.com/advisories/56491" source="SECUNIA">56491</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0189.html" source="REDHAT">RHSA-2014:0189</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0186.html" source="REDHAT">RHSA-2014:0186</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0173.html" source="REDHAT">RHSA-2014:0173</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0164.html" source="REDHAT">RHSA-2014:0164</ref>
+      <ref url="http://osvdb.org/102069" source="OSVDB">102069</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.1"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.10"/>
+        <vers num="5.1.11"/>
+        <vers num="5.1.12"/>
+        <vers num="5.1.13"/>
+        <vers num="5.1.14"/>
+        <vers num="5.1.15"/>
+        <vers num="5.1.16"/>
+        <vers num="5.1.17"/>
+        <vers num="5.1.18"/>
+        <vers num="5.1.19"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.20"/>
+        <vers num="5.1.21"/>
+        <vers num="5.1.22"/>
+        <vers num="5.1.23" edition="a"/>
+        <vers num="5.1.23_bk"/>
+        <vers num="5.1.23a"/>
+        <vers num="5.1.24"/>
+        <vers num="5.1.25"/>
+        <vers num="5.1.26"/>
+        <vers num="5.1.27"/>
+        <vers num="5.1.28"/>
+        <vers num="5.1.29"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.30"/>
+        <vers num="5.1.31" edition="sp1"/>
+        <vers num="5.1.32"/>
+        <vers num="5.1.32-bzr"/>
+        <vers num="5.1.33"/>
+        <vers num="5.1.34" edition="sp1"/>
+        <vers num="5.1.35"/>
+        <vers num="5.1.36"/>
+        <vers num="5.1.37" edition="sp1"/>
+        <vers num="5.1.38"/>
+        <vers num="5.1.39"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.40" edition="sp1"/>
+        <vers num="5.1.41"/>
+        <vers num="5.1.42"/>
+        <vers num="5.1.43" edition="sp1"/>
+        <vers num="5.1.44"/>
+        <vers num="5.1.45"/>
+        <vers num="5.1.46" edition="sp1"/>
+        <vers num="5.1.47"/>
+        <vers num="5.1.48"/>
+        <vers num="5.1.49" edition="sp1"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.50"/>
+        <vers num="5.1.5a"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+        <vers num="5.1.8"/>
+        <vers num="5.1.9"/>
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.1.51"/>
+        <vers num="5.1.52" edition="sp1"/>
+        <vers num="5.1.53"/>
+        <vers num="5.1.54"/>
+        <vers num="5.1.55"/>
+        <vers num="5.1.56"/>
+        <vers num="5.1.57"/>
+        <vers num="5.1.58"/>
+        <vers num="5.1.59"/>
+        <vers num="5.1.60"/>
+        <vers num="5.1.61"/>
+        <vers num="5.1.62"/>
+        <vers num="5.1.63"/>
+        <vers num="5.1.64"/>
+        <vers num="5.1.65"/>
+        <vers num="5.1.66"/>
+        <vers num="5.1.67"/>
+        <vers num="5.1.68"/>
+        <vers num="5.1.69"/>
+        <vers num="5.1.70"/>
+        <vers prev="1" num="5.1.71"/>
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers prev="1" num="5.5.33"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers prev="1" num="5.6.13"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0387" published="2014-01-15" name="CVE-2014-0387" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:C/I:C/A:C)" CVSS_score="7.6" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="4.9" CVSS_base_score="7.6">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64882" source="BID">64882</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://osvdb.org/102002" source="OSVDB">102002</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0388" published="2014-01-15" name="CVE-2014-0388" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human Resources component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Org and Workforce Dev.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64878" source="BID">64878</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56477" source="SECUNIA">56477</ref>
+      <ref url="http://osvdb.org/102040" source="OSVDB">102040</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="9.1"/>
+        <vers num="9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0389" published="2014-01-15" name="CVE-2014-0389" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle iLearning 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Pages.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029621" source="SECTRACK">1029621</ref>
+      <ref url="http://www.securityfocus.com/bid/64845" source="BID">64845</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56482" source="SECUNIA">56482</ref>
+      <ref url="http://osvdb.org/102109" source="OSVDB">102109</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="ilearning">
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0390" published="2014-01-15" name="CVE-2014-0390" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90362" source="XF">oracle-cpujan2014-cve20140390(90362)</ref>
+      <ref url="http://www.securityfocus.com/bid/64859" source="BID">64859</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56488" source="SECUNIA">56488</ref>
+      <ref url="http://osvdb.org/102052" source="OSVDB">102052</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sun" name="sunos">
+        <vers num="5.10"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0391" published="2014-01-15" name="CVE-2014-0391" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect confidentiality via unknown vectors related to End User Self Service.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029613" source="SECTRACK">1029613</ref>
+      <ref url="http://www.securityfocus.com/bid/64829" source="BID">64829</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56459" source="SECUNIA">56459</ref>
+      <ref url="http://osvdb.org/102099" source="OSVDB">102099</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="11.1.1.5.0"/>
+        <vers num="11.1.1.7.0"/>
+        <vers num="11.1.2.0"/>
+        <vers num="11.1.2.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0392" published="2014-01-15" name="CVE-2014-0392" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64874" source="BID">64874</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56477" source="SECUNIA">56477</ref>
+      <ref url="http://osvdb.org/102039" source="OSVDB">102039</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="9.1"/>
+        <vers num="9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0393" published="2014-01-15" name="CVE-2014-0393" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:M/C:N/I:P/A:N)" CVSS_score="3.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.4" CVSS_base_score="3.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90386" source="XF">oracle-cpujan2014-cve20140393(90386)</ref>
+      <ref url="http://www.securityfocus.com/bid/64877" source="BID">64877</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2848" source="DEBIAN">DSA-2848</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2845" source="DEBIAN">DSA-2845</ref>
+      <ref url="http://ubuntu.com/usn/usn-2086-1" source="UBUNTU">USN-2086-1</ref>
+      <ref url="http://secunia.com/advisories/56580" source="SECUNIA">56580</ref>
+      <ref url="http://secunia.com/advisories/56541" source="SECUNIA">56541</ref>
+      <ref url="http://secunia.com/advisories/56491" source="SECUNIA">56491</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0189.html" source="REDHAT">RHSA-2014:0189</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0186.html" source="REDHAT">RHSA-2014:0186</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0173.html" source="REDHAT">RHSA-2014:0173</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0164.html" source="REDHAT">RHSA-2014:0164</ref>
+      <ref url="http://osvdb.org/102075" source="OSVDB">102075</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.1"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.10"/>
+        <vers num="5.1.11"/>
+        <vers num="5.1.12"/>
+        <vers num="5.1.13"/>
+        <vers num="5.1.14"/>
+        <vers num="5.1.15"/>
+        <vers num="5.1.16"/>
+        <vers num="5.1.17"/>
+        <vers num="5.1.18"/>
+        <vers num="5.1.19"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.20"/>
+        <vers num="5.1.21"/>
+        <vers num="5.1.22"/>
+        <vers num="5.1.23" edition="a"/>
+        <vers num="5.1.23_bk"/>
+        <vers num="5.1.23a"/>
+        <vers num="5.1.24"/>
+        <vers num="5.1.25"/>
+        <vers num="5.1.26"/>
+        <vers num="5.1.27"/>
+        <vers num="5.1.28"/>
+        <vers num="5.1.29"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.30"/>
+        <vers num="5.1.31" edition="sp1"/>
+        <vers num="5.1.32"/>
+        <vers num="5.1.32-bzr"/>
+        <vers num="5.1.33"/>
+        <vers num="5.1.34" edition="sp1"/>
+        <vers num="5.1.35"/>
+        <vers num="5.1.36"/>
+        <vers num="5.1.37" edition="sp1"/>
+        <vers num="5.1.38"/>
+        <vers num="5.1.39"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.40" edition="sp1"/>
+        <vers num="5.1.41"/>
+        <vers num="5.1.42"/>
+        <vers num="5.1.43" edition="sp1"/>
+        <vers num="5.1.44"/>
+        <vers num="5.1.45"/>
+        <vers num="5.1.46" edition="sp1"/>
+        <vers num="5.1.47"/>
+        <vers num="5.1.48"/>
+        <vers num="5.1.49" edition="sp1"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.50"/>
+        <vers num="5.1.5a"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+        <vers num="5.1.8"/>
+        <vers num="5.1.9"/>
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.1.51"/>
+        <vers num="5.1.52" edition="sp1"/>
+        <vers num="5.1.53"/>
+        <vers num="5.1.54"/>
+        <vers num="5.1.55"/>
+        <vers num="5.1.56"/>
+        <vers num="5.1.57"/>
+        <vers num="5.1.58"/>
+        <vers num="5.1.59"/>
+        <vers num="5.1.60"/>
+        <vers num="5.1.61"/>
+        <vers num="5.1.62"/>
+        <vers num="5.1.63"/>
+        <vers num="5.1.64"/>
+        <vers num="5.1.65"/>
+        <vers num="5.1.66"/>
+        <vers num="5.1.67"/>
+        <vers num="5.1.68"/>
+        <vers num="5.1.69"/>
+        <vers num="5.1.70"/>
+        <vers prev="1" num="5.1.71"/>
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers prev="1" num="5.5.33"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers prev="1" num="5.6.13"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0394" published="2014-01-15" name="CVE-2014-0394" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Updates Environment Mgmt, a different vulnerability than CVE-2014-0395.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64848" source="BID">64848</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56478" source="SECUNIA">56478</ref>
+      <ref url="http://osvdb.org/102033" source="OSVDB">102033</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0395" published="2014-01-15" name="CVE-2014-0395" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Updates Environment Mgmt, a different vulnerability than CVE-2014-0394.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64852" source="BID">64852</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56478" source="SECUNIA">56478</ref>
+      <ref url="http://osvdb.org/102034" source="OSVDB">102034</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0396" published="2014-01-15" name="CVE-2014-0396" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Portal - Web Services.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64841" source="BID">64841</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56478" source="SECUNIA">56478</ref>
+      <ref url="http://osvdb.org/102031" source="OSVDB">102031</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0398" published="2014-01-15" name="CVE-2014-0398" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Discoverer.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029619" source="SECTRACK">1029619</ref>
+      <ref url="http://www.securityfocus.com/bid/64818" source="BID">64818</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56471" source="SECUNIA">56471</ref>
+      <ref url="http://osvdb.org/102105" source="OSVDB">102105</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="e-business_suite">
+        <vers num="11.5.10.2"/>
+        <vers num="12.0.6"/>
+        <vers num="12.1.3"/>
+        <vers num="12.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0399" published="2014-01-15" name="CVE-2014-0399" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Data, Domain &amp; Function Security.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029620" source="SECTRACK">1029620</ref>
+      <ref url="http://www.securityfocus.com/bid/64861" source="BID">64861</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://osvdb.org/102085" source="OSVDB">102085</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="6.2.0"/>
+        <vers num="6.3.0"/>
+        <vers num="6.3.1"/>
+        <vers num="6.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0400" published="2014-01-15" name="CVE-2014-0400" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:C/I:N/A:N)" CVSS_score="6.3" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.8" CVSS_base_score="6.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Internet Directory component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to OID LDAP server.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029618" source="SECTRACK">1029618</ref>
+      <ref url="http://www.securityfocus.com/bid/64822" source="BID">64822</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56460" source="SECUNIA">56460</ref>
+      <ref url="http://osvdb.org/102112" source="OSVDB">102112</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="11.1.1.6.0"/>
+        <vers num="11.1.1.7.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0401" published="2014-01-15" name="CVE-2014-0401" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90382" source="XF">oracle-cpujan2014-cve20140401(90382)</ref>
+      <ref url="http://www.securityfocus.com/bid/64898" source="BID">64898</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2848" source="DEBIAN">DSA-2848</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2845" source="DEBIAN">DSA-2845</ref>
+      <ref url="http://ubuntu.com/usn/usn-2086-1" source="UBUNTU">USN-2086-1</ref>
+      <ref url="http://secunia.com/advisories/56580" source="SECUNIA">56580</ref>
+      <ref url="http://secunia.com/advisories/56541" source="SECUNIA">56541</ref>
+      <ref url="http://secunia.com/advisories/56491" source="SECUNIA">56491</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0189.html" source="REDHAT">RHSA-2014:0189</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0186.html" source="REDHAT">RHSA-2014:0186</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0173.html" source="REDHAT">RHSA-2014:0173</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0164.html" source="REDHAT">RHSA-2014:0164</ref>
+      <ref url="http://osvdb.org/102071" source="OSVDB">102071</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.1"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.10"/>
+        <vers num="5.1.11"/>
+        <vers num="5.1.12"/>
+        <vers num="5.1.13"/>
+        <vers num="5.1.14"/>
+        <vers num="5.1.15"/>
+        <vers num="5.1.16"/>
+        <vers num="5.1.17"/>
+        <vers num="5.1.18"/>
+        <vers num="5.1.19"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.20"/>
+        <vers num="5.1.21"/>
+        <vers num="5.1.22"/>
+        <vers num="5.1.23" edition="a"/>
+        <vers num="5.1.23_bk"/>
+        <vers num="5.1.23a"/>
+        <vers num="5.1.24"/>
+        <vers num="5.1.25"/>
+        <vers num="5.1.26"/>
+        <vers num="5.1.27"/>
+        <vers num="5.1.28"/>
+        <vers num="5.1.29"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.30"/>
+        <vers num="5.1.31" edition="sp1"/>
+        <vers num="5.1.32"/>
+        <vers num="5.1.32-bzr"/>
+        <vers num="5.1.33"/>
+        <vers num="5.1.34" edition="sp1"/>
+        <vers num="5.1.35"/>
+        <vers num="5.1.36"/>
+        <vers num="5.1.37" edition="sp1"/>
+        <vers num="5.1.38"/>
+        <vers num="5.1.39"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.40" edition="sp1"/>
+        <vers num="5.1.41"/>
+        <vers num="5.1.42"/>
+        <vers num="5.1.43" edition="sp1"/>
+        <vers num="5.1.44"/>
+        <vers num="5.1.45"/>
+        <vers num="5.1.46" edition="sp1"/>
+        <vers num="5.1.47"/>
+        <vers num="5.1.48"/>
+        <vers num="5.1.49" edition="sp1"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.50"/>
+        <vers num="5.1.5a"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+        <vers num="5.1.8"/>
+        <vers num="5.1.9"/>
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.1.51"/>
+        <vers num="5.1.52" edition="sp1"/>
+        <vers num="5.1.53"/>
+        <vers num="5.1.54"/>
+        <vers num="5.1.55"/>
+        <vers num="5.1.56"/>
+        <vers num="5.1.57"/>
+        <vers num="5.1.58"/>
+        <vers num="5.1.59"/>
+        <vers num="5.1.60"/>
+        <vers num="5.1.61"/>
+        <vers num="5.1.62"/>
+        <vers num="5.1.63"/>
+        <vers num="5.1.64"/>
+        <vers num="5.1.65"/>
+        <vers num="5.1.66"/>
+        <vers num="5.1.67"/>
+        <vers num="5.1.68"/>
+        <vers num="5.1.69"/>
+        <vers num="5.1.70"/>
+        <vers num="5.1.71"/>
+        <vers prev="1" num="5.1.72"/>
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers num="5.5.33"/>
+        <vers prev="1" num="5.5.34"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers prev="1" num="5.6.14"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0402" published="2014-01-15" name="CVE-2014-0402" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90379" source="XF">oracle-cpujan2014-cve20140402(90379)</ref>
+      <ref url="http://www.securityfocus.com/bid/64908" source="BID">64908</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2848" source="DEBIAN">DSA-2848</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2845" source="DEBIAN">DSA-2845</ref>
+      <ref url="http://ubuntu.com/usn/usn-2086-1" source="UBUNTU">USN-2086-1</ref>
+      <ref url="http://secunia.com/advisories/56580" source="SECUNIA">56580</ref>
+      <ref url="http://secunia.com/advisories/56541" source="SECUNIA">56541</ref>
+      <ref url="http://secunia.com/advisories/56491" source="SECUNIA">56491</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0189.html" source="REDHAT">RHSA-2014:0189</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0186.html" source="REDHAT">RHSA-2014:0186</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0173.html" source="REDHAT">RHSA-2014:0173</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0164.html" source="REDHAT">RHSA-2014:0164</ref>
+      <ref url="http://osvdb.org/102068" source="OSVDB">102068</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.1"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.10"/>
+        <vers num="5.1.11"/>
+        <vers num="5.1.12"/>
+        <vers num="5.1.13"/>
+        <vers num="5.1.14"/>
+        <vers num="5.1.15"/>
+        <vers num="5.1.16"/>
+        <vers num="5.1.17"/>
+        <vers num="5.1.18"/>
+        <vers num="5.1.19"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.20"/>
+        <vers num="5.1.21"/>
+        <vers num="5.1.22"/>
+        <vers num="5.1.23" edition="a"/>
+        <vers num="5.1.23_bk"/>
+        <vers num="5.1.23a"/>
+        <vers num="5.1.24"/>
+        <vers num="5.1.25"/>
+        <vers num="5.1.26"/>
+        <vers num="5.1.27"/>
+        <vers num="5.1.28"/>
+        <vers num="5.1.29"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.30"/>
+        <vers num="5.1.31" edition="sp1"/>
+        <vers num="5.1.32"/>
+        <vers num="5.1.32-bzr"/>
+        <vers num="5.1.33"/>
+        <vers num="5.1.34" edition="sp1"/>
+        <vers num="5.1.35"/>
+        <vers num="5.1.36"/>
+        <vers num="5.1.37" edition="sp1"/>
+        <vers num="5.1.38"/>
+        <vers num="5.1.39"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.40" edition="sp1"/>
+        <vers num="5.1.41"/>
+        <vers num="5.1.42"/>
+        <vers num="5.1.43" edition="sp1"/>
+        <vers num="5.1.44"/>
+        <vers num="5.1.45"/>
+        <vers num="5.1.46" edition="sp1"/>
+        <vers num="5.1.47"/>
+        <vers num="5.1.48"/>
+        <vers num="5.1.49" edition="sp1"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.50"/>
+        <vers num="5.1.5a"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+        <vers num="5.1.8"/>
+        <vers num="5.1.9"/>
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.1.51"/>
+        <vers num="5.1.52" edition="sp1"/>
+        <vers num="5.1.53"/>
+        <vers num="5.1.54"/>
+        <vers num="5.1.55"/>
+        <vers num="5.1.56"/>
+        <vers num="5.1.57"/>
+        <vers num="5.1.58"/>
+        <vers num="5.1.59"/>
+        <vers num="5.1.60"/>
+        <vers num="5.1.61"/>
+        <vers num="5.1.62"/>
+        <vers num="5.1.63"/>
+        <vers num="5.1.64"/>
+        <vers num="5.1.65"/>
+        <vers num="5.1.66"/>
+        <vers num="5.1.67"/>
+        <vers num="5.1.68"/>
+        <vers num="5.1.69"/>
+        <vers num="5.1.70"/>
+        <vers prev="1" num="5.1.71"/>
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers prev="1" num="5.5.33"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers prev="1" num="5.6.13"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0403" published="2014-01-15" name="CVE-2014-0403" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90338" source="XF">oracle-cpujan2014-cve20140403(90338)</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64920" source="BID">64920</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://osvdb.org/102006" source="OSVDB">102006</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0404" published="2014-01-15" name="CVE-2014-0404" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:L/AC:H/Au:S/C:N/I:P/A:P)" CVSS_score="2.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="1.5" CVSS_base_score="2.4">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90372" source="XF">oracle-cpujan2014-cve20140404(90372)</ref>
+      <ref url="http://www.securitytracker.com/id/1029610" source="SECTRACK">1029610</ref>
+      <ref url="http://www.securityfocus.com/bid/64911" source="BID">64911</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2878" source="DEBIAN">DSA-2878</ref>
+      <ref url="http://secunia.com/advisories/56490" source="SECUNIA">56490</ref>
+      <ref url="http://osvdb.org/102061" source="OSVDB">102061</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="vm_virtualbox">
+        <vers num="3.2.0"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.16"/>
+        <vers prev="1" num="3.2.18"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.8"/>
+        <vers num="4.0"/>
+        <vers num="4.0.0"/>
+        <vers num="4.0.10"/>
+        <vers num="4.0.12"/>
+        <vers num="4.0.14"/>
+        <vers num="4.0.16"/>
+        <vers num="4.0.18"/>
+        <vers num="4.0.2"/>
+        <vers prev="1" num="4.0.20"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.6"/>
+        <vers num="4.0.8"/>
+        <vers num="4.1.0"/>
+        <vers num="4.1.10"/>
+        <vers num="4.1.12"/>
+        <vers num="4.1.14"/>
+        <vers num="4.1.16"/>
+        <vers num="4.1.18"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.20"/>
+        <vers num="4.1.22"/>
+        <vers num="4.1.24"/>
+        <vers num="4.1.26"/>
+        <vers prev="1" num="4.1.28"/>
+        <vers num="4.1.4"/>
+        <vers num="4.1.6"/>
+        <vers num="4.1.8"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.10"/>
+        <vers num="4.2.12"/>
+        <vers num="4.2.14"/>
+        <vers num="4.2.16"/>
+        <vers prev="1" num="4.2.18"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.4"/>
+        <vers num="4.2.6"/>
+        <vers num="4.2.8"/>
+        <vers num="4.3.0"/>
+        <vers prev="1" num="4.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0405" published="2014-01-15" name="CVE-2014-0405" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:L/AC:H/Au:S/C:P/I:P/A:P)" CVSS_score="3.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="1.5" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90370" source="XF">oracle-cpujan2014-cve20140405(90370)</ref>
+      <ref url="http://www.securitytracker.com/id/1029610" source="SECTRACK">1029610</ref>
+      <ref url="http://www.securityfocus.com/bid/64900" source="BID">64900</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56490" source="SECUNIA">56490</ref>
+      <ref url="http://osvdb.org/102059" source="OSVDB">102059</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="vm_virtualbox">
+        <vers num="3.2.0"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.16"/>
+        <vers prev="1" num="3.2.18"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.8"/>
+        <vers num="4.0"/>
+        <vers num="4.0.0"/>
+        <vers num="4.0.10"/>
+        <vers num="4.0.12"/>
+        <vers num="4.0.14"/>
+        <vers num="4.0.16"/>
+        <vers num="4.0.18"/>
+        <vers num="4.0.2"/>
+        <vers prev="1" num="4.0.20"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.6"/>
+        <vers num="4.0.8"/>
+        <vers num="4.1.0"/>
+        <vers num="4.1.10"/>
+        <vers num="4.1.12"/>
+        <vers num="4.1.14"/>
+        <vers num="4.1.16"/>
+        <vers num="4.1.18"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.20"/>
+        <vers num="4.1.22"/>
+        <vers num="4.1.24"/>
+        <vers num="4.1.26"/>
+        <vers prev="1" num="4.1.28"/>
+        <vers num="4.1.4"/>
+        <vers num="4.1.6"/>
+        <vers num="4.1.8"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.10"/>
+        <vers num="4.2.12"/>
+        <vers num="4.2.14"/>
+        <vers num="4.2.16"/>
+        <vers prev="1" num="4.2.18"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.4"/>
+        <vers num="4.2.6"/>
+        <vers num="4.2.8"/>
+        <vers num="4.3.0"/>
+        <vers prev="1" num="4.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0406" published="2014-01-15" name="CVE-2014-0406" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:L/AC:H/Au:S/C:N/I:P/A:P)" CVSS_score="2.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="1.5" CVSS_base_score="2.4">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90371" source="XF">oracle-cpujan2014-cve20140406(90371)</ref>
+      <ref url="http://www.securitytracker.com/id/1029610" source="SECTRACK">1029610</ref>
+      <ref url="http://www.securityfocus.com/bid/64905" source="BID">64905</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2878" source="DEBIAN">DSA-2878</ref>
+      <ref url="http://secunia.com/advisories/56490" source="SECUNIA">56490</ref>
+      <ref url="http://osvdb.org/102060" source="OSVDB">102060</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="vm_virtualbox">
+        <vers num="3.2.0"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.16"/>
+        <vers prev="1" num="3.2.18"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.8"/>
+        <vers num="4.0"/>
+        <vers num="4.0.0"/>
+        <vers num="4.0.10"/>
+        <vers num="4.0.12"/>
+        <vers num="4.0.14"/>
+        <vers num="4.0.16"/>
+        <vers num="4.0.18"/>
+        <vers num="4.0.2"/>
+        <vers prev="1" num="4.0.20"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.6"/>
+        <vers num="4.0.8"/>
+        <vers num="4.1.0"/>
+        <vers num="4.1.10"/>
+        <vers num="4.1.12"/>
+        <vers num="4.1.14"/>
+        <vers num="4.1.16"/>
+        <vers num="4.1.18"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.20"/>
+        <vers num="4.1.22"/>
+        <vers num="4.1.24"/>
+        <vers num="4.1.26"/>
+        <vers prev="1" num="4.1.28"/>
+        <vers num="4.1.4"/>
+        <vers num="4.1.6"/>
+        <vers num="4.1.8"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.10"/>
+        <vers num="4.2.12"/>
+        <vers num="4.2.14"/>
+        <vers num="4.2.16"/>
+        <vers prev="1" num="4.2.18"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.4"/>
+        <vers num="4.2.6"/>
+        <vers num="4.2.8"/>
+        <vers num="4.3.0"/>
+        <vers prev="1" num="4.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0407" published="2014-01-15" name="CVE-2014-0407" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:L/AC:H/Au:S/C:P/I:P/A:P)" CVSS_score="3.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="1.5" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90369" source="XF">oracle-cpujan2014-cve20140407(90369)</ref>
+      <ref url="http://www.securitytracker.com/id/1029610" source="SECTRACK">1029610</ref>
+      <ref url="http://www.securityfocus.com/bid/64913" source="BID">64913</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2878" source="DEBIAN">DSA-2878</ref>
+      <ref url="http://secunia.com/advisories/56490" source="SECUNIA">56490</ref>
+      <ref url="http://osvdb.org/102058" source="OSVDB">102058</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="vm_virtualbox">
+        <vers num="3.2.0"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.16"/>
+        <vers prev="1" num="3.2.18"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.8"/>
+        <vers num="4.0"/>
+        <vers num="4.0.0"/>
+        <vers num="4.0.10"/>
+        <vers num="4.0.12"/>
+        <vers num="4.0.14"/>
+        <vers num="4.0.16"/>
+        <vers num="4.0.18"/>
+        <vers num="4.0.2"/>
+        <vers prev="1" num="4.0.20"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.6"/>
+        <vers num="4.0.8"/>
+        <vers num="4.1.0"/>
+        <vers num="4.1.10"/>
+        <vers num="4.1.12"/>
+        <vers num="4.1.14"/>
+        <vers num="4.1.16"/>
+        <vers num="4.1.18"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.20"/>
+        <vers num="4.1.22"/>
+        <vers num="4.1.24"/>
+        <vers num="4.1.26"/>
+        <vers prev="1" num="4.1.28"/>
+        <vers num="4.1.4"/>
+        <vers num="4.1.6"/>
+        <vers num="4.1.8"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.10"/>
+        <vers num="4.2.12"/>
+        <vers num="4.2.14"/>
+        <vers num="4.2.16"/>
+        <vers prev="1" num="4.2.18"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.4"/>
+        <vers num="4.2.6"/>
+        <vers num="4.2.8"/>
+        <vers num="4.3.0"/>
+        <vers prev="1" num="4.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0408" published="2014-01-15" name="CVE-2014-0408" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.ubuntu.com/usn/USN-2089-1" source="UBUNTU">USN-2089-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64910" source="BID">64910</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://osvdb.org/101999" source="OSVDB">101999</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" source="SUSE">openSUSE-SU-2014:0180</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" source="SUSE">openSUSE-SU-2014:0177</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" source="SUSE">openSUSE-SU-2014:0174</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0410" published="2014-01-15" name="CVE-2014-0410" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64915" source="BID">64915</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://osvdb.org/102024" source="OSVDB">102024</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0411" published="2014-01-15" name="CVE-2014-0411" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="4.9" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1053010" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1053010</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90357" source="XF">oracle-cpujan2014-cve20140411(90357)</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2124-1" source="UBUNTU">USN-2124-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2089-1" source="UBUNTU">USN-2089-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64918" source="BID">64918</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56487" source="SECUNIA">56487</ref>
+      <ref url="http://secunia.com/advisories/56486" source="SECUNIA">56486</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://secunia.com/advisories/56432" source="SECUNIA">56432</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0136.html" source="REDHAT">RHSA-2014:0136</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0097.html" source="REDHAT">RHSA-2014:0097</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0027.html" source="REDHAT">RHSA-2014:0027</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0026.html" source="REDHAT">RHSA-2014:0026</ref>
+      <ref url="http://osvdb.org/102028" source="OSVDB">102028</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" source="SUSE">openSUSE-SU-2014:0180</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" source="SUSE">openSUSE-SU-2014:0177</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" source="SUSE">openSUSE-SU-2014:0174</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+      <ref url="http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d533e96c7acc" source="CONFIRM">http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d533e96c7acc</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jrockit">
+        <vers num="r27.7.7"/>
+        <vers num="r28.2.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0412" published="2014-01-15" name="CVE-2014-0412" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90378" source="XF">oracle-cpujan2014-cve20140412(90378)</ref>
+      <ref url="http://www.securityfocus.com/bid/64880" source="BID">64880</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2848" source="DEBIAN">DSA-2848</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2845" source="DEBIAN">DSA-2845</ref>
+      <ref url="http://ubuntu.com/usn/usn-2086-1" source="UBUNTU">USN-2086-1</ref>
+      <ref url="http://secunia.com/advisories/56580" source="SECUNIA">56580</ref>
+      <ref url="http://secunia.com/advisories/56541" source="SECUNIA">56541</ref>
+      <ref url="http://secunia.com/advisories/56491" source="SECUNIA">56491</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0189.html" source="REDHAT">RHSA-2014:0189</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0186.html" source="REDHAT">RHSA-2014:0186</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0173.html" source="REDHAT">RHSA-2014:0173</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0164.html" source="REDHAT">RHSA-2014:0164</ref>
+      <ref url="http://osvdb.org/102067" source="OSVDB">102067</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.1"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.10"/>
+        <vers num="5.1.11"/>
+        <vers num="5.1.12"/>
+        <vers num="5.1.13"/>
+        <vers num="5.1.14"/>
+        <vers num="5.1.15"/>
+        <vers num="5.1.16"/>
+        <vers num="5.1.17"/>
+        <vers num="5.1.18"/>
+        <vers num="5.1.19"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.20"/>
+        <vers num="5.1.21"/>
+        <vers num="5.1.22"/>
+        <vers num="5.1.23" edition="a"/>
+        <vers num="5.1.23_bk"/>
+        <vers num="5.1.23a"/>
+        <vers num="5.1.24"/>
+        <vers num="5.1.25"/>
+        <vers num="5.1.26"/>
+        <vers num="5.1.27"/>
+        <vers num="5.1.28"/>
+        <vers num="5.1.29"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.30"/>
+        <vers num="5.1.31" edition="sp1"/>
+        <vers num="5.1.32"/>
+        <vers num="5.1.32-bzr"/>
+        <vers num="5.1.33"/>
+        <vers num="5.1.34" edition="sp1"/>
+        <vers num="5.1.35"/>
+        <vers num="5.1.36"/>
+        <vers num="5.1.37" edition="sp1"/>
+        <vers num="5.1.38"/>
+        <vers num="5.1.39"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.40" edition="sp1"/>
+        <vers num="5.1.41"/>
+        <vers num="5.1.42"/>
+        <vers num="5.1.43" edition="sp1"/>
+        <vers num="5.1.44"/>
+        <vers num="5.1.45"/>
+        <vers num="5.1.46" edition="sp1"/>
+        <vers num="5.1.47"/>
+        <vers num="5.1.48"/>
+        <vers num="5.1.49" edition="sp1"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.50"/>
+        <vers num="5.1.5a"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+        <vers num="5.1.8"/>
+        <vers num="5.1.9"/>
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.1.51"/>
+        <vers num="5.1.52" edition="sp1"/>
+        <vers num="5.1.53"/>
+        <vers num="5.1.54"/>
+        <vers num="5.1.55"/>
+        <vers num="5.1.56"/>
+        <vers num="5.1.57"/>
+        <vers num="5.1.58"/>
+        <vers num="5.1.59"/>
+        <vers num="5.1.60"/>
+        <vers num="5.1.61"/>
+        <vers num="5.1.62"/>
+        <vers num="5.1.63"/>
+        <vers num="5.1.64"/>
+        <vers num="5.1.65"/>
+        <vers num="5.1.66"/>
+        <vers num="5.1.67"/>
+        <vers num="5.1.68"/>
+        <vers num="5.1.69"/>
+        <vers num="5.1.70"/>
+        <vers num="5.1.71"/>
+        <vers prev="1" num="5.1.72"/>
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers num="5.5.33"/>
+        <vers prev="1" num="5.5.34"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers prev="1" num="5.6.14"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0413" published="2014-04-15" name="CVE-2014-0413" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0426.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="10.1.3.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0414" published="2014-04-15" name="CVE-2014-0414" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via vectors related to HTTP Request Handling.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="10.1.3.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0415" published="2014-01-15" name="CVE-2014-0415" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0418, and CVE-2014-0424.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64899" source="BID">64899</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://osvdb.org/102025" source="OSVDB">102025</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0416" published="2014-01-15" name="CVE-2014-0416" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1051912" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1051912</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90349" source="XF">oracle-cpujan2014-cve20140416(90349)</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2124-1" source="UBUNTU">USN-2124-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2089-1" source="UBUNTU">USN-2089-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64937" source="BID">64937</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56486" source="SECUNIA">56486</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://secunia.com/advisories/56432" source="SECUNIA">56432</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0136.html" source="REDHAT">RHSA-2014:0136</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0097.html" source="REDHAT">RHSA-2014:0097</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0027.html" source="REDHAT">RHSA-2014:0027</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0026.html" source="REDHAT">RHSA-2014:0026</ref>
+      <ref url="http://osvdb.org/102017" source="OSVDB">102017</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" source="SUSE">openSUSE-SU-2014:0180</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" source="SUSE">openSUSE-SU-2014:0177</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" source="SUSE">openSUSE-SU-2014:0174</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+      <ref url="http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/abe1cb2d27cb" source="MISC">http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/abe1cb2d27cb</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0417" published="2014-01-15" name="CVE-2014-0417" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64932" source="BID">64932</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56486" source="SECUNIA">56486</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://secunia.com/advisories/56484" source="SECUNIA">56484</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0136.html" source="REDHAT">RHSA-2014:0136</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://osvdb.org/102001" source="OSVDB">102001</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="javafx">
+        <vers num="2.2.45"/>
+      </prod>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0418" published="2014-01-15" name="CVE-2014-0418" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:P)" CVSS_score="5.1" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="4.9" CVSS_base_score="5.1">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0424.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90344" source="XF">oracle-cpujan2014-cve20140418(90344)</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64917" source="BID">64917</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://osvdb.org/102012" source="OSVDB">102012</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0419" published="2014-01-15" name="CVE-2014-0419" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:P)" CVSS_score="5.1" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="4.9" CVSS_base_score="5.1">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization SGD before 4.63 with December 2013 PSU, 4.71, 5.0 with December 2013 PSU, and 5.10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console and Workspace Web Applications.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90367" source="XF">oracle-cpujan2014-cve20140419(90367)</ref>
+      <ref url="http://www.securitytracker.com/id/1029610" source="SECTRACK">1029610</ref>
+      <ref url="http://www.securityfocus.com/bid/64902" source="BID">64902</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://osvdb.org/102110" source="OSVDB">102110</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="virtualization_secure_global_desktop">
+        <vers num="4.63"/>
+        <vers num="4.71"/>
+        <vers num="5.0"/>
+        <vers num="5.10"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0420" published="2014-01-15" name="CVE-2014-0420" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:M/C:N/I:N/A:P)" CVSS_score="2.8" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="5.5" CVSS_base_score="2.8">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90388" source="XF">oracle-cpujan2014-cve20140420(90388)</ref>
+      <ref url="http://www.securityfocus.com/bid/64888" source="BID">64888</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2848" source="DEBIAN">DSA-2848</ref>
+      <ref url="http://ubuntu.com/usn/usn-2086-1" source="UBUNTU">USN-2086-1</ref>
+      <ref url="http://secunia.com/advisories/56580" source="SECUNIA">56580</ref>
+      <ref url="http://secunia.com/advisories/56491" source="SECUNIA">56491</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0189.html" source="REDHAT">RHSA-2014:0189</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0186.html" source="REDHAT">RHSA-2014:0186</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0173.html" source="REDHAT">RHSA-2014:0173</ref>
+      <ref url="http://osvdb.org/102077" source="OSVDB">102077</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers num="5.5.33"/>
+        <vers prev="1" num="5.5.34"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers prev="1" num="5.6.14"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0421" published="2014-04-15" name="CVE-2014-0421" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sun" name="sunos">
+        <vers num="5.10" edition="-:sparc"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0422" published="2014-01-15" name="CVE-2014-0422" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1051528" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1051528</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2124-1" source="UBUNTU">USN-2124-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2089-1" source="UBUNTU">USN-2089-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64921" source="BID">64921</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56486" source="SECUNIA">56486</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://secunia.com/advisories/56432" source="SECUNIA">56432</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0136.html" source="REDHAT">RHSA-2014:0136</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0097.html" source="REDHAT">RHSA-2014:0097</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0027.html" source="REDHAT">RHSA-2014:0027</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0026.html" source="REDHAT">RHSA-2014:0026</ref>
+      <ref url="http://osvdb.org/101997" source="OSVDB">101997</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" source="SUSE">openSUSE-SU-2014:0180</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" source="SUSE">openSUSE-SU-2014:0177</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" source="SUSE">openSUSE-SU-2014:0174</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0423" published="2014-01-15" name="CVE-2014-0423" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:P)" CVSS_score="5.5" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.0" CVSS_base_score="5.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+
+"Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1053066" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1053066</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90340" source="XF">oracle-cpujan2014-cve20140423(90340)</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2124-1" source="UBUNTU">USN-2124-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2089-1" source="UBUNTU">USN-2089-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64914" source="BID">64914</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56487" source="SECUNIA">56487</ref>
+      <ref url="http://secunia.com/advisories/56486" source="SECUNIA">56486</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://secunia.com/advisories/56432" source="SECUNIA">56432</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0136.html" source="REDHAT">RHSA-2014:0136</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0097.html" source="REDHAT">RHSA-2014:0097</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0027.html" source="REDHAT">RHSA-2014:0027</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0026.html" source="REDHAT">RHSA-2014:0026</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" source="SUSE">openSUSE-SU-2014:0180</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" source="SUSE">openSUSE-SU-2014:0177</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" source="SUSE">openSUSE-SU-2014:0174</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+      <ref url="http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5" source="CONFIRM">http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jrockit">
+        <vers num="r27.7.7"/>
+        <vers num="r28.2.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0424" published="2014-01-15" name="CVE-2014-0424" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, and CVE-2014-0418.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64919" source="BID">64919</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://osvdb.org/102004" source="OSVDB">102004</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0425" published="2014-01-15" name="CVE-2014-0425" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64889" source="BID">64889</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56479" source="SECUNIA">56479</ref>
+      <ref url="http://osvdb.org/102044" source="OSVDB">102044</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0426" published="2014-04-15" name="CVE-2014-0426" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via vectors related to HTTP Request Handling, a different vulnerability than CVE-2014-0413.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="10.1.3.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0427" published="2014-01-15" name="CVE-2014-0427" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:N/A:P)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90383" source="XF">oracle-cpujan2014-cve20140427(90383)</ref>
+      <ref url="http://www.securityfocus.com/bid/64868" source="BID">64868</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56491" source="SECUNIA">56491</ref>
+      <ref url="http://osvdb.org/102072" source="OSVDB">102072</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers prev="1" num="5.6.13"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0428" published="2014-01-15" name="CVE-2014-0428" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.  NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1051519" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1051519</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2124-1" source="UBUNTU">USN-2124-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2089-1" source="UBUNTU">USN-2089-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029608" source="SECTRACK">1029608</ref>
+      <ref url="http://www.securityfocus.com/bid/64935" source="BID">64935</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56535" source="SECUNIA">56535</ref>
+      <ref url="http://secunia.com/advisories/56486" source="SECUNIA">56486</ref>
+      <ref url="http://secunia.com/advisories/56485" source="SECUNIA">56485</ref>
+      <ref url="http://secunia.com/advisories/56432" source="SECUNIA">56432</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0136.html" source="REDHAT">RHSA-2014:0136</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0135.html" source="REDHAT">RHSA-2014:0135</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0134.html" source="REDHAT">RHSA-2014:0134</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0097.html" source="REDHAT">RHSA-2014:0097</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0030.html" source="REDHAT">RHSA-2014:0030</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0027.html" source="REDHAT">RHSA-2014:0027</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0026.html" source="REDHAT">RHSA-2014:0026</ref>
+      <ref url="http://osvdb.org/101996" source="OSVDB">101996</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">SSRT101455</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402749111889&amp;w=2" source="HP">HPSBUX02973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">HPSBUX02972</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=139402697611681&amp;w=2" source="HP">SSRT101454</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" source="SUSE">openSUSE-SU-2014:0180</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" source="SUSE">openSUSE-SU-2014:0177</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" source="SUSE">openSUSE-SU-2014:0174</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" source="SUSE">SUSE-SU-2014:0451</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" source="SUSE">SUSE-SU-2014:0266</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" source="SUSE">SUSE-SU-2014:0246</ref>
+      <ref url="http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698" source="MISC">http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_55"/>
+        <vers num="1.6.0" edition="update_65"/>
+        <vers num="1.7.0" edition="update_45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0429" published="2014-04-15" name="CVE-2014-0429" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+"Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jrockit">
+        <vers num="r27.8.1"/>
+        <vers num="r28.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0430" published="2014-01-15" name="CVE-2014-0430" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:M/C:N/I:N/A:P)" CVSS_score="2.8" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="5.5" CVSS_base_score="2.8">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90387" source="XF">oracle-cpujan2014-cve20140430(90387)</ref>
+      <ref url="http://www.securityfocus.com/bid/64893" source="BID">64893</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56491" source="SECUNIA">56491</ref>
+      <ref url="http://osvdb.org/102076" source="OSVDB">102076</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers prev="1" num="5.6.13"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0431" published="2014-01-15" name="CVE-2014-0431" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:N/A:P)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90384" source="XF">oracle-cpujan2014-cve20140431(90384)</ref>
+      <ref url="http://www.securityfocus.com/bid/64897" source="BID">64897</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56491" source="SECUNIA">56491</ref>
+      <ref url="http://osvdb.org/102073" source="OSVDB">102073</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers prev="1" num="5.6.14"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0432" published="2014-04-15" name="CVE-2014-0432" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0433" published="2014-01-15" name="CVE-2014-0433" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90375" source="XF">oracle-cpujan2014-cve20140433(90375)</ref>
+      <ref url="http://www.securityfocus.com/bid/64895" source="BID">64895</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56491" source="SECUNIA">56491</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers prev="1" num="5.6.13"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0434" published="2014-01-15" name="CVE-2014-0434" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0, 6.1, and 6.1.1 allows remote attackers to affect integrity via unknown vectors related to Installation.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029620" source="SECTRACK">1029620</ref>
+      <ref url="http://www.securityfocus.com/bid/64851" source="BID">64851</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56472" source="SECUNIA">56472</ref>
+      <ref url="http://osvdb.org/102084" source="OSVDB">102084</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="6.0.0"/>
+        <vers num="6.1.0"/>
+        <vers num="6.1.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0435" published="2014-01-15" name="CVE-2014-0435" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, and 6.3.2 allows remote authenticated users to affect availability via unknown vectors related to Data, Domain &amp; Function Security.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029620" source="SECTRACK">1029620</ref>
+      <ref url="http://www.securityfocus.com/bid/64869" source="BID">64869</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://osvdb.org/102086" source="OSVDB">102086</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="6.1.0"/>
+        <vers num="6.2.0"/>
+        <vers num="6.3.0"/>
+        <vers num="6.3.1"/>
+        <vers num="6.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0437" published="2014-01-15" name="CVE-2014-0437" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:N/A:P)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90385" source="XF">oracle-cpujan2014-cve20140437(90385)</ref>
+      <ref url="http://www.securityfocus.com/bid/64849" source="BID">64849</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2848" source="DEBIAN">DSA-2848</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2845" source="DEBIAN">DSA-2845</ref>
+      <ref url="http://ubuntu.com/usn/usn-2086-1" source="UBUNTU">USN-2086-1</ref>
+      <ref url="http://secunia.com/advisories/56580" source="SECUNIA">56580</ref>
+      <ref url="http://secunia.com/advisories/56541" source="SECUNIA">56541</ref>
+      <ref url="http://secunia.com/advisories/56491" source="SECUNIA">56491</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0189.html" source="REDHAT">RHSA-2014:0189</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0186.html" source="REDHAT">RHSA-2014:0186</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0173.html" source="REDHAT">RHSA-2014:0173</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0164.html" source="REDHAT">RHSA-2014:0164</ref>
+      <ref url="http://osvdb.org/102074" source="OSVDB">102074</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.1"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.10"/>
+        <vers num="5.1.11"/>
+        <vers num="5.1.12"/>
+        <vers num="5.1.13"/>
+        <vers num="5.1.14"/>
+        <vers num="5.1.15"/>
+        <vers num="5.1.16"/>
+        <vers num="5.1.17"/>
+        <vers num="5.1.18"/>
+        <vers num="5.1.19"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.20"/>
+        <vers num="5.1.21"/>
+        <vers num="5.1.22"/>
+        <vers num="5.1.23" edition="a"/>
+        <vers num="5.1.23_bk"/>
+        <vers num="5.1.23a"/>
+        <vers num="5.1.24"/>
+        <vers num="5.1.25"/>
+        <vers num="5.1.26"/>
+        <vers num="5.1.27"/>
+        <vers num="5.1.28"/>
+        <vers num="5.1.29"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.30"/>
+        <vers num="5.1.31" edition="sp1"/>
+        <vers num="5.1.32"/>
+        <vers num="5.1.32-bzr"/>
+        <vers num="5.1.33"/>
+        <vers num="5.1.34" edition="sp1"/>
+        <vers num="5.1.35"/>
+        <vers num="5.1.36"/>
+        <vers num="5.1.37" edition="sp1"/>
+        <vers num="5.1.38"/>
+        <vers num="5.1.39"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.40" edition="sp1"/>
+        <vers num="5.1.41"/>
+        <vers num="5.1.42"/>
+        <vers num="5.1.43" edition="sp1"/>
+        <vers num="5.1.44"/>
+        <vers num="5.1.45"/>
+        <vers num="5.1.46" edition="sp1"/>
+        <vers num="5.1.47"/>
+        <vers num="5.1.48"/>
+        <vers num="5.1.49" edition="sp1"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.50"/>
+        <vers num="5.1.5a"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+        <vers num="5.1.8"/>
+        <vers num="5.1.9"/>
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.1.51"/>
+        <vers num="5.1.52" edition="sp1"/>
+        <vers num="5.1.53"/>
+        <vers num="5.1.54"/>
+        <vers num="5.1.55"/>
+        <vers num="5.1.56"/>
+        <vers num="5.1.57"/>
+        <vers num="5.1.58"/>
+        <vers num="5.1.59"/>
+        <vers num="5.1.60"/>
+        <vers num="5.1.61"/>
+        <vers num="5.1.62"/>
+        <vers num="5.1.63"/>
+        <vers num="5.1.64"/>
+        <vers num="5.1.65"/>
+        <vers num="5.1.66"/>
+        <vers num="5.1.67"/>
+        <vers num="5.1.68"/>
+        <vers num="5.1.69"/>
+        <vers num="5.1.70"/>
+        <vers num="5.1.71"/>
+        <vers prev="1" num="5.1.72"/>
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers num="5.5.33"/>
+        <vers prev="1" num="5.5.34"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers prev="1" num="5.6.14"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0438" published="2014-01-15" name="CVE-2014-0438" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Panel Processor.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64887" source="BID">64887</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56478" source="SECUNIA">56478</ref>
+      <ref url="http://osvdb.org/102043" source="OSVDB">102043</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0439" published="2014-01-15" name="CVE-2014-0439" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Report Distribution.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64884" source="BID">64884</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56478" source="SECUNIA">56478</ref>
+      <ref url="http://osvdb.org/102042" source="OSVDB">102042</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0440" published="2014-01-15" name="CVE-2014-0440" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect availability via vectors related to PIA Core Technology.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64881" source="BID">64881</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56478" source="SECUNIA">56478</ref>
+      <ref url="http://osvdb.org/102041" source="OSVDB">102041</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0441" published="2014-01-15" name="CVE-2014-0441" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect availability via unknown vectors related to Integration Broker.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64839" source="BID">64839</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56478" source="SECUNIA">56478</ref>
+      <ref url="http://osvdb.org/102047" source="OSVDB">102047</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0442" published="2014-04-15" name="CVE-2014-0442" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="sunos">
+        <vers num="5.11.1"/>
+      </prod>
+      <prod vendor="sun" name="sunos">
+        <vers num="5.10"/>
+        <vers num="5.11"/>
+        <vers num="5.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0443" published="2014-01-15" name="CVE-2014-0443" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity via unknown vectors related to Security.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64844" source="BID">64844</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56478" source="SECUNIA">56478</ref>
+      <ref url="http://osvdb.org/102032" source="OSVDB">102032</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0444" published="2014-01-15" name="CVE-2014-0444" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:N/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and CVE-2013-5871.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029620" source="SECTRACK">1029620</ref>
+      <ref url="http://www.securityfocus.com/bid/64883" source="BID">64883</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56473" source="SECUNIA">56473</ref>
+      <ref url="http://osvdb.org/102089" source="OSVDB">102089</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="20.1.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0445" published="2014-01-15" name="CVE-2014-0445" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0381.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029623" source="SECTRACK">1029623</ref>
+      <ref url="http://www.securityfocus.com/bid/64867" source="BID">64867</ref>
+      <ref url="http://www.securityfocus.com/bid/64758" source="BID">64758</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</ref>
+      <ref url="http://secunia.com/advisories/56478" source="SECUNIA">56478</ref>
+      <ref url="http://osvdb.org/102038" source="OSVDB">102038</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0446" published="2014-04-15" name="CVE-2014-0446" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0447" published="2014-04-15" name="CVE-2014-0447" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="4.9" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.9" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="sunos">
+        <vers num="5.11.1"/>
+      </prod>
+      <prod vendor="sun" name="sunos">
+        <vers num="5.10"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0448" published="2014-04-15" name="CVE-2014-0448" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:C/I:C/A:C)" CVSS_score="7.6" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="4.9" CVSS_base_score="7.6">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0449" published="2014-04-15" name="CVE-2014-0449" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0450" published="2014-04-15" name="CVE-2014-0450" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers to affect confidentiality via unknown vectors related to People Connection.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="11.1.1.7.0"/>
+        <vers num="11.1.1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0451" published="2014-04-15" name="CVE-2014-0451" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0452" published="2014-04-15" name="CVE-2014-0452" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0453" published="2014-04-15" name="CVE-2014-0453" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="4.9" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jrockit">
+        <vers num="r27.8.1"/>
+        <vers num="r28.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0454" published="2014-04-15" name="CVE-2014-0454" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0455" published="2014-04-15" name="CVE-2014-0455" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html 
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
+</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0456" published="2014-04-15" name="CVE-2014-0456" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0457" published="2014-04-15" name="CVE-2014-0457" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jrockit">
+        <vers num="r27.8.1"/>
+        <vers num="r28.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0458" published="2014-04-15" name="CVE-2014-0458" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423.</descript>
+      <descript source="nvd">per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+
+Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0459" published="2014-04-15" name="CVE-2014-0459" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0460" published="2014-04-15" name="CVE-2014-0460" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jrockit">
+        <vers num="r27.8.1"/>
+        <vers num="r28.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0461" published="2014-04-15" name="CVE-2014-0461" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0463" published="2014-04-15" name="CVE-2014-0463" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0464" published="2014-04-15" name="CVE-2014-0464" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html 
+
+"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0465" published="2014-04-15" name="CVE-2014-0465" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="8.0" edition="update2_patch5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0466" published="2014-04-03" name="CVE-2014-0466" modified="2014-04-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2892" source="DEBIAN">DSA-2892</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="gnu" name="a2ps">
+        <vers num="4.14"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0467" published="2014-03-14" name="CVE-2014-0467" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.ubuntu.com/usn/USN-2147-1" source="UBUNTU">USN-2147-1</ref>
+      <ref url="http://www.mutt.org/doc/devel/ChangeLog" source="CONFIRM">http://www.mutt.org/doc/devel/ChangeLog</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2874" source="DEBIAN">DSA-2874</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0304.html" source="REDHAT">RHSA-2014:0304</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00085.html" source="SUSE">openSUSE-SU-2014:0436</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00083.html" source="SUSE">openSUSE-SU-2014:0434</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html" source="SUSE">SUSE-SU-2014:0471</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mutt" name="mutt">
+        <vers num="1.5"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.10"/>
+        <vers num="1.5.11"/>
+        <vers num="1.5.12"/>
+        <vers num="1.5.13"/>
+        <vers num="1.5.14"/>
+        <vers num="1.5.15"/>
+        <vers num="1.5.16"/>
+        <vers num="1.5.17"/>
+        <vers num="1.5.18"/>
+        <vers num="1.5.19"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.20"/>
+        <vers num="1.5.21"/>
+        <vers prev="1" num="1.5.22"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="1.5.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0470" published="2014-04-30" name="CVE-2014-0470" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
+    <desc>
+      <descript source="cve">super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+      <sec_prot admin="1"/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/28/6" source="MLIST">[oss-security] 20140428 super unchecked setuid (CVE-2014-0470)</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2917" source="DEBIAN">DSA-2917</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="super_project" name="super">
+        <vers num="3.30.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0471" published="2014-04-30" name="CVE-2014-0471" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.ubuntu.com/usn/USN-2183-1" source="UBUNTU" adv="1">USN-2183-1</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2915" source="DEBIAN" adv="1">DSA-2915</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="debian" name="dpkg">
+        <vers num="1.10"/>
+        <vers num="1.10.1"/>
+        <vers num="1.10.11"/>
+        <vers num="1.10.12"/>
+        <vers num="1.10.13"/>
+        <vers num="1.10.14"/>
+        <vers num="1.10.15"/>
+        <vers num="1.10.16"/>
+        <vers num="1.10.17"/>
+        <vers num="1.10.18"/>
+        <vers num="1.10.18.1"/>
+        <vers num="1.10.19"/>
+        <vers num="1.10.2"/>
+        <vers num="1.10.20"/>
+        <vers num="1.10.21"/>
+        <vers num="1.10.22"/>
+        <vers num="1.10.23"/>
+        <vers num="1.10.24"/>
+        <vers num="1.10.25"/>
+        <vers num="1.10.26"/>
+        <vers num="1.10.27"/>
+        <vers num="1.10.28"/>
+        <vers num="1.10.3"/>
+        <vers num="1.10.4"/>
+        <vers num="1.10.5"/>
+        <vers num="1.10.6"/>
+        <vers num="1.10.7"/>
+        <vers num="1.10.8"/>
+        <vers num="1.10.9"/>
+        <vers num="1.13.0"/>
+        <vers num="1.13.1"/>
+        <vers num="1.13.10"/>
+        <vers num="1.13.11"/>
+        <vers num="1.13.11.1"/>
+        <vers num="1.13.12"/>
+        <vers num="1.13.13"/>
+        <vers num="1.13.14"/>
+        <vers num="1.13.15"/>
+        <vers num="1.13.16"/>
+        <vers num="1.13.17"/>
+        <vers num="1.13.18"/>
+        <vers num="1.13.19"/>
+        <vers num="1.13.2"/>
+        <vers num="1.13.20"/>
+        <vers num="1.13.21"/>
+        <vers num="1.13.22"/>
+        <vers num="1.13.23"/>
+        <vers num="1.13.24"/>
+        <vers num="1.13.25"/>
+        <vers num="1.13.3"/>
+        <vers num="1.13.4"/>
+        <vers num="1.13.5"/>
+        <vers num="1.13.6"/>
+        <vers num="1.13.7"/>
+        <vers num="1.13.8"/>
+        <vers num="1.13.9"/>
+        <vers num="1.14.0"/>
+        <vers num="1.14.1"/>
+        <vers num="1.14.10"/>
+        <vers num="1.14.11"/>
+        <vers num="1.14.12"/>
+        <vers num="1.14.13"/>
+        <vers num="1.14.14"/>
+        <vers num="1.14.15"/>
+        <vers num="1.14.16"/>
+        <vers num="1.14.16.1"/>
+        <vers num="1.14.16.2"/>
+        <vers num="1.14.16.3"/>
+        <vers num="1.14.16.4"/>
+        <vers num="1.14.16.5"/>
+        <vers num="1.14.16.6"/>
+        <vers num="1.14.17"/>
+        <vers num="1.14.18"/>
+        <vers num="1.14.19"/>
+        <vers num="1.14.2"/>
+        <vers num="1.14.20"/>
+        <vers num="1.14.21"/>
+        <vers num="1.14.22"/>
+        <vers num="1.14.23"/>
+        <vers num="1.14.24"/>
+        <vers num="1.14.25"/>
+        <vers num="1.14.26"/>
+        <vers num="1.14.27"/>
+        <vers num="1.14.28"/>
+        <vers num="1.14.29"/>
+        <vers num="1.14.3"/>
+        <vers num="1.14.30"/>
+        <vers num="1.14.4"/>
+        <vers num="1.14.5"/>
+        <vers num="1.14.6"/>
+        <vers num="1.14.7"/>
+        <vers num="1.14.8"/>
+        <vers num="1.14.9"/>
+        <vers num="1.15.0"/>
+        <vers num="1.15.1"/>
+        <vers num="1.15.2"/>
+        <vers num="1.15.3"/>
+        <vers num="1.15.3.1"/>
+        <vers num="1.15.4"/>
+        <vers num="1.15.4.1"/>
+        <vers num="1.15.5"/>
+        <vers num="1.15.5.1"/>
+        <vers num="1.15.5.2"/>
+        <vers num="1.15.5.3"/>
+        <vers num="1.15.5.4"/>
+        <vers num="1.15.5.5"/>
+        <vers num="1.15.5.6"/>
+        <vers num="1.15.6"/>
+        <vers num="1.15.6.1"/>
+        <vers num="1.15.7"/>
+        <vers num="1.15.7.1"/>
+        <vers num="1.15.7.2"/>
+        <vers num="1.15.8"/>
+        <vers num="1.15.8.1"/>
+        <vers num="1.15.8.2"/>
+        <vers num="1.15.8.3"/>
+        <vers num="1.15.8.4"/>
+        <vers num="1.15.8.5"/>
+        <vers num="1.15.8.6"/>
+        <vers num="1.15.8.7"/>
+        <vers prev="1" num="1.15.8.8"/>
+        <vers num="1.15.8.9"/>
+        <vers num="1.16.0"/>
+        <vers num="1.16.0.1"/>
+        <vers num="1.16.0.2"/>
+        <vers num="1.16.0.3"/>
+        <vers num="1.16.1"/>
+        <vers num="1.16.1.1"/>
+        <vers num="1.16.1.2"/>
+        <vers num="1.16.10"/>
+        <vers num="1.16.11"/>
+        <vers num="1.16.12"/>
+        <vers num="1.16.2"/>
+        <vers num="1.16.3"/>
+        <vers num="1.16.4"/>
+        <vers num="1.16.4.1"/>
+        <vers num="1.16.4.2"/>
+        <vers num="1.16.4.3"/>
+        <vers num="1.16.5"/>
+        <vers num="1.16.6"/>
+        <vers num="1.16.7"/>
+        <vers num="1.16.8"/>
+        <vers num="1.16.9"/>
+        <vers num="1.17.0"/>
+        <vers num="1.17.1"/>
+        <vers num="1.17.2"/>
+        <vers num="1.17.3"/>
+        <vers num="1.17.4"/>
+        <vers num="1.17.5"/>
+        <vers num="1.17.6"/>
+        <vers num="1.17.7"/>
+        <vers num="1.9.1"/>
+        <vers num="1.9.10"/>
+        <vers num="1.9.11"/>
+        <vers num="1.9.12"/>
+        <vers num="1.9.13"/>
+        <vers num="1.9.14"/>
+        <vers num="1.9.15"/>
+        <vers num="1.9.16"/>
+        <vers num="1.9.17"/>
+        <vers num="1.9.18"/>
+        <vers num="1.9.19"/>
+        <vers num="1.9.2"/>
+        <vers num="1.9.20"/>
+        <vers num="1.9.21"/>
+        <vers num="1.9.3"/>
+        <vers num="1.9.7"/>
+        <vers num="1.9.8"/>
+        <vers num="1.9.9"/>
+      </prod>
+      <prod vendor="canonical" name="ubuntu_linux">
+        <vers num="10.04" edition="-:lts"/>
+        <vers num="12.04" edition="-:lts"/>
+        <vers num="12.10"/>
+        <vers num="13.10"/>
+        <vers num="14.04" edition=":lts"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0472" published="2014-04-23" name="CVE-2014-0472" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:P)" CVSS_score="5.1" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="4.9" CVSS_base_score="5.1">
+    <desc>
+      <descript source="cve">The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.djangoproject.com/weblog/2014/apr/21/security/" source="CONFIRM" adv="1">https://www.djangoproject.com/weblog/2014/apr/21/security/</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2169-1" source="UBUNTU">USN-2169-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="djangoproject" name="django">
+        <vers num="1.4"/>
+        <vers num="1.4.1"/>
+        <vers prev="1" num="1.4.10"/>
+        <vers num="1.4.2"/>
+        <vers num="1.4.3"/>
+        <vers num="1.4.4"/>
+        <vers num="1.4.5"/>
+        <vers num="1.4.6"/>
+        <vers num="1.4.7"/>
+        <vers num="1.4.8"/>
+        <vers num="1.4.9"/>
+        <vers num="1.5"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.6"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.2"/>
+        <vers num="1.7" edition="alpha1"/>
+        <vers num="1.7" edition="alpha2"/>
+        <vers num="1.7" edition="beta1"/>
+      </prod>
+      <prod vendor="canonical" name="ubuntu_linux">
+        <vers num="10.04" edition="-:lts"/>
+        <vers num="12.04" edition="-:lts"/>
+        <vers num="12.10"/>
+        <vers num="13.10"/>
+        <vers num="14.04" edition=":lts"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0473" published="2014-04-23" name="CVE-2014-0473" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.djangoproject.com/weblog/2014/apr/21/security/" source="CONFIRM" adv="1">https://www.djangoproject.com/weblog/2014/apr/21/security/</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2169-1" source="UBUNTU">USN-2169-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="djangoproject" name="django">
+        <vers num="1.4"/>
+        <vers num="1.4.1"/>
+        <vers prev="1" num="1.4.10"/>
+        <vers num="1.4.2"/>
+        <vers num="1.4.3"/>
+        <vers num="1.4.4"/>
+        <vers num="1.4.5"/>
+        <vers num="1.4.6"/>
+        <vers num="1.4.7"/>
+        <vers num="1.4.8"/>
+        <vers num="1.4.9"/>
+        <vers num="1.5"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.6"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.2"/>
+        <vers num="1.7" edition="alpha1"/>
+        <vers num="1.7" edition="alpha2"/>
+        <vers num="1.7" edition="beta1"/>
+      </prod>
+      <prod vendor="canonical" name="ubuntu_linux">
+        <vers num="10.04" edition="-:lts"/>
+        <vers num="12.04" edition="-:lts"/>
+        <vers num="12.10"/>
+        <vers num="13.10"/>
+        <vers num="14.04" edition=":lts"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0474" published="2014-04-23" name="CVE-2014-0474" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.djangoproject.com/weblog/2014/apr/21/security/" source="CONFIRM" adv="1">https://www.djangoproject.com/weblog/2014/apr/21/security/</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2169-1" source="UBUNTU">USN-2169-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="djangoproject" name="django">
+        <vers num="1.4"/>
+        <vers num="1.4.1"/>
+        <vers prev="1" num="1.4.10"/>
+        <vers num="1.4.2"/>
+        <vers num="1.4.3"/>
+        <vers num="1.4.4"/>
+        <vers num="1.4.5"/>
+        <vers num="1.4.6"/>
+        <vers num="1.4.7"/>
+        <vers num="1.4.8"/>
+        <vers num="1.4.9"/>
+        <vers num="1.5"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.6"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.2"/>
+        <vers num="1.7" edition="alpha1"/>
+        <vers num="1.7" edition="alpha2"/>
+        <vers num="1.7" edition="beta1"/>
+      </prod>
+      <prod vendor="canonical" name="ubuntu_linux">
+        <vers num="10.04" edition="-:lts"/>
+        <vers num="12.04" edition="-:lts"/>
+        <vers num="12.10"/>
+        <vers num="13.10"/>
+        <vers num="14.04" edition=":lts"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0491" published="2014-01-15" name="CVE-2014-0491" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK &amp; Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-02.html" source="CONFIRM" patch="1" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-02.html</ref>
+      <ref url="http://www.securitytracker.com/id/1029602" source="SECTRACK">1029602</ref>
+      <ref url="http://secunia.com/advisories/56636" source="SECUNIA">56636</ref>
+      <ref url="http://secunia.com/advisories/56516" source="SECUNIA">56516</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0028.html" source="REDHAT">RHSA-2014:0028</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00006.html" source="SUSE">openSUSE-SU-2014:0128</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="adobe_air">
+        <vers num="3.0.0.408"/>
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.485"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.1.0.4880"/>
+        <vers num="3.2.0.207"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3670"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.597"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1060"/>
+        <vers num="3.9.0.1210"/>
+        <vers prev="1" num="3.9.0.1380"/>
+      </prod>
+      <prod vendor="adobe" name="adobe_air_sdk">
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3650"/>
+        <vers num="3.3.0.3690"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.599"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1210"/>
+        <vers prev="1" num="3.9.0.1380"/>
+      </prod>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="11.0"/>
+        <vers num="11.0.1.152"/>
+        <vers num="11.0.1.153"/>
+        <vers num="11.1"/>
+        <vers num="11.1.102.55"/>
+        <vers num="11.1.102.59"/>
+        <vers num="11.1.102.62"/>
+        <vers num="11.1.102.63"/>
+        <vers num="11.1.111.44"/>
+        <vers num="11.1.111.50"/>
+        <vers num="11.1.111.54"/>
+        <vers num="11.1.111.8"/>
+        <vers num="11.1.115.34"/>
+        <vers num="11.1.115.48"/>
+        <vers num="11.1.115.54"/>
+        <vers num="11.1.115.58"/>
+        <vers num="11.1.115.7"/>
+        <vers num="11.2.202.223"/>
+        <vers num="11.2.202.228"/>
+        <vers num="11.2.202.233"/>
+        <vers num="11.2.202.235"/>
+        <vers num="11.2.202.236"/>
+        <vers num="11.2.202.238"/>
+        <vers num="11.2.202.243"/>
+        <vers num="11.2.202.251"/>
+        <vers num="11.2.202.258"/>
+        <vers num="11.2.202.261"/>
+        <vers num="11.2.202.262"/>
+        <vers num="11.2.202.270"/>
+        <vers num="11.2.202.273"/>
+        <vers num="11.2.202.275"/>
+        <vers num="11.2.202.280"/>
+        <vers num="11.2.202.285"/>
+        <vers num="11.2.202.291"/>
+        <vers num="11.2.202.297"/>
+        <vers num="11.2.202.310"/>
+        <vers num="11.2.202.327"/>
+        <vers prev="1" num="11.2.202.332"/>
+        <vers num="11.3.300.257"/>
+        <vers num="11.3.300.262"/>
+        <vers num="11.3.300.265"/>
+        <vers num="11.3.300.268"/>
+        <vers num="11.3.300.270"/>
+        <vers num="11.3.300.271"/>
+        <vers num="11.3.300.273"/>
+        <vers num="11.4.402.265"/>
+        <vers num="11.4.402.278"/>
+        <vers num="11.4.402.287"/>
+        <vers num="11.5.502.110"/>
+        <vers num="11.5.502.135"/>
+        <vers num="11.5.502.136"/>
+        <vers num="11.5.502.146"/>
+        <vers num="11.5.502.149"/>
+        <vers num="11.6.602.167"/>
+        <vers num="11.6.602.168"/>
+        <vers num="11.6.602.171"/>
+        <vers num="11.6.602.180"/>
+        <vers num="11.7.700.169"/>
+        <vers num="11.7.700.202"/>
+        <vers num="11.7.700.224"/>
+        <vers num="11.7.700.232"/>
+        <vers num="11.7.700.242"/>
+        <vers num="11.7.700.252"/>
+        <vers prev="1" num="11.7.700.257"/>
+        <vers num="11.8.800.168"/>
+        <vers num="11.8.800.94"/>
+        <vers num="11.8.800.97"/>
+        <vers num="11.9.900.117"/>
+        <vers num="11.9.900.152"/>
+        <vers prev="1" num="11.9.900.170"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0492" published="2014-01-15" name="CVE-2014-0492" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK &amp; Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-02.html" source="CONFIRM" patch="1" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-02.html</ref>
+      <ref url="http://www.securitytracker.com/id/1029602" source="SECTRACK">1029602</ref>
+      <ref url="http://secunia.com/advisories/56636" source="SECUNIA">56636</ref>
+      <ref url="http://secunia.com/advisories/56516" source="SECUNIA">56516</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0028.html" source="REDHAT">RHSA-2014:0028</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00006.html" source="SUSE">openSUSE-SU-2014:0128</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="adobe_air">
+        <vers num="3.0.0.408"/>
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.485"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.1.0.4880"/>
+        <vers num="3.2.0.207"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3670"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.597"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1060"/>
+        <vers num="3.9.0.1210"/>
+        <vers prev="1" num="3.9.0.1380"/>
+      </prod>
+      <prod vendor="adobe" name="adobe_air_sdk">
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3650"/>
+        <vers num="3.3.0.3690"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.599"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1210"/>
+        <vers prev="1" num="3.9.0.1380"/>
+      </prod>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="11.0"/>
+        <vers num="11.0.1.152"/>
+        <vers num="11.0.1.153"/>
+        <vers num="11.1"/>
+        <vers num="11.1.102.55"/>
+        <vers num="11.1.102.59"/>
+        <vers num="11.1.102.62"/>
+        <vers num="11.1.102.63"/>
+        <vers num="11.1.111.44"/>
+        <vers num="11.1.111.50"/>
+        <vers num="11.1.111.54"/>
+        <vers num="11.1.111.8"/>
+        <vers num="11.1.115.34"/>
+        <vers num="11.1.115.48"/>
+        <vers num="11.1.115.54"/>
+        <vers num="11.1.115.58"/>
+        <vers num="11.1.115.7"/>
+        <vers num="11.2.202.223"/>
+        <vers num="11.2.202.228"/>
+        <vers num="11.2.202.233"/>
+        <vers num="11.2.202.235"/>
+        <vers num="11.2.202.236"/>
+        <vers num="11.2.202.238"/>
+        <vers num="11.2.202.243"/>
+        <vers num="11.2.202.251"/>
+        <vers num="11.2.202.258"/>
+        <vers num="11.2.202.261"/>
+        <vers num="11.2.202.262"/>
+        <vers num="11.2.202.270"/>
+        <vers num="11.2.202.273"/>
+        <vers num="11.2.202.275"/>
+        <vers num="11.2.202.280"/>
+        <vers num="11.2.202.285"/>
+        <vers num="11.2.202.291"/>
+        <vers num="11.2.202.297"/>
+        <vers num="11.2.202.310"/>
+        <vers num="11.2.202.327"/>
+        <vers prev="1" num="11.2.202.332"/>
+        <vers num="11.3.300.257"/>
+        <vers num="11.3.300.262"/>
+        <vers num="11.3.300.265"/>
+        <vers num="11.3.300.268"/>
+        <vers num="11.3.300.270"/>
+        <vers num="11.3.300.271"/>
+        <vers num="11.3.300.273"/>
+        <vers num="11.4.402.265"/>
+        <vers num="11.4.402.278"/>
+        <vers num="11.4.402.287"/>
+        <vers num="11.5.502.110"/>
+        <vers num="11.5.502.135"/>
+        <vers num="11.5.502.136"/>
+        <vers num="11.5.502.146"/>
+        <vers num="11.5.502.149"/>
+        <vers num="11.6.602.167"/>
+        <vers num="11.6.602.168"/>
+        <vers num="11.6.602.171"/>
+        <vers num="11.6.602.180"/>
+        <vers num="11.7.700.169"/>
+        <vers num="11.7.700.202"/>
+        <vers num="11.7.700.224"/>
+        <vers num="11.7.700.232"/>
+        <vers num="11.7.700.242"/>
+        <vers num="11.7.700.252"/>
+        <vers prev="1" num="11.7.700.257"/>
+        <vers num="11.8.800.168"/>
+        <vers num="11.8.800.94"/>
+        <vers num="11.8.800.97"/>
+        <vers num="11.9.900.117"/>
+        <vers num="11.9.900.152"/>
+        <vers prev="1" num="11.9.900.170"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0493" published="2014-01-15" name="CVE-2014-0493" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0495.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029604" source="SECTRACK">1029604</ref>
+      <ref url="http://helpx.adobe.com/security/products/acrobat/apsb14-01.html" source="CONFIRM" adv="1">http://helpx.adobe.com/security/products/acrobat/apsb14-01.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="acrobat">
+        <vers num="10.1"/>
+        <vers num="10.1.1"/>
+        <vers num="10.1.2"/>
+        <vers num="10.1.3"/>
+        <vers num="10.1.4"/>
+        <vers num="10.1.5"/>
+        <vers num="10.1.6"/>
+        <vers num="10.1.7"/>
+        <vers prev="1" num="10.1.8"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="11.0.2"/>
+        <vers num="11.0.3"/>
+        <vers num="11.0.4"/>
+        <vers prev="1" num="11.0.5"/>
+      </prod>
+      <prod vendor="adobe" name="acrobat_reader">
+        <vers num="10.1"/>
+        <vers num="10.1.1"/>
+        <vers num="10.1.2"/>
+        <vers num="10.1.3"/>
+        <vers num="10.1.4"/>
+        <vers num="10.1.5"/>
+        <vers num="10.1.6"/>
+        <vers num="10.1.7"/>
+        <vers prev="1" num="10.1.8"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="11.0.2"/>
+        <vers num="11.0.3"/>
+        <vers num="11.0.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0494" published="2014-01-23" name="CVE-2014-0494" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90648" source="XF">adobe-digital-cve20140494-code-exec(90648)</ref>
+      <ref url="http://www.securitytracker.com/id/1029680" source="SECTRACK">1029680</ref>
+      <ref url="http://www.securityfocus.com/bid/65091" source="BID">65091</ref>
+      <ref url="http://secunia.com/advisories/56578" source="SECUNIA">56578</ref>
+      <ref url="http://osvdb.org/102364" source="OSVDB">102364</ref>
+      <ref url="http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html" source="CONFIRM" adv="1">http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="digital_editions">
+        <vers num="2.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0495" published="2014-01-15" name="CVE-2014-0495" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0493.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029604" source="SECTRACK">1029604</ref>
+      <ref url="http://helpx.adobe.com/security/products/acrobat/apsb14-01.html" source="CONFIRM" adv="1">http://helpx.adobe.com/security/products/acrobat/apsb14-01.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="acrobat">
+        <vers num="10.1"/>
+        <vers num="10.1.1"/>
+        <vers num="10.1.2"/>
+        <vers num="10.1.3"/>
+        <vers num="10.1.4"/>
+        <vers num="10.1.5"/>
+        <vers num="10.1.6"/>
+        <vers num="10.1.7"/>
+        <vers prev="1" num="10.1.8"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="11.0.2"/>
+        <vers num="11.0.3"/>
+        <vers num="11.0.4"/>
+        <vers prev="1" num="11.0.5"/>
+      </prod>
+      <prod vendor="adobe" name="acrobat_reader">
+        <vers num="10.1"/>
+        <vers num="10.1.1"/>
+        <vers num="10.1.2"/>
+        <vers num="10.1.3"/>
+        <vers num="10.1.4"/>
+        <vers num="10.1.5"/>
+        <vers num="10.1.6"/>
+        <vers num="10.1.7"/>
+        <vers prev="1" num="10.1.8"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="11.0.2"/>
+        <vers num="11.0.3"/>
+        <vers num="11.0.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0496" published="2014-01-15" name="CVE-2014-0496" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029604" source="SECTRACK">1029604</ref>
+      <ref url="http://helpx.adobe.com/security/products/acrobat/apsb14-01.html" source="CONFIRM" adv="1">http://helpx.adobe.com/security/products/acrobat/apsb14-01.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="acrobat">
+        <vers num="10.1"/>
+        <vers num="10.1.1"/>
+        <vers num="10.1.2"/>
+        <vers num="10.1.3"/>
+        <vers num="10.1.4"/>
+        <vers num="10.1.5"/>
+        <vers num="10.1.6"/>
+        <vers num="10.1.7"/>
+        <vers prev="1" num="10.1.8"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="11.0.2"/>
+        <vers num="11.0.3"/>
+        <vers num="11.0.4"/>
+        <vers prev="1" num="11.0.5"/>
+      </prod>
+      <prod vendor="adobe" name="acrobat_reader">
+        <vers num="10.1"/>
+        <vers num="10.1.1"/>
+        <vers num="10.1.2"/>
+        <vers num="10.1.3"/>
+        <vers num="10.1.4"/>
+        <vers num="10.1.5"/>
+        <vers num="10.1.6"/>
+        <vers num="10.1.7"/>
+        <vers prev="1" num="10.1.8"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="11.0.2"/>
+        <vers num="11.0.3"/>
+        <vers num="11.0.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0497" published="2014-02-05" name="CVE-2014-0497" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-04.html" source="CONFIRM" patch="1" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-04.html</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0137.html" source="REDHAT">RHSA-2014:0137</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00006.html" source="SUSE">SUSE-SU-2014:0221</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00001.html" source="SUSE">openSUSE-SU-2014:0203</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00000.html" source="SUSE">openSUSE-SU-2014:0197</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="11.0"/>
+        <vers num="11.0.1.152"/>
+        <vers num="11.0.1.153"/>
+        <vers num="11.1"/>
+        <vers num="11.1.102.55"/>
+        <vers num="11.1.102.59"/>
+        <vers num="11.1.102.62"/>
+        <vers num="11.1.102.63"/>
+        <vers num="11.1.111.44"/>
+        <vers num="11.1.111.50"/>
+        <vers num="11.1.111.54"/>
+        <vers num="11.1.111.8"/>
+        <vers num="11.1.115.34"/>
+        <vers num="11.1.115.48"/>
+        <vers num="11.1.115.54"/>
+        <vers num="11.1.115.58"/>
+        <vers num="11.1.115.7"/>
+        <vers num="11.2.202.223"/>
+        <vers num="11.2.202.228"/>
+        <vers num="11.2.202.233"/>
+        <vers num="11.2.202.235"/>
+        <vers num="11.2.202.236"/>
+        <vers num="11.2.202.238"/>
+        <vers num="11.2.202.243"/>
+        <vers num="11.2.202.251"/>
+        <vers num="11.2.202.258"/>
+        <vers num="11.2.202.261"/>
+        <vers num="11.2.202.262"/>
+        <vers num="11.2.202.270"/>
+        <vers num="11.2.202.273"/>
+        <vers num="11.2.202.275"/>
+        <vers num="11.2.202.280"/>
+        <vers num="11.2.202.285"/>
+        <vers num="11.2.202.291"/>
+        <vers num="11.2.202.297"/>
+        <vers num="11.2.202.310"/>
+        <vers num="11.2.202.327"/>
+        <vers num="11.2.202.332"/>
+        <vers prev="1" num="11.2.202.335"/>
+        <vers num="11.3.300.257"/>
+        <vers num="11.3.300.262"/>
+        <vers num="11.3.300.265"/>
+        <vers num="11.3.300.268"/>
+        <vers num="11.3.300.270"/>
+        <vers num="11.3.300.271"/>
+        <vers num="11.3.300.273"/>
+        <vers num="11.4.402.265"/>
+        <vers num="11.4.402.278"/>
+        <vers num="11.4.402.287"/>
+        <vers num="11.5.502.110"/>
+        <vers num="11.5.502.135"/>
+        <vers num="11.5.502.136"/>
+        <vers num="11.5.502.146"/>
+        <vers num="11.5.502.149"/>
+        <vers num="11.6.602.167"/>
+        <vers num="11.6.602.168"/>
+        <vers num="11.6.602.171"/>
+        <vers num="11.6.602.180"/>
+        <vers num="11.7.700.169"/>
+        <vers num="11.7.700.202"/>
+        <vers num="11.7.700.224"/>
+        <vers num="11.7.700.232"/>
+        <vers num="11.7.700.242"/>
+        <vers num="11.7.700.252"/>
+        <vers num="11.7.700.257"/>
+        <vers prev="1" num="11.7.700.260"/>
+        <vers num="11.8.800.168"/>
+        <vers num="11.8.800.94"/>
+        <vers num="11.8.800.97"/>
+        <vers num="11.9.900.117"/>
+        <vers num="11.9.900.152"/>
+        <vers num="11.9.900.170"/>
+        <vers num="12.0.0.38"/>
+        <vers num="12.0.0.41"/>
+        <vers prev="1" num="12.0.0.43"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0498" published="2014-02-21" name="CVE-2014-0498" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK &amp; Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-07.html" source="CONFIRM" patch="1" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-07.html</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0196.html" source="REDHAT">RHSA-2014:0196</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html" source="SUSE">SUSE-SU-2014:0290</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html" source="SUSE">openSUSE-SU-2014:0278</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html" source="SUSE">openSUSE-SU-2014:0277</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="adobe_air">
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.4990"/>
+        <vers num="1.0.8.4990"/>
+        <vers num="1.1"/>
+        <vers num="1.1.0.5790"/>
+        <vers num="1.5"/>
+        <vers num="1.5.0.7220"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.1.8210"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.3.9120"/>
+        <vers num="1.5.3.9130"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.2.12610"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.3.13070"/>
+        <vers num="2.0.4"/>
+        <vers num="2.5.0.16600"/>
+        <vers num="2.5.1.17730"/>
+        <vers num="2.6"/>
+        <vers num="2.6.0.19120"/>
+        <vers num="2.6.0.19140"/>
+        <vers num="2.7"/>
+        <vers num="2.7.0.1948"/>
+        <vers num="2.7.0.19480"/>
+        <vers num="2.7.0.1953"/>
+        <vers num="2.7.0.19530"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.1.19610"/>
+        <vers num="3.0.0.408"/>
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.485"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.1.0.4880"/>
+        <vers num="3.2.0.207"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3670"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.597"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1060"/>
+        <vers num="3.9.0.1210"/>
+        <vers num="3.9.0.1380"/>
+        <vers prev="1" num="4.0.0.1390"/>
+      </prod>
+      <prod vendor="adobe" name="adobe_air_sdk">
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3650"/>
+        <vers num="3.3.0.3690"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.599"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.1430"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1210"/>
+        <vers num="3.9.0.1380"/>
+        <vers prev="1" num="4.0.0.1390"/>
+      </prod>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="11.0"/>
+        <vers num="11.0.1.152"/>
+        <vers num="11.0.1.153"/>
+        <vers num="11.1"/>
+        <vers num="11.1.102.55"/>
+        <vers num="11.1.102.59"/>
+        <vers num="11.1.102.62"/>
+        <vers num="11.1.102.63"/>
+        <vers num="11.1.111.44"/>
+        <vers num="11.1.111.50"/>
+        <vers num="11.1.111.54"/>
+        <vers num="11.1.111.8"/>
+        <vers num="11.1.115.34"/>
+        <vers num="11.1.115.48"/>
+        <vers num="11.1.115.54"/>
+        <vers num="11.1.115.58"/>
+        <vers num="11.1.115.7"/>
+        <vers num="11.2.202.223"/>
+        <vers num="11.2.202.228"/>
+        <vers num="11.2.202.233"/>
+        <vers num="11.2.202.235"/>
+        <vers num="11.2.202.236"/>
+        <vers num="11.2.202.238"/>
+        <vers num="11.2.202.243"/>
+        <vers num="11.2.202.251"/>
+        <vers num="11.2.202.258"/>
+        <vers num="11.2.202.261"/>
+        <vers num="11.2.202.262"/>
+        <vers num="11.2.202.270"/>
+        <vers num="11.2.202.273"/>
+        <vers num="11.2.202.275"/>
+        <vers num="11.2.202.280"/>
+        <vers num="11.2.202.285"/>
+        <vers num="11.2.202.291"/>
+        <vers num="11.2.202.297"/>
+        <vers num="11.2.202.310"/>
+        <vers num="11.2.202.327"/>
+        <vers num="11.2.202.332"/>
+        <vers num="11.2.202.335"/>
+        <vers prev="1" num="11.2.202.336"/>
+        <vers num="11.3.300.257"/>
+        <vers num="11.3.300.262"/>
+        <vers num="11.3.300.265"/>
+        <vers num="11.3.300.268"/>
+        <vers num="11.3.300.270"/>
+        <vers num="11.3.300.271"/>
+        <vers num="11.3.300.273"/>
+        <vers num="11.4.402.265"/>
+        <vers num="11.4.402.278"/>
+        <vers num="11.4.402.287"/>
+        <vers num="11.5.502.110"/>
+        <vers num="11.5.502.135"/>
+        <vers num="11.5.502.136"/>
+        <vers num="11.5.502.146"/>
+        <vers num="11.5.502.149"/>
+        <vers num="11.6.602.167"/>
+        <vers num="11.6.602.168"/>
+        <vers num="11.6.602.171"/>
+        <vers num="11.6.602.180"/>
+        <vers num="11.7.700.169"/>
+        <vers num="11.7.700.202"/>
+        <vers num="11.7.700.224"/>
+        <vers num="11.7.700.225"/>
+        <vers num="11.7.700.232"/>
+        <vers num="11.7.700.242"/>
+        <vers num="11.7.700.252"/>
+        <vers num="11.7.700.257"/>
+        <vers num="11.7.700.260"/>
+        <vers prev="1" num="11.7.700.261"/>
+        <vers num="11.8.800.168"/>
+        <vers num="11.8.800.94"/>
+        <vers num="11.8.800.97"/>
+        <vers num="11.9.900.117"/>
+        <vers num="11.9.900.152"/>
+        <vers num="11.9.900.170"/>
+        <vers num="12.0.0.38"/>
+        <vers num="12.0.0.41"/>
+        <vers num="12.0.0.43"/>
+        <vers prev="1" num="12.0.0.44"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0499" published="2014-02-21" name="CVE-2014-0499" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:N/A:N)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK &amp; Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-07.html" source="CONFIRM" patch="1" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-07.html</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0196.html" source="REDHAT">RHSA-2014:0196</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html" source="SUSE">SUSE-SU-2014:0290</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html" source="SUSE">openSUSE-SU-2014:0278</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html" source="SUSE">openSUSE-SU-2014:0277</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="adobe_air">
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.4990"/>
+        <vers num="1.0.8.4990"/>
+        <vers num="1.1"/>
+        <vers num="1.1.0.5790"/>
+        <vers num="1.5"/>
+        <vers num="1.5.0.7220"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.1.8210"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.3.9120"/>
+        <vers num="1.5.3.9130"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.2.12610"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.3.13070"/>
+        <vers num="2.0.4"/>
+        <vers num="2.5.0.16600"/>
+        <vers num="2.5.1.17730"/>
+        <vers num="2.6"/>
+        <vers num="2.6.0.19120"/>
+        <vers num="2.6.0.19140"/>
+        <vers num="2.7"/>
+        <vers num="2.7.0.1948"/>
+        <vers num="2.7.0.19480"/>
+        <vers num="2.7.0.1953"/>
+        <vers num="2.7.0.19530"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.1.19610"/>
+        <vers num="3.0.0.408"/>
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.485"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.1.0.4880"/>
+        <vers num="3.2.0.207"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3670"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.597"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1060"/>
+        <vers num="3.9.0.1210"/>
+        <vers num="3.9.0.1380"/>
+        <vers prev="1" num="4.0.0.1390"/>
+      </prod>
+      <prod vendor="adobe" name="adobe_air_sdk">
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3650"/>
+        <vers num="3.3.0.3690"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.599"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.1430"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1210"/>
+        <vers num="3.9.0.1380"/>
+        <vers prev="1" num="4.0.0.1390"/>
+      </prod>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="11.0"/>
+        <vers num="11.0.1.152"/>
+        <vers num="11.0.1.153"/>
+        <vers num="11.1"/>
+        <vers num="11.1.102.55"/>
+        <vers num="11.1.102.59"/>
+        <vers num="11.1.102.62"/>
+        <vers num="11.1.102.63"/>
+        <vers num="11.1.111.44"/>
+        <vers num="11.1.111.50"/>
+        <vers num="11.1.111.54"/>
+        <vers num="11.1.111.8"/>
+        <vers num="11.1.115.34"/>
+        <vers num="11.1.115.48"/>
+        <vers num="11.1.115.54"/>
+        <vers num="11.1.115.58"/>
+        <vers num="11.1.115.7"/>
+        <vers num="11.2.202.223"/>
+        <vers num="11.2.202.228"/>
+        <vers num="11.2.202.233"/>
+        <vers num="11.2.202.235"/>
+        <vers num="11.2.202.236"/>
+        <vers num="11.2.202.238"/>
+        <vers num="11.2.202.243"/>
+        <vers num="11.2.202.251"/>
+        <vers num="11.2.202.258"/>
+        <vers num="11.2.202.261"/>
+        <vers num="11.2.202.262"/>
+        <vers num="11.2.202.270"/>
+        <vers num="11.2.202.273"/>
+        <vers num="11.2.202.275"/>
+        <vers num="11.2.202.280"/>
+        <vers num="11.2.202.285"/>
+        <vers num="11.2.202.291"/>
+        <vers num="11.2.202.297"/>
+        <vers num="11.2.202.310"/>
+        <vers num="11.2.202.327"/>
+        <vers num="11.2.202.332"/>
+        <vers num="11.2.202.335"/>
+        <vers prev="1" num="11.2.202.336"/>
+        <vers num="11.3.300.257"/>
+        <vers num="11.3.300.262"/>
+        <vers num="11.3.300.265"/>
+        <vers num="11.3.300.268"/>
+        <vers num="11.3.300.270"/>
+        <vers num="11.3.300.271"/>
+        <vers num="11.3.300.273"/>
+        <vers num="11.4.402.265"/>
+        <vers num="11.4.402.278"/>
+        <vers num="11.4.402.287"/>
+        <vers num="11.5.502.110"/>
+        <vers num="11.5.502.135"/>
+        <vers num="11.5.502.136"/>
+        <vers num="11.5.502.146"/>
+        <vers num="11.5.502.149"/>
+        <vers num="11.6.602.167"/>
+        <vers num="11.6.602.168"/>
+        <vers num="11.6.602.171"/>
+        <vers num="11.6.602.180"/>
+        <vers num="11.7.700.169"/>
+        <vers num="11.7.700.202"/>
+        <vers num="11.7.700.224"/>
+        <vers num="11.7.700.225"/>
+        <vers num="11.7.700.232"/>
+        <vers num="11.7.700.242"/>
+        <vers num="11.7.700.252"/>
+        <vers num="11.7.700.257"/>
+        <vers num="11.7.700.260"/>
+        <vers prev="1" num="11.7.700.261"/>
+        <vers num="11.8.800.168"/>
+        <vers num="11.8.800.94"/>
+        <vers num="11.8.800.97"/>
+        <vers num="11.9.900.117"/>
+        <vers num="11.9.900.152"/>
+        <vers num="11.9.900.170"/>
+        <vers num="12.0.0.38"/>
+        <vers num="12.0.0.41"/>
+        <vers num="12.0.0.43"/>
+        <vers prev="1" num="12.0.0.44"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0500" published="2014-02-11" name="CVE-2014-0500" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/shockwave/apsb14-06.html" source="CONFIRM" adv="1">http://helpx.adobe.com/security/products/shockwave/apsb14-06.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="shockwave_player">
+        <vers num="11.0.0.456"/>
+        <vers num="11.0.3.471"/>
+        <vers num="11.5.0.595"/>
+        <vers num="11.5.0.596"/>
+        <vers num="11.5.1.601"/>
+        <vers num="11.5.10.620"/>
+        <vers num="11.5.2.602"/>
+        <vers num="11.5.6.606"/>
+        <vers num="11.5.7.609"/>
+        <vers num="11.5.8.612"/>
+        <vers num="11.5.9.615"/>
+        <vers num="11.5.9.620"/>
+        <vers num="11.6.0.626"/>
+        <vers num="11.6.1.629"/>
+        <vers num="11.6.3.633"/>
+        <vers num="11.6.4.634"/>
+        <vers num="11.6.5.635"/>
+        <vers num="11.6.6.636"/>
+        <vers num="11.6.7.637"/>
+        <vers num="11.6.8.638"/>
+        <vers num="12.0.0.112"/>
+        <vers num="12.0.2.122"/>
+        <vers num="12.0.3.133"/>
+        <vers num="12.0.4.144"/>
+        <vers num="12.0.6.147"/>
+        <vers prev="1" num="12.0.7.148"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0501" published="2014-02-11" name="CVE-2014-0501" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/shockwave/apsb14-06.html" source="CONFIRM" adv="1">http://helpx.adobe.com/security/products/shockwave/apsb14-06.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="shockwave_player">
+        <vers num="11.0.0.456"/>
+        <vers num="11.0.3.471"/>
+        <vers num="11.5.0.595"/>
+        <vers num="11.5.0.596"/>
+        <vers num="11.5.1.601"/>
+        <vers num="11.5.10.620"/>
+        <vers num="11.5.2.602"/>
+        <vers num="11.5.6.606"/>
+        <vers num="11.5.7.609"/>
+        <vers num="11.5.8.612"/>
+        <vers num="11.5.9.615"/>
+        <vers num="11.5.9.620"/>
+        <vers num="11.6.0.626"/>
+        <vers num="11.6.1.629"/>
+        <vers num="11.6.3.633"/>
+        <vers num="11.6.4.634"/>
+        <vers num="11.6.5.635"/>
+        <vers num="11.6.6.636"/>
+        <vers num="11.6.7.637"/>
+        <vers num="11.6.8.638"/>
+        <vers num="12.0.0.112"/>
+        <vers num="12.0.2.122"/>
+        <vers num="12.0.3.133"/>
+        <vers num="12.0.4.144"/>
+        <vers num="12.0.6.147"/>
+        <vers prev="1" num="12.0.7.148"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0502" published="2014-02-21" name="CVE-2014-0502" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK &amp; Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-07.html" source="CONFIRM" patch="1" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-07.html</ref>
+      <ref url="http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/" source="MISC">http://www.alienvault.com/open-threat-exchange/blog/analysis-of-an-attack-exploiting-the-adobe-zero-day-cve-2014-0502/</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0196.html" source="REDHAT">RHSA-2014:0196</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00017.html" source="SUSE">SUSE-SU-2014:0290</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00015.html" source="SUSE">openSUSE-SU-2014:0278</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00014.html" source="SUSE">openSUSE-SU-2014:0277</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="adobe_air">
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.4990"/>
+        <vers num="1.0.8.4990"/>
+        <vers num="1.1"/>
+        <vers num="1.1.0.5790"/>
+        <vers num="1.5"/>
+        <vers num="1.5.0.7220"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.1.8210"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.3.9120"/>
+        <vers num="1.5.3.9130"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.2.12610"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.3.13070"/>
+        <vers num="2.0.4"/>
+        <vers num="2.5.0.16600"/>
+        <vers num="2.5.1.17730"/>
+        <vers num="2.6"/>
+        <vers num="2.6.0.19120"/>
+        <vers num="2.6.0.19140"/>
+        <vers num="2.7"/>
+        <vers num="2.7.0.1948"/>
+        <vers num="2.7.0.19480"/>
+        <vers num="2.7.0.1953"/>
+        <vers num="2.7.0.19530"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.1.19610"/>
+        <vers num="3.0.0.408"/>
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.485"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.1.0.4880"/>
+        <vers num="3.2.0.207"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3670"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.597"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1060"/>
+        <vers num="3.9.0.1210"/>
+        <vers num="3.9.0.1380"/>
+        <vers prev="1" num="4.0.0.1390"/>
+      </prod>
+      <prod vendor="adobe" name="adobe_air_sdk">
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3650"/>
+        <vers num="3.3.0.3690"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.599"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.1430"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1210"/>
+        <vers num="3.9.0.1380"/>
+        <vers prev="1" num="4.0.0.1390"/>
+      </prod>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="11.0"/>
+        <vers num="11.0.1.152"/>
+        <vers num="11.0.1.153"/>
+        <vers num="11.1"/>
+        <vers num="11.1.102.55"/>
+        <vers num="11.1.102.59"/>
+        <vers num="11.1.102.62"/>
+        <vers num="11.1.102.63"/>
+        <vers num="11.1.111.44"/>
+        <vers num="11.1.111.50"/>
+        <vers num="11.1.111.54"/>
+        <vers num="11.1.111.8"/>
+        <vers num="11.1.115.34"/>
+        <vers num="11.1.115.48"/>
+        <vers num="11.1.115.54"/>
+        <vers num="11.1.115.58"/>
+        <vers num="11.1.115.7"/>
+        <vers num="11.2.202.223"/>
+        <vers num="11.2.202.228"/>
+        <vers num="11.2.202.233"/>
+        <vers num="11.2.202.235"/>
+        <vers num="11.2.202.236"/>
+        <vers num="11.2.202.238"/>
+        <vers num="11.2.202.243"/>
+        <vers num="11.2.202.251"/>
+        <vers num="11.2.202.258"/>
+        <vers num="11.2.202.261"/>
+        <vers num="11.2.202.262"/>
+        <vers num="11.2.202.270"/>
+        <vers num="11.2.202.273"/>
+        <vers num="11.2.202.275"/>
+        <vers num="11.2.202.280"/>
+        <vers num="11.2.202.285"/>
+        <vers num="11.2.202.291"/>
+        <vers num="11.2.202.297"/>
+        <vers num="11.2.202.310"/>
+        <vers num="11.2.202.327"/>
+        <vers num="11.2.202.332"/>
+        <vers num="11.2.202.335"/>
+        <vers prev="1" num="11.2.202.336"/>
+        <vers num="11.3.300.257"/>
+        <vers num="11.3.300.262"/>
+        <vers num="11.3.300.265"/>
+        <vers num="11.3.300.268"/>
+        <vers num="11.3.300.270"/>
+        <vers num="11.3.300.271"/>
+        <vers num="11.3.300.273"/>
+        <vers num="11.4.402.265"/>
+        <vers num="11.4.402.278"/>
+        <vers num="11.4.402.287"/>
+        <vers num="11.5.502.110"/>
+        <vers num="11.5.502.135"/>
+        <vers num="11.5.502.136"/>
+        <vers num="11.5.502.146"/>
+        <vers num="11.5.502.149"/>
+        <vers num="11.6.602.167"/>
+        <vers num="11.6.602.168"/>
+        <vers num="11.6.602.171"/>
+        <vers num="11.6.602.180"/>
+        <vers num="11.7.700.169"/>
+        <vers num="11.7.700.202"/>
+        <vers num="11.7.700.224"/>
+        <vers num="11.7.700.225"/>
+        <vers num="11.7.700.232"/>
+        <vers num="11.7.700.242"/>
+        <vers num="11.7.700.252"/>
+        <vers num="11.7.700.257"/>
+        <vers num="11.7.700.260"/>
+        <vers prev="1" num="11.7.700.261"/>
+        <vers num="11.8.800.168"/>
+        <vers num="11.8.800.94"/>
+        <vers num="11.8.800.97"/>
+        <vers num="11.9.900.117"/>
+        <vers num="11.9.900.152"/>
+        <vers num="11.9.900.170"/>
+        <vers num="12.0.0.38"/>
+        <vers num="12.0.0.41"/>
+        <vers num="12.0.0.43"/>
+        <vers prev="1" num="12.0.0.44"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0503" published="2014-03-12" name="CVE-2014-0503" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0289.html" source="REDHAT">RHSA-2014:0289</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html" source="SUSE">SUSE-SU-2014:0387</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html" source="SUSE">openSUSE-SU-2014:0379</ref>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-08.html" source="CONFIRM" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-08.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="11.0"/>
+        <vers num="11.0.1.152"/>
+        <vers num="11.0.1.153"/>
+        <vers num="11.1"/>
+        <vers num="11.1.102.55"/>
+        <vers num="11.1.102.59"/>
+        <vers num="11.1.102.62"/>
+        <vers num="11.1.102.63"/>
+        <vers num="11.1.111.44"/>
+        <vers num="11.1.111.50"/>
+        <vers num="11.1.111.54"/>
+        <vers num="11.1.111.8"/>
+        <vers num="11.1.115.34"/>
+        <vers num="11.1.115.48"/>
+        <vers num="11.1.115.54"/>
+        <vers num="11.1.115.58"/>
+        <vers num="11.1.115.7"/>
+        <vers num="11.2.202.223"/>
+        <vers num="11.2.202.228"/>
+        <vers num="11.2.202.233"/>
+        <vers num="11.2.202.235"/>
+        <vers num="11.2.202.236"/>
+        <vers num="11.2.202.238"/>
+        <vers num="11.2.202.243"/>
+        <vers num="11.2.202.251"/>
+        <vers num="11.2.202.258"/>
+        <vers num="11.2.202.261"/>
+        <vers num="11.2.202.262"/>
+        <vers num="11.2.202.270"/>
+        <vers num="11.2.202.273"/>
+        <vers num="11.2.202.275"/>
+        <vers num="11.2.202.280"/>
+        <vers num="11.2.202.285"/>
+        <vers num="11.2.202.291"/>
+        <vers num="11.2.202.297"/>
+        <vers num="11.2.202.310"/>
+        <vers num="11.2.202.327"/>
+        <vers num="11.2.202.332"/>
+        <vers num="11.2.202.335"/>
+        <vers prev="1" num="11.2.202.336"/>
+        <vers prev="1" num="11.2.202.341"/>
+        <vers num="11.3.300.257"/>
+        <vers num="11.3.300.262"/>
+        <vers num="11.3.300.265"/>
+        <vers num="11.3.300.268"/>
+        <vers num="11.3.300.270"/>
+        <vers num="11.3.300.271"/>
+        <vers num="11.3.300.273"/>
+        <vers num="11.4.402.265"/>
+        <vers num="11.4.402.278"/>
+        <vers num="11.4.402.287"/>
+        <vers num="11.5.502.110"/>
+        <vers num="11.5.502.135"/>
+        <vers num="11.5.502.136"/>
+        <vers num="11.5.502.146"/>
+        <vers num="11.5.502.149"/>
+        <vers num="11.6.602.167"/>
+        <vers num="11.6.602.168"/>
+        <vers num="11.6.602.171"/>
+        <vers num="11.6.602.180"/>
+        <vers num="11.7.700.169"/>
+        <vers num="11.7.700.202"/>
+        <vers num="11.7.700.224"/>
+        <vers num="11.7.700.232"/>
+        <vers num="11.7.700.242"/>
+        <vers num="11.7.700.252"/>
+        <vers num="11.7.700.257"/>
+        <vers num="11.7.700.260"/>
+        <vers num="11.7.700.261"/>
+        <vers prev="1" num="11.7.700.269"/>
+        <vers num="11.8.800.168"/>
+        <vers num="11.8.800.94"/>
+        <vers num="11.8.800.97"/>
+        <vers num="11.9.900.117"/>
+        <vers num="11.9.900.152"/>
+        <vers num="11.9.900.170"/>
+        <vers num="12.0.0.38"/>
+        <vers num="12.0.0.41"/>
+        <vers num="12.0.0.43"/>
+        <vers num="12.0.0.44"/>
+        <vers prev="1" num="12.0.0.70"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0504" published="2014-03-12" name="CVE-2014-0504" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0289.html" source="REDHAT">RHSA-2014:0289</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00014.html" source="SUSE">SUSE-SU-2014:0387</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00013.html" source="SUSE">openSUSE-SU-2014:0379</ref>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-08.html" source="CONFIRM" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-08.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="11.0"/>
+        <vers num="11.0.1.152"/>
+        <vers num="11.0.1.153"/>
+        <vers num="11.1"/>
+        <vers num="11.1.102.55"/>
+        <vers num="11.1.102.59"/>
+        <vers num="11.1.102.62"/>
+        <vers num="11.1.102.63"/>
+        <vers num="11.1.111.44"/>
+        <vers num="11.1.111.50"/>
+        <vers num="11.1.111.54"/>
+        <vers num="11.1.111.8"/>
+        <vers num="11.1.115.34"/>
+        <vers num="11.1.115.48"/>
+        <vers num="11.1.115.54"/>
+        <vers num="11.1.115.58"/>
+        <vers num="11.1.115.7"/>
+        <vers num="11.2.202.223"/>
+        <vers num="11.2.202.228"/>
+        <vers num="11.2.202.233"/>
+        <vers num="11.2.202.235"/>
+        <vers num="11.2.202.236"/>
+        <vers num="11.2.202.238"/>
+        <vers num="11.2.202.243"/>
+        <vers num="11.2.202.251"/>
+        <vers num="11.2.202.258"/>
+        <vers num="11.2.202.261"/>
+        <vers num="11.2.202.262"/>
+        <vers num="11.2.202.270"/>
+        <vers num="11.2.202.273"/>
+        <vers num="11.2.202.275"/>
+        <vers num="11.2.202.280"/>
+        <vers num="11.2.202.285"/>
+        <vers num="11.2.202.291"/>
+        <vers num="11.2.202.297"/>
+        <vers num="11.2.202.310"/>
+        <vers num="11.2.202.327"/>
+        <vers num="11.2.202.332"/>
+        <vers num="11.2.202.335"/>
+        <vers prev="1" num="11.2.202.336"/>
+        <vers prev="1" num="11.2.202.341"/>
+        <vers num="11.3.300.257"/>
+        <vers num="11.3.300.262"/>
+        <vers num="11.3.300.265"/>
+        <vers num="11.3.300.268"/>
+        <vers num="11.3.300.270"/>
+        <vers num="11.3.300.271"/>
+        <vers num="11.3.300.273"/>
+        <vers num="11.4.402.265"/>
+        <vers num="11.4.402.278"/>
+        <vers num="11.4.402.287"/>
+        <vers num="11.5.502.110"/>
+        <vers num="11.5.502.135"/>
+        <vers num="11.5.502.136"/>
+        <vers num="11.5.502.146"/>
+        <vers num="11.5.502.149"/>
+        <vers num="11.6.602.167"/>
+        <vers num="11.6.602.168"/>
+        <vers num="11.6.602.171"/>
+        <vers num="11.6.602.180"/>
+        <vers num="11.7.700.169"/>
+        <vers num="11.7.700.202"/>
+        <vers num="11.7.700.224"/>
+        <vers num="11.7.700.232"/>
+        <vers num="11.7.700.242"/>
+        <vers num="11.7.700.252"/>
+        <vers num="11.7.700.257"/>
+        <vers num="11.7.700.260"/>
+        <vers num="11.7.700.261"/>
+        <vers prev="1" num="11.7.700.269"/>
+        <vers num="11.8.800.168"/>
+        <vers num="11.8.800.94"/>
+        <vers num="11.8.800.97"/>
+        <vers num="11.9.900.117"/>
+        <vers num="11.9.900.152"/>
+        <vers num="11.9.900.170"/>
+        <vers num="12.0.0.38"/>
+        <vers num="12.0.0.41"/>
+        <vers num="12.0.0.43"/>
+        <vers num="12.0.0.44"/>
+        <vers prev="1" num="12.0.0.70"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0505" published="2014-03-14" name="CVE-2014-0505" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/shockwave/apsb14-10.html" source="CONFIRM" adv="1">http://helpx.adobe.com/security/products/shockwave/apsb14-10.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="shockwave_player">
+        <vers num="12.0.0.112"/>
+        <vers num="12.0.2.122"/>
+        <vers num="12.0.3.133"/>
+        <vers num="12.0.4.144"/>
+        <vers num="12.0.6.147"/>
+        <vers num="12.0.7.148"/>
+        <vers prev="1" num="12.0.9.149"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0506" published="2014-03-27" name="CVE-2014-0506" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK &amp; Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</ref>
+      <ref url="http://twitter.com/thezdi/statuses/443886338077495296" source="MISC">http://twitter.com/thezdi/statuses/443886338077495296</ref>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-09.html" source="CONFIRM">http://helpx.adobe.com/security/products/flash-player/apsb14-09.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="12.0.0.77"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0507" published="2014-04-08" name="CVE-2014-0507" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK &amp; Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-09.html" source="CONFIRM" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-09.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="adobe_air">
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.4990"/>
+        <vers num="1.0.8.4990"/>
+        <vers num="1.1"/>
+        <vers num="1.1.0.5790"/>
+        <vers num="1.5"/>
+        <vers num="1.5.0.7220"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.1.8210"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.3.9120"/>
+        <vers num="1.5.3.9130"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.2.12610"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.3.13070"/>
+        <vers num="2.0.4"/>
+        <vers num="2.5.0.16600"/>
+        <vers num="2.5.1.17730"/>
+        <vers num="2.6"/>
+        <vers num="2.6.0.19120"/>
+        <vers num="2.6.0.19140"/>
+        <vers num="2.7"/>
+        <vers num="2.7.0.1948"/>
+        <vers num="2.7.0.19480"/>
+        <vers num="2.7.0.1953"/>
+        <vers num="2.7.0.19530"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.1.19610"/>
+        <vers num="3.0.0.408"/>
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.485"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.1.0.4880"/>
+        <vers num="3.2.0.207"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3670"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.597"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1060"/>
+        <vers num="3.9.0.1210"/>
+        <vers num="3.9.0.1380"/>
+        <vers prev="1" num="4.0.0.1390"/>
+      </prod>
+      <prod vendor="adobe" name="adobe_air_sdk">
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3650"/>
+        <vers num="3.3.0.3690"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.599"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.1430"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1210"/>
+        <vers num="3.9.0.1380"/>
+        <vers num="4.0.0.1390"/>
+        <vers prev="1" num="4.0.0.1628"/>
+      </prod>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="11.0"/>
+        <vers num="11.0.1.152"/>
+        <vers num="11.0.1.153"/>
+        <vers num="11.1"/>
+        <vers num="11.1.102.55"/>
+        <vers num="11.1.102.59"/>
+        <vers num="11.1.102.62"/>
+        <vers num="11.1.102.63"/>
+        <vers num="11.1.111.44"/>
+        <vers num="11.1.111.50"/>
+        <vers num="11.1.111.54"/>
+        <vers num="11.1.111.8"/>
+        <vers num="11.1.115.34"/>
+        <vers num="11.1.115.48"/>
+        <vers num="11.1.115.54"/>
+        <vers num="11.1.115.58"/>
+        <vers num="11.1.115.7"/>
+        <vers num="11.2.202.223"/>
+        <vers num="11.2.202.228"/>
+        <vers num="11.2.202.233"/>
+        <vers num="11.2.202.235"/>
+        <vers num="11.2.202.236"/>
+        <vers num="11.2.202.238"/>
+        <vers num="11.2.202.243"/>
+        <vers num="11.2.202.251"/>
+        <vers num="11.2.202.258"/>
+        <vers num="11.2.202.261"/>
+        <vers num="11.2.202.262"/>
+        <vers num="11.2.202.270"/>
+        <vers num="11.2.202.273"/>
+        <vers num="11.2.202.275"/>
+        <vers num="11.2.202.280"/>
+        <vers num="11.2.202.285"/>
+        <vers num="11.2.202.291"/>
+        <vers num="11.2.202.297"/>
+        <vers num="11.2.202.310"/>
+        <vers num="11.2.202.327"/>
+        <vers num="11.2.202.332"/>
+        <vers num="11.2.202.335"/>
+        <vers num="11.2.202.336"/>
+        <vers num="11.2.202.341"/>
+        <vers prev="1" num="11.2.202.346"/>
+        <vers num="11.3.300.257"/>
+        <vers num="11.3.300.262"/>
+        <vers num="11.3.300.265"/>
+        <vers num="11.3.300.268"/>
+        <vers num="11.3.300.270"/>
+        <vers num="11.3.300.271"/>
+        <vers num="11.3.300.273"/>
+        <vers num="11.4.402.265"/>
+        <vers num="11.4.402.278"/>
+        <vers num="11.4.402.287"/>
+        <vers num="11.5.502.110"/>
+        <vers num="11.5.502.135"/>
+        <vers num="11.5.502.136"/>
+        <vers num="11.5.502.146"/>
+        <vers num="11.5.502.149"/>
+        <vers num="11.6.602.167"/>
+        <vers num="11.6.602.168"/>
+        <vers num="11.6.602.171"/>
+        <vers num="11.6.602.180"/>
+        <vers num="11.7.700.169"/>
+        <vers num="11.7.700.202"/>
+        <vers num="11.7.700.224"/>
+        <vers num="11.7.700.232"/>
+        <vers num="11.7.700.242"/>
+        <vers num="11.7.700.252"/>
+        <vers num="11.7.700.257"/>
+        <vers num="11.7.700.260"/>
+        <vers num="11.8.800.168"/>
+        <vers num="11.8.800.94"/>
+        <vers num="11.8.800.97"/>
+        <vers num="11.9.900.117"/>
+        <vers num="11.9.900.152"/>
+        <vers num="11.9.900.170"/>
+        <vers num="12.0.0.38"/>
+        <vers num="12.0.0.41"/>
+        <vers num="12.0.0.43"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0508" published="2014-04-08" name="CVE-2014-0508" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK &amp; Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-09.html" source="CONFIRM" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-09.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="adobe_air">
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.4990"/>
+        <vers num="1.0.8.4990"/>
+        <vers num="1.1"/>
+        <vers num="1.1.0.5790"/>
+        <vers num="1.5"/>
+        <vers num="1.5.0.7220"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.1.8210"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.3.9120"/>
+        <vers num="1.5.3.9130"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.2.12610"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.3.13070"/>
+        <vers num="2.0.4"/>
+        <vers num="2.5.0.16600"/>
+        <vers num="2.5.1.17730"/>
+        <vers num="2.6"/>
+        <vers num="2.6.0.19120"/>
+        <vers num="2.6.0.19140"/>
+        <vers num="2.7"/>
+        <vers num="2.7.0.1948"/>
+        <vers num="2.7.0.19480"/>
+        <vers num="2.7.0.1953"/>
+        <vers num="2.7.0.19530"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.1.19610"/>
+        <vers num="3.0.0.408"/>
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.485"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.1.0.4880"/>
+        <vers num="3.2.0.207"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3670"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.597"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1060"/>
+        <vers num="3.9.0.1210"/>
+        <vers num="3.9.0.1380"/>
+        <vers prev="1" num="4.0.0.1390"/>
+      </prod>
+      <prod vendor="adobe" name="adobe_air_sdk">
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3650"/>
+        <vers num="3.3.0.3690"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.599"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.1430"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1210"/>
+        <vers num="3.9.0.1380"/>
+        <vers num="4.0.0.1390"/>
+        <vers prev="1" num="4.0.0.1628"/>
+      </prod>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="11.0"/>
+        <vers num="11.0.1.152"/>
+        <vers num="11.0.1.153"/>
+        <vers num="11.1"/>
+        <vers num="11.1.102.55"/>
+        <vers num="11.1.102.59"/>
+        <vers num="11.1.102.62"/>
+        <vers num="11.1.102.63"/>
+        <vers num="11.1.111.44"/>
+        <vers num="11.1.111.50"/>
+        <vers num="11.1.111.54"/>
+        <vers num="11.1.111.8"/>
+        <vers num="11.1.115.34"/>
+        <vers num="11.1.115.48"/>
+        <vers num="11.1.115.54"/>
+        <vers num="11.1.115.58"/>
+        <vers num="11.1.115.7"/>
+        <vers num="11.2.202.223"/>
+        <vers num="11.2.202.228"/>
+        <vers num="11.2.202.233"/>
+        <vers num="11.2.202.235"/>
+        <vers num="11.2.202.236"/>
+        <vers num="11.2.202.238"/>
+        <vers num="11.2.202.243"/>
+        <vers num="11.2.202.251"/>
+        <vers num="11.2.202.258"/>
+        <vers num="11.2.202.261"/>
+        <vers num="11.2.202.262"/>
+        <vers num="11.2.202.270"/>
+        <vers num="11.2.202.273"/>
+        <vers num="11.2.202.275"/>
+        <vers num="11.2.202.280"/>
+        <vers num="11.2.202.285"/>
+        <vers num="11.2.202.291"/>
+        <vers num="11.2.202.297"/>
+        <vers num="11.2.202.310"/>
+        <vers num="11.2.202.327"/>
+        <vers num="11.2.202.332"/>
+        <vers num="11.2.202.335"/>
+        <vers num="11.2.202.336"/>
+        <vers num="11.2.202.341"/>
+        <vers prev="1" num="11.2.202.346"/>
+        <vers num="11.3.300.257"/>
+        <vers num="11.3.300.262"/>
+        <vers num="11.3.300.265"/>
+        <vers num="11.3.300.268"/>
+        <vers num="11.3.300.270"/>
+        <vers num="11.3.300.271"/>
+        <vers num="11.3.300.273"/>
+        <vers num="11.4.402.265"/>
+        <vers num="11.4.402.278"/>
+        <vers num="11.4.402.287"/>
+        <vers num="11.5.502.110"/>
+        <vers num="11.5.502.135"/>
+        <vers num="11.5.502.136"/>
+        <vers num="11.5.502.146"/>
+        <vers num="11.5.502.149"/>
+        <vers num="11.6.602.167"/>
+        <vers num="11.6.602.168"/>
+        <vers num="11.6.602.171"/>
+        <vers num="11.6.602.180"/>
+        <vers num="11.7.700.169"/>
+        <vers num="11.7.700.202"/>
+        <vers num="11.7.700.224"/>
+        <vers num="11.7.700.232"/>
+        <vers num="11.7.700.242"/>
+        <vers num="11.7.700.252"/>
+        <vers num="11.7.700.257"/>
+        <vers num="11.7.700.260"/>
+        <vers num="11.8.800.168"/>
+        <vers num="11.8.800.94"/>
+        <vers num="11.8.800.97"/>
+        <vers num="11.9.900.117"/>
+        <vers num="11.9.900.152"/>
+        <vers num="11.9.900.170"/>
+        <vers num="12.0.0.38"/>
+        <vers num="12.0.0.41"/>
+        <vers num="12.0.0.43"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0509" published="2014-04-08" name="CVE-2014-0509" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK &amp; Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-09.html" source="CONFIRM" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-09.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="adobe_air">
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.4990"/>
+        <vers num="1.0.8.4990"/>
+        <vers num="1.1"/>
+        <vers num="1.1.0.5790"/>
+        <vers num="1.5"/>
+        <vers num="1.5.0.7220"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.1.8210"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.3.9120"/>
+        <vers num="1.5.3.9130"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.2.12610"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.3.13070"/>
+        <vers num="2.0.4"/>
+        <vers num="2.5.0.16600"/>
+        <vers num="2.5.1.17730"/>
+        <vers num="2.6"/>
+        <vers num="2.6.0.19120"/>
+        <vers num="2.6.0.19140"/>
+        <vers num="2.7"/>
+        <vers num="2.7.0.1948"/>
+        <vers num="2.7.0.19480"/>
+        <vers num="2.7.0.1953"/>
+        <vers num="2.7.0.19530"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.1.19610"/>
+        <vers num="3.0.0.408"/>
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.485"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.1.0.4880"/>
+        <vers num="3.2.0.207"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3670"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.597"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1060"/>
+        <vers num="3.9.0.1210"/>
+        <vers num="3.9.0.1380"/>
+        <vers prev="1" num="4.0.0.1390"/>
+      </prod>
+      <prod vendor="adobe" name="adobe_air_sdk">
+        <vers num="3.0.0.4080"/>
+        <vers num="3.1.0.488"/>
+        <vers num="3.2.0.2070"/>
+        <vers num="3.3.0.3650"/>
+        <vers num="3.3.0.3690"/>
+        <vers num="3.4.0.2540"/>
+        <vers num="3.4.0.2710"/>
+        <vers num="3.5.0.1060"/>
+        <vers num="3.5.0.600"/>
+        <vers num="3.5.0.880"/>
+        <vers num="3.5.0.890"/>
+        <vers num="3.6.0.599"/>
+        <vers num="3.6.0.6090"/>
+        <vers num="3.7.0.1530"/>
+        <vers num="3.7.0.1860"/>
+        <vers num="3.7.0.2090"/>
+        <vers num="3.8.0.1430"/>
+        <vers num="3.8.0.870"/>
+        <vers num="3.8.0.910"/>
+        <vers num="3.9.0.1030"/>
+        <vers num="3.9.0.1210"/>
+        <vers num="3.9.0.1380"/>
+        <vers num="4.0.0.1390"/>
+        <vers prev="1" num="4.0.0.1628"/>
+      </prod>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="11.0"/>
+        <vers num="11.0.1.152"/>
+        <vers num="11.0.1.153"/>
+        <vers num="11.1"/>
+        <vers num="11.1.102.55"/>
+        <vers num="11.1.102.59"/>
+        <vers num="11.1.102.62"/>
+        <vers num="11.1.102.63"/>
+        <vers num="11.1.111.44"/>
+        <vers num="11.1.111.50"/>
+        <vers num="11.1.111.54"/>
+        <vers num="11.1.111.8"/>
+        <vers num="11.1.115.34"/>
+        <vers num="11.1.115.48"/>
+        <vers num="11.1.115.54"/>
+        <vers num="11.1.115.58"/>
+        <vers num="11.1.115.7"/>
+        <vers num="11.2.202.223"/>
+        <vers num="11.2.202.228"/>
+        <vers num="11.2.202.233"/>
+        <vers num="11.2.202.235"/>
+        <vers num="11.2.202.236"/>
+        <vers num="11.2.202.238"/>
+        <vers num="11.2.202.243"/>
+        <vers num="11.2.202.251"/>
+        <vers num="11.2.202.258"/>
+        <vers num="11.2.202.261"/>
+        <vers num="11.2.202.262"/>
+        <vers num="11.2.202.270"/>
+        <vers num="11.2.202.273"/>
+        <vers num="11.2.202.275"/>
+        <vers num="11.2.202.280"/>
+        <vers num="11.2.202.285"/>
+        <vers num="11.2.202.291"/>
+        <vers num="11.2.202.297"/>
+        <vers num="11.2.202.310"/>
+        <vers num="11.2.202.327"/>
+        <vers num="11.2.202.332"/>
+        <vers num="11.2.202.335"/>
+        <vers num="11.2.202.336"/>
+        <vers num="11.2.202.341"/>
+        <vers prev="1" num="11.2.202.346"/>
+        <vers num="11.3.300.257"/>
+        <vers num="11.3.300.262"/>
+        <vers num="11.3.300.265"/>
+        <vers num="11.3.300.268"/>
+        <vers num="11.3.300.270"/>
+        <vers num="11.3.300.271"/>
+        <vers num="11.3.300.273"/>
+        <vers num="11.4.402.265"/>
+        <vers num="11.4.402.278"/>
+        <vers num="11.4.402.287"/>
+        <vers num="11.5.502.110"/>
+        <vers num="11.5.502.135"/>
+        <vers num="11.5.502.136"/>
+        <vers num="11.5.502.146"/>
+        <vers num="11.5.502.149"/>
+        <vers num="11.6.602.167"/>
+        <vers num="11.6.602.168"/>
+        <vers num="11.6.602.171"/>
+        <vers num="11.6.602.180"/>
+        <vers num="11.7.700.169"/>
+        <vers num="11.7.700.202"/>
+        <vers num="11.7.700.224"/>
+        <vers num="11.7.700.232"/>
+        <vers num="11.7.700.242"/>
+        <vers num="11.7.700.252"/>
+        <vers num="11.7.700.257"/>
+        <vers num="11.7.700.260"/>
+        <vers num="11.8.800.168"/>
+        <vers num="11.8.800.94"/>
+        <vers num="11.8.800.97"/>
+        <vers num="11.9.900.117"/>
+        <vers num="11.9.900.152"/>
+        <vers num="11.9.900.170"/>
+        <vers num="12.0.0.38"/>
+        <vers num="12.0.0.41"/>
+        <vers num="12.0.0.43"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0510" published="2014-03-27" name="CVE-2014-0510" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/66241" source="BID">66241</ref>
+      <ref url="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/</ref>
+      <ref url="http://twitter.com/thezdi/statuses/444262022444621824" source="MISC">http://twitter.com/thezdi/statuses/444262022444621824</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="12.0.0.77"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0511" published="2014-03-27" name="CVE-2014-0511" modified="2014-03-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</ref>
+      <ref url="http://twitter.com/thezdi/statuses/443827076580122624" source="MISC">http://twitter.com/thezdi/statuses/443827076580122624</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="acrobat_reader">
+        <vers num="11.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0512" published="2014-03-27" name="CVE-2014-0512" modified="2014-03-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</ref>
+      <ref url="http://twitter.com/thezdi/statuses/443827076580122624" source="MISC">http://twitter.com/thezdi/statuses/443827076580122624</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="acrobat_reader">
+        <vers num="11.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0514" published="2014-04-15" name="CVE-2014-0514" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html" source="CONFIRM" patch="1" adv="1">http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html</ref>
+      <ref url="http://www.securityfocus.com/bid/66798" source="BID">66798</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531831/100/0/threaded" source="BUGTRAQ">20140413 Adobe Reader for Android exposes insecure Javascript interfaces</ref>
+      <ref url="http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html" source="MISC">http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/192" source="FULLDISC">20140413 Adobe Reader for Android exposes insecure Javascript interfaces</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="adobe_reader">
+        <vers num="11.1.0" edition=":~~~android~~"/>
+        <vers prev="1" num="11.1.3" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0515" published="2014-04-29" name="CVE-2014-0515" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.</descript>
+    </desc>
+    <impacts>
+      <impact source="nvd">Per: http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
+
+"Affected software versions
+
+    Adobe Flash Player 13.0.0.182 and earlier versions for Windows
+    Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh
+    Adobe Flash Player 11.2.202.350 and earlier versions for Linux"</impact>
+    </impacts>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://helpx.adobe.com/security/products/flash-player/apsb14-13.html" source="CONFIRM" patch="1" adv="1">http://helpx.adobe.com/security/products/flash-player/apsb14-13.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="flash_player">
+        <vers num="11.2.202.223"/>
+        <vers num="11.2.202.228"/>
+        <vers num="11.2.202.233"/>
+        <vers num="11.2.202.235"/>
+        <vers num="11.2.202.236"/>
+        <vers num="11.2.202.238"/>
+        <vers num="11.2.202.243"/>
+        <vers num="11.2.202.251"/>
+        <vers num="11.2.202.258"/>
+        <vers num="11.2.202.261"/>
+        <vers num="11.2.202.262"/>
+        <vers num="11.2.202.270"/>
+        <vers num="11.2.202.273"/>
+        <vers num="11.2.202.275"/>
+        <vers num="11.2.202.280"/>
+        <vers num="11.2.202.285"/>
+        <vers num="11.2.202.291"/>
+        <vers num="11.2.202.297"/>
+        <vers num="11.2.202.310"/>
+        <vers num="11.2.202.332"/>
+        <vers num="11.2.202.335"/>
+        <vers num="11.2.202.336"/>
+        <vers num="11.2.202.341"/>
+        <vers num="11.2.202.346"/>
+        <vers prev="1" num="11.2.202.350"/>
+        <vers num="11.7.700.169"/>
+        <vers num="11.7.700.202"/>
+        <vers num="11.7.700.224"/>
+        <vers num="11.7.700.225"/>
+        <vers num="11.7.700.232"/>
+        <vers num="11.7.700.242"/>
+        <vers num="11.7.700.257"/>
+        <vers num="11.7.700.260"/>
+        <vers num="11.7.700.261"/>
+        <vers num="11.7.700.269"/>
+        <vers num="11.7.700.272"/>
+        <vers prev="1" num="11.7.700.275"/>
+        <vers num="11.8.800.168"/>
+        <vers num="11.8.800.94"/>
+        <vers num="11.8.800.97"/>
+        <vers prev="1" num="13.0.0.182"/>
+        <vers prev="1" num="13.0.0.201"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0591" published="2014-01-13" name="CVE-2014-0591" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:N/A:P)" CVSS_score="2.6" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://kb.isc.org/article/AA-01085" source="CONFIRM" adv="1">https://kb.isc.org/article/AA-01085</ref>
+      <ref url="https://kb.isc.org/article/AA-01078" source="CONFIRM" adv="1">https://kb.isc.org/article/AA-01078</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1051717" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1051717</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2081-1" source="UBUNTU">USN-2081-1</ref>
+      <ref url="http://www.slackware.com/security/viewer.php?l=slackware-security&amp;y=2014&amp;m=slackware-security.524465" source="SLACKWARE">SSA:2014-028-01</ref>
+      <ref url="http://www.securitytracker.com/id/1029589" source="SECTRACK">1029589</ref>
+      <ref url="http://www.securityfocus.com/bid/64801" source="BID">64801</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:002" source="MANDRIVA">MDVSA-2014:002</ref>
+      <ref url="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc" source="FREEBSD">FreeBSD-SA-14:04</ref>
+      <ref url="http://secunia.com/advisories/56574" source="SECUNIA">56574</ref>
+      <ref url="http://secunia.com/advisories/56522" source="SECUNIA">56522</ref>
+      <ref url="http://secunia.com/advisories/56493" source="SECUNIA">56493</ref>
+      <ref url="http://secunia.com/advisories/56442" source="SECUNIA">56442</ref>
+      <ref url="http://secunia.com/advisories/56427" source="SECUNIA">56427</ref>
+      <ref url="http://secunia.com/advisories/56425" source="SECUNIA">56425</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0043.html" source="REDHAT">RHSA-2014:0043</ref>
+      <ref url="http://osvdb.org/101973" source="OSVDB">101973</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=138995561732658&amp;w=2" source="HP">SSRT101420</ref>
+      <ref url="http://marc.info/?l=bugtraq&amp;m=138995561732658&amp;w=2" source="HP">HPSBUX02961</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00019.html" source="SUSE">openSUSE-SU-2014:0202</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00016.html" source="SUSE">openSUSE-SU-2014:0199</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126772.html" source="FEDORA">FEDORA-2014-0811</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126761.html" source="FEDORA">FEDORA-2014-0858</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="isc" name="bind">
+        <vers num="9.6-esv"/>
+        <vers num="9.6-esv-r1"/>
+        <vers num="9.6-esv-r2"/>
+        <vers num="9.6-esv-r3"/>
+        <vers num="9.6-esv-r4"/>
+        <vers num="9.6-esv-r4-p1"/>
+        <vers num="9.6-esv-r5" edition="p1"/>
+        <vers num="9.6-esv-r5b1"/>
+        <vers num="9.6-esv-r6" edition="b1"/>
+        <vers num="9.6-esv-r6" edition="rc1"/>
+        <vers num="9.6-esv-r6" edition="rc2"/>
+        <vers num="9.6-esv-r7" edition="p1"/>
+        <vers num="9.6-esv-r7" edition="p2"/>
+        <vers num="9.6-esv-r9" edition="p1"/>
+        <vers num="9.6.0" edition="p1"/>
+        <vers num="9.6.0" edition="rc1"/>
+        <vers num="9.6.0" edition="rc2"/>
+        <vers num="9.6.0a1"/>
+        <vers num="9.6.0b1"/>
+        <vers num="9.6.1" edition="p1"/>
+        <vers num="9.6.1" edition="p2"/>
+        <vers num="9.6.1" edition="p3"/>
+        <vers num="9.6.1" edition="rc1"/>
+        <vers num="9.6.1b1"/>
+        <vers num="9.6.2" edition="rc1"/>
+        <vers num="9.6.2-p1"/>
+        <vers num="9.6.2-p2"/>
+        <vers num="9.6.2-p3"/>
+        <vers num="9.6.2b1"/>
+        <vers num="9.6.3" edition="rc1"/>
+        <vers num="9.6.3b1"/>
+        <vers num="9.7.0" edition="beta"/>
+        <vers num="9.7.0" edition="p1"/>
+        <vers num="9.7.0" edition="p2"/>
+        <vers num="9.7.0" edition="rc1"/>
+        <vers num="9.7.0" edition="rc2"/>
+        <vers num="9.7.0a1"/>
+        <vers num="9.7.0a2"/>
+        <vers num="9.7.0a3"/>
+        <vers num="9.7.0b1"/>
+        <vers num="9.7.0b2"/>
+        <vers num="9.7.0b3"/>
+        <vers num="9.7.1" edition="p1"/>
+        <vers num="9.7.1" edition="p2"/>
+        <vers num="9.7.1" edition="rc1"/>
+        <vers num="9.7.1b1"/>
+        <vers num="9.7.2" edition="p1"/>
+        <vers num="9.7.2" edition="p2"/>
+        <vers num="9.7.2" edition="p3"/>
+        <vers num="9.7.2" edition="rc1"/>
+        <vers num="9.7.3" edition="b1"/>
+        <vers num="9.7.3" edition="p1"/>
+        <vers num="9.7.3" edition="rc1"/>
+        <vers num="9.7.4" edition="b1"/>
+        <vers num="9.7.4" edition="p1"/>
+        <vers num="9.7.4" edition="rc1"/>
+        <vers num="9.7.4b1"/>
+        <vers num="9.7.5" edition="b1"/>
+        <vers num="9.7.5" edition="rc1"/>
+        <vers num="9.7.5" edition="rc2"/>
+        <vers num="9.7.6" edition="p1"/>
+        <vers num="9.7.6" edition="p2"/>
+        <vers num="9.7.7"/>
+        <vers num="9.8.0" edition="a1"/>
+        <vers num="9.8.0" edition="b1"/>
+        <vers num="9.8.0" edition="p1"/>
+        <vers num="9.8.0" edition="p2"/>
+        <vers num="9.8.0" edition="p4"/>
+        <vers num="9.8.0" edition="rc1"/>
+        <vers num="9.8.1" edition="b1"/>
+        <vers num="9.8.1" edition="b2"/>
+        <vers num="9.8.1" edition="b3"/>
+        <vers num="9.8.1" edition="p1"/>
+        <vers num="9.8.1" edition="rc1"/>
+        <vers num="9.8.2" edition="b1"/>
+        <vers num="9.8.2" edition="rc1"/>
+        <vers num="9.8.2" edition="rc2"/>
+        <vers num="9.8.3" edition="p1"/>
+        <vers num="9.8.3" edition="p2"/>
+        <vers num="9.8.4"/>
+        <vers num="9.8.5" edition="b1"/>
+        <vers num="9.8.5" edition="b2"/>
+        <vers num="9.8.5" edition="p1"/>
+        <vers num="9.8.5" edition="p2"/>
+        <vers num="9.8.5" edition="rc1"/>
+        <vers num="9.8.5" edition="rc2"/>
+        <vers num="9.8.6" edition="b1"/>
+        <vers num="9.8.6" edition="p1"/>
+        <vers num="9.8.6" edition="rc1"/>
+        <vers num="9.8.6" edition="rc2"/>
+        <vers num="9.9.4" edition="p1"/>
+        <vers num="9.9.4" edition="rc1"/>
+        <vers num="9.9.4" edition="rc2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0592" published="2014-04-04" name="CVE-2014-0592" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00025.html" source="SUSE" patch="1" adv="1">SUSE-SU-2014:0452</ref>
+      <ref url="https://github.com/crowbar/barclamp-network/pull/269" source="CONFIRM">https://github.com/crowbar/barclamp-network/pull/269</ref>
+      <ref url="https://bugzilla.novell.com/show_bug.cgi?id=864183" source="CONFIRM">https://bugzilla.novell.com/show_bug.cgi?id=864183</ref>
+      <ref url="http://www.securityfocus.com/bid/66519" source="BID">66519</ref>
+      <ref url="http://secunia.com/advisories/57509" source="SECUNIA" adv="1">57509</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="crowbar" name="barclamp">
+        <vers num="1.7"/>
+      </prod>
+      <prod vendor="novell" name="suse_cloud">
+        <vers num="3.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0612" published="2014-04-14" name="CVE-2014-0612" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when Dynamic IPsec VPN is configured, allows remote attackers to cause a denial of service (new Dynamic VPN connection failures and CPU and disk consumption) via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/66759" source="BID">66759</ref>
+      <ref url="http://securitytracker.com/id?1030057" source="SECTRACK">1030057</ref>
+      <ref url="http://secunia.com/advisories/57845" source="SECUNIA" adv="1">57845</ref>
+      <ref url="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10620" source="CONFIRM" adv="1">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10620</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="srx100">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx110">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx210">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx220">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx240">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx550">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx650">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="junos">
+        <vers num="11.4"/>
+        <vers num="12.1"/>
+        <vers num="12.1x44"/>
+        <vers num="12.1x45"/>
+        <vers num="12.1x46"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0613" published="2014-01-15" name="CVE-2014-0613" modified="2014-01-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2-S2, and 13.3 before 13.3R1, when xnm-ssl or xnm-clear-text is enabled, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029586" source="SECTRACK">1029586</ref>
+      <ref url="http://osvdb.org/101861" source="OSVDB">101861</ref>
+      <ref url="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10607" source="CONFIRM" adv="1">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10607</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="junos">
+        <vers num="10.4"/>
+        <vers num="11.4"/>
+        <vers num="12.1r"/>
+        <vers num="12.1x44"/>
+        <vers num="12.1x45"/>
+        <vers num="12.1x46"/>
+        <vers num="12.2"/>
+        <vers num="12.3"/>
+        <vers num="13.1"/>
+        <vers num="13.2"/>
+        <vers num="13.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0614" published="2014-04-14" name="CVE-2014-0614" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is enabled, allows remote attackers to cause a denial of service (kernel panic and crash) via a large number of crafted IGMP packets.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/66762" source="BID">66762</ref>
+      <ref url="http://securitytracker.com/id?1030062" source="SECTRACK">1030062</ref>
+      <ref url="http://secunia.com/advisories/57819" source="SECUNIA" adv="1">57819</ref>
+      <ref url="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10618" source="CONFIRM" adv="1">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10618</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="junos">
+        <vers num="13.2"/>
+        <vers num="13.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0615" published="2014-01-15" name="CVE-2014-0615" modified="2014-01-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
+    <desc>
+      <descript source="cve">Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029585" source="SECTRACK">1029585</ref>
+      <ref url="http://www.securityfocus.com/bid/64762" source="BID">64762</ref>
+      <ref url="http://osvdb.org/101862" source="OSVDB">101862</ref>
+      <ref url="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10608" source="CONFIRM" adv="1">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10608</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="junos">
+        <vers num="10.4"/>
+        <vers num="11.4"/>
+        <vers num="12.1r"/>
+        <vers num="12.1x44"/>
+        <vers num="12.1x45"/>
+        <vers num="12.1x46"/>
+        <vers num="12.2"/>
+        <vers num="12.3"/>
+        <vers num="13.1"/>
+        <vers num="13.2"/>
+        <vers num="13.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0616" published="2014-01-15" name="CVE-2014-0616" modified="2014-01-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029582" source="SECTRACK">1029582</ref>
+      <ref url="http://www.securityfocus.com/bid/64766" source="BID">64766</ref>
+      <ref url="http://osvdb.org/101868" source="OSVDB">101868</ref>
+      <ref url="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10609" source="CONFIRM" adv="1">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10609</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="junos">
+        <vers num="10.4"/>
+        <vers num="11.4"/>
+        <vers num="12.1r"/>
+        <vers num="12.1x44"/>
+        <vers num="12.1x45"/>
+        <vers num="12.1x46"/>
+        <vers num="12.2"/>
+        <vers num="12.3"/>
+        <vers num="13.1"/>
+        <vers num="13.2"/>
+        <vers num="13.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0617" published="2014-01-15" name="CVE-2014-0617" modified="2014-01-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before 11.4R9, and 12.1R before 12.1R7 on SRX Series service gateways allows remote attackers to cause a denial of service (flowd crash) via a crafted IP packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029583" source="SECTRACK">1029583</ref>
+      <ref url="http://www.securityfocus.com/bid/64764" source="BID">64764</ref>
+      <ref url="http://osvdb.org/101863" source="OSVDB">101863</ref>
+      <ref url="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10610" source="CONFIRM" adv="1">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10610</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="srx100">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx110">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx1400">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx210">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx220">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx240">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx3400">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx3600">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx550">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx5600">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx5800">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx650">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="junos">
+        <vers num="10.4r"/>
+        <vers num="10.4s"/>
+        <vers num="11.4"/>
+        <vers num="12.1r"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0618" published="2014-01-10" name="CVE-2014-0618" modified="2014-01-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R before 12.1R7, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D10 on SRX Series service gateways, when used as a UAC enforcer and captive portal is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted HTTP message.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10611" source="CONFIRM" adv="1">https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10611</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90238" source="XF">juniper-junos-srx-cve20140618-dos(90238)</ref>
+      <ref url="http://www.securitytracker.com/id/1029584" source="SECTRACK">1029584</ref>
+      <ref url="http://www.securityfocus.com/bid/64769" source="BID">64769</ref>
+      <ref url="http://osvdb.org/101864" source="OSVDB">101864</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="srx100">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx110">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx1400">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx210">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx220">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx240">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx3400">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx3600">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx550">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx5600">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx5800">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="srx650">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="juniper" name="junos">
+        <vers num="10.4"/>
+        <vers num="11.4"/>
+        <vers num="12.1r"/>
+        <vers num="12.1x44"/>
+        <vers num="12.1x45"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0620" published="2014-01-08" name="CVE-2014-0620" modified="2014-02-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.exploit-db.com/exploits/30668" source="EXPLOIT-DB">30668</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="technicolor" name="tc7200">
+        <vers num="std6.01.12"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0621" published="2014-01-08" name="CVE-2014-0621" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.exploit-db.com/exploits/30667" source="EXPLOIT-DB">30667</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="technicolor" name="tc7200">
+        <vers num="std6.01.12"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0622" published="2014-02-06" name="CVE-2014-0622" modified="2014-02-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="9.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.0" CVSS_base_score="9.0">
+    <desc>
+      <descript source="cve">The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-02/0007.html" source="BUGTRAQ">20140205 ESA-2014-005: EMC Documentum Foundation Services (DFS) Content Access Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="documentum_foundation_services">
+        <vers num="6.5"/>
+        <vers num="6.6"/>
+        <vers num="6.7"/>
+        <vers num="7.0"/>
+        <vers num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0623" published="2014-03-27" name="CVE-2014-0623" modified="2014-03-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" issue.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0146.html" source="BUGTRAQ">20140326 ESA-2014-015: RSA Authentication Manager Cross Frame Scripting Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="rsa" name="authentication_manager">
+        <vers num="7.1" edition="-"/>
+        <vers num="7.1" edition="sp4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0624" published="2014-03-06" name="CVE-2014-0624" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="2.7" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="5.1" CVSS_base_score="2.7">
+    <desc>
+      <descript source="cve">EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://seclists.org/bugtraq/2014/Mar/8" source="BUGTRAQ">20140228 ESA-2014-003: RSA Data Loss Prevention Improper Session Management Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="rsa_data_loss_prevention">
+        <vers num="9.0"/>
+        <vers num="9.5"/>
+        <vers num="9.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0625" published="2014-02-17" name="CVE-2014-0625" modified="2014-02-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" source="BUGTRAQ">20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="rsa_bsafe_ssl-j">
+        <vers num="5.0"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0626" published="2014-02-17" name="CVE-2014-0626" modified="2014-02-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" source="BUGTRAQ">20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="rsa_bsafe_ssl-j">
+        <vers num="5.0"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0627" published="2014-02-17" name="CVE-2014-0627" modified="2014-02-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html" source="BUGTRAQ">20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="rsa_bsafe_ssl-j">
+        <vers num="5.0"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0628" published="2014-03-25" name="CVE-2014-0628" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0130.html" source="BUGTRAQ">20140324 ESA-2014-011: RSA BSAFE Micro Edition Suite Server Crash Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="rsa_bsafe">
+        <vers num="4.0.0" edition=":~~micro_edition_suite~~~"/>
+        <vers num="4.0.1" edition=":~~micro_edition_suite~~~"/>
+        <vers num="4.0.2" edition=":~~micro_edition_suite~~~"/>
+        <vers num="4.0.3" edition=":~~micro_edition_suite~~~"/>
+        <vers num="4.0.4" edition=":~~micro_edition_suite~~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0629" published="2014-03-06" name="CVE-2014-0629" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:C/I:C/A:C)" CVSS_score="8.5" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="6.8" CVSS_base_score="8.5">
+    <desc>
+      <descript source="cve">EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://seclists.org/bugtraq/2014/Mar/33" source="BUGTRAQ">20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="documentum_taskspace">
+        <vers num="6.7" edition="sp1"/>
+        <vers num="6.7" edition="sp2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0630" published="2014-03-06" name="CVE-2014-0630" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://seclists.org/bugtraq/2014/Mar/33" source="BUGTRAQ">20140305 ESA-2014-012: EMC Documentum TaskSpace Multiple Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="documentum_taskspace">
+        <vers num="6.7" edition="sp1"/>
+        <vers num="6.7" edition="sp2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0632" published="2014-04-01" name="CVE-2014-0632" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="9.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.0" CVSS_base_score="9.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" source="BUGTRAQ">20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="vplex_geosynchrony">
+        <vers num="4.0"/>
+        <vers num="5.0"/>
+        <vers num="5.1"/>
+        <vers num="5.2"/>
+        <vers num="5.2.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0633" published="2014-04-01" name="CVE-2014-0633" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="7.7" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="5.1" CVSS_base_score="7.7">
+    <desc>
+      <descript source="cve">The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" source="BUGTRAQ">20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="vplex_geosynchrony">
+        <vers num="4.0"/>
+        <vers num="5.0"/>
+        <vers num="5.1"/>
+        <vers num="5.2"/>
+        <vers num="5.2.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0634" published="2014-04-01" name="CVE-2014-0634" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="6.0" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.8" CVSS_base_score="6.0">
+    <desc>
+      <descript source="cve">EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" source="BUGTRAQ">20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="vplex_geosynchrony">
+        <vers num="4.0"/>
+        <vers num="5.0"/>
+        <vers num="5.1"/>
+        <vers num="5.2"/>
+        <vers num="5.2.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0635" published="2014-04-01" name="CVE-2014-0635" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:C/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="8.5" CVSS_exploit_subscore="6.8" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html" source="BUGTRAQ">20140326 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="vplex_geosynchrony">
+        <vers num="4.0"/>
+        <vers num="5.0"/>
+        <vers num="5.1"/>
+        <vers num="5.2"/>
+        <vers num="5.2.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0636" published="2014-04-11" name="CVE-2014-0636" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0069.html" source="BUGTRAQ">20140411 ESA-2014-019: RSA BSAFE Micro Edition Suite Certificate Chain Processing Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="rsa_bsafe">
+        <vers num="3.2.0" edition=":~~micro_edition_suite~~~"/>
+        <vers num="3.2.1" edition=":~~micro_edition_suite~~~"/>
+        <vers num="3.2.2" edition=":~~micro_edition_suite~~~"/>
+        <vers num="3.2.3" edition=":~~micro_edition_suite~~~"/>
+        <vers num="3.2.4" edition=":~~micro_edition_suite~~~"/>
+        <vers num="3.2.5" edition=":~~micro_edition_suite~~~"/>
+        <vers num="4.0.0" edition=":~~micro_edition_suite~~~"/>
+        <vers num="4.0.1" edition=":~~micro_edition_suite~~~"/>
+        <vers num="4.0.2" edition=":~~micro_edition_suite~~~"/>
+        <vers num="4.0.3" edition=":~~micro_edition_suite~~~"/>
+        <vers num="4.0.4" edition=":~~micro_edition_suite~~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0637" published="2014-04-04" name="CVE-2014-0637" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0007.html" source="BUGTRAQ">20140401 ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="rsa_adaptive_authentication_on-premise">
+        <vers num="6.0"/>
+        <vers num="6.0.2.1" edition="sp1_patch2"/>
+        <vers num="6.0.2.1" edition="sp1_patch3"/>
+        <vers num="6.0.2.1" edition="sp2"/>
+        <vers num="6.0.2.1" edition="sp2_patch1"/>
+        <vers num="6.0.2.1" edition="sp3"/>
+        <vers num="6.0.2.1" edition="sp3_p3"/>
+        <vers num="7.0"/>
+        <vers num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0638" published="2014-04-04" name="CVE-2014-0638" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0007.html" source="BUGTRAQ">20140401 ESA-2014-020: RSA Adaptive Authentication (On-Premise) Multiple Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="rsa_adaptive_authentication_on-premise">
+        <vers num="6.0"/>
+        <vers num="6.0.2.1" edition="sp1_patch2"/>
+        <vers num="6.0.2.1" edition="sp1_patch3"/>
+        <vers num="6.0.2.1" edition="sp2"/>
+        <vers num="6.0.2.1" edition="sp2_patch1"/>
+        <vers num="6.0.2.1" edition="sp3"/>
+        <vers num="6.0.2.1" edition="sp3_p3"/>
+        <vers num="7.0"/>
+        <vers num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0642" published="2014-04-15" name="CVE-2014-0642" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_score="5.5" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.0" CVSS_base_score="5.5">
+    <desc>
+      <descript source="cve">EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://twitter.com/artika4biz/statuses/455358950116823040" source="MISC">http://twitter.com/artika4biz/statuses/455358950116823040</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0072.html" source="BUGTRAQ">20140411 ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="documentum_content_server">
+        <vers num="6.0"/>
+        <vers num="6.5" edition="sp1"/>
+        <vers num="6.5" edition="sp2"/>
+        <vers num="6.5" edition="sp3"/>
+        <vers num="6.6"/>
+        <vers prev="1" num="6.7" edition="-"/>
+        <vers prev="1" num="6.7" edition="sp1"/>
+        <vers prev="1" num="6.7" edition="sp2"/>
+        <vers num="7.0"/>
+        <vers num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0644" published="2014-04-16" name="CVE-2014-0644" modified="2014-04-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:N/A:N)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://gist.github.com/brandonprry/9895721" source="MISC">https://gist.github.com/brandonprry/9895721</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/426" source="FULLDISC">20140331 EMC CTA v10.0 unauthenticated XXE with root perms</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html" source="BUGTRAQ">20140416 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="cloud_tiering_appliance_software">
+        <vers num="10.0" edition="-"/>
+        <vers num="10.0" edition="sp1"/>
+      </prod>
+      <prod vendor="emc" name="cloud_tiering_appliance">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0645" published="2014-04-16" name="CVE-2014-0645" modified="2014-04-17" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:N/A:N)" CVSS_score="4.7" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.4" CVSS_base_score="4.7">
+    <desc>
+      <descript source="cve">EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://gist.github.com/brandonprry/9895721" source="MISC">https://gist.github.com/brandonprry/9895721</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/426" source="FULLDISC">20140331 EMC CTA v10.0 unauthenticated XXE with root perms</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0094.html" source="BUGTRAQ">20140416 ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="cloud_tiering_appliance_software">
+        <vers num="10.0" edition="-"/>
+        <vers num="10.0" edition="sp1"/>
+        <vers num="9.0"/>
+      </prod>
+      <prod vendor="emc" name="file_management_appliance_software">
+        <vers num="7.0"/>
+      </prod>
+      <prod vendor="emc" name="cloud_tiering_appliance">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="emc" name="file_management_appliance">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0646" published="2014-05-01" name="CVE-2014-0646" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0191.html" source="BUGTRAQ">20140430 ESA-2014-029: RSA Access Manager Sensitive Information Disclosure Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="rsa_access_manager">
+        <vers num="6.1" edition="sp3"/>
+        <vers num="6.1" edition="sp4"/>
+        <vers num="6.2" edition="-"/>
+        <vers num="6.2" edition="sp1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0647" published="2014-01-27" name="CVE-2014-0647" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://itunes.apple.com/us/app/starbucks/id331177714?mt=8" source="MISC">https://itunes.apple.com/us/app/starbucks/id331177714?mt=8</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90412" source="XF">starbucks-cve20140647-info-disclosure(90412)</ref>
+      <ref url="http://www.zdnet.com/the-starbucks-bug-not-as-awful-as-reported-7000025269/" source="MISC">http://www.zdnet.com/the-starbucks-bug-not-as-awful-as-reported-7000025269/</ref>
+      <ref url="http://www.zdnet.com/starbucks-fixes-ios-app-bugs-7000025323/" source="MISC">http://www.zdnet.com/starbucks-fixes-ios-app-bugs-7000025323/</ref>
+      <ref url="http://www.securityfocus.com/bid/64942" source="BID">64942</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/530756/100/0/threaded" source="BUGTRAQ">20140114 [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application</ref>
+      <ref url="http://www.osvdb.org/102514" source="OSVDB">102514</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Jan/64" source="FULLDISC">20140113 [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Jan/123" source="FULLDISC">20140117 Re: [CVE-2014-0647] Insecure Data Storage of User Data Elements in Starbucks v2.6.1 iOS mobile application</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="starbucks" name="starbucks">
+        <vers num="2.6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0648" published="2014-01-16" name="CVE-2014-0648" modified="2014-01-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90431" source="XF">cisco-acs-cve20140648-unauth-access(90431)</ref>
+      <ref url="http://www.securitytracker.com/id/1029634" source="SECTRACK">1029634</ref>
+      <ref url="http://www.securityfocus.com/bid/64962" source="BID">64962</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32379" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32379</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs" source="CISCO" adv="1">20140115 Multiple Vulnerabilities in Cisco Secure Access Control System</ref>
+      <ref url="http://secunia.com/advisories/56213" source="SECUNIA">56213</ref>
+      <ref url="http://osvdb.org/102117" source="OSVDB">102117</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="secure_access_control_system">
+        <vers num="5.1"/>
+        <vers num="5.1.0.44"/>
+        <vers num="5.1.0.44.1"/>
+        <vers num="5.1.0.44.2"/>
+        <vers num="5.1.0.44.3"/>
+        <vers num="5.1.0.44.4"/>
+        <vers num="5.1.0.44.5"/>
+        <vers num="5.2"/>
+        <vers num="5.2.0.26"/>
+        <vers num="5.2.0.26.1"/>
+        <vers num="5.2.0.26.2"/>
+        <vers num="5.3.0.40.1"/>
+        <vers num="5.3.0.40.2"/>
+        <vers num="5.3.0.40.3"/>
+        <vers num="5.3.0.40.4"/>
+        <vers num="5.3.0.40.5"/>
+        <vers num="5.3.0.40.6"/>
+        <vers num="5.3.0.40.7"/>
+        <vers num="5.3.0.40.8"/>
+        <vers num="5.3.0.40.9"/>
+        <vers num="5.4.0.46.1"/>
+        <vers num="5.4.0.46.2"/>
+        <vers num="5.4.0.46.3"/>
+        <vers num="5.4.0.46.4"/>
+        <vers num="5.4.0.46.5"/>
+        <vers prev="1" num="5.4.0.46.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0649" published="2014-01-16" name="CVE-2014-0649" modified="2014-01-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="9.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.0" CVSS_base_score="9.0">
+    <desc>
+      <descript source="cve">The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90430" source="XF">cisco-acs-cve20140649-priv-esc(90430)</ref>
+      <ref url="http://www.securitytracker.com/id/1029634" source="SECTRACK">1029634</ref>
+      <ref url="http://www.securityfocus.com/bid/64958" source="BID">64958</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32378" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32378</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs" source="CISCO" adv="1">20140115 Multiple Vulnerabilities in Cisco Secure Access Control System</ref>
+      <ref url="http://secunia.com/advisories/56213" source="SECUNIA">56213</ref>
+      <ref url="http://osvdb.org/102116" source="OSVDB">102116</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="secure_access_control_system">
+        <vers num="5.1"/>
+        <vers num="5.1.0.44"/>
+        <vers num="5.1.0.44.1"/>
+        <vers num="5.1.0.44.2"/>
+        <vers num="5.1.0.44.3"/>
+        <vers num="5.1.0.44.4"/>
+        <vers num="5.1.0.44.5"/>
+        <vers num="5.2"/>
+        <vers num="5.2.0.26"/>
+        <vers num="5.2.0.26.1"/>
+        <vers num="5.2.0.26.2"/>
+        <vers num="5.3.0.40.1"/>
+        <vers num="5.3.0.40.2"/>
+        <vers num="5.3.0.40.3"/>
+        <vers num="5.3.0.40.4"/>
+        <vers num="5.3.0.40.5"/>
+        <vers num="5.3.0.40.6"/>
+        <vers num="5.3.0.40.7"/>
+        <vers num="5.3.0.40.8"/>
+        <vers num="5.3.0.40.9"/>
+        <vers num="5.4.0.46.1"/>
+        <vers num="5.4.0.46.2"/>
+        <vers num="5.4.0.46.3"/>
+        <vers num="5.4.0.46.4"/>
+        <vers num="5.4.0.46.5"/>
+        <vers prev="1" num="5.4.0.46.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0650" published="2014-01-16" name="CVE-2014-0650" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90432" source="XF">cisco-acs-cve20140650-command-exec(90432)</ref>
+      <ref url="http://www.securitytracker.com/id/1029634" source="SECTRACK">1029634</ref>
+      <ref url="http://www.securityfocus.com/bid/64964" source="BID">64964</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32380" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32380</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs" source="CISCO" adv="1">20140115 Multiple Vulnerabilities in Cisco Secure Access Control System</ref>
+      <ref url="http://secunia.com/advisories/56213" source="SECUNIA">56213</ref>
+      <ref url="http://osvdb.org/102115" source="OSVDB">102115</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="secure_access_control_system">
+        <vers num="5.1"/>
+        <vers num="5.1.0.44"/>
+        <vers num="5.1.0.44.1"/>
+        <vers num="5.1.0.44.2"/>
+        <vers num="5.1.0.44.3"/>
+        <vers num="5.1.0.44.4"/>
+        <vers num="5.1.0.44.5"/>
+        <vers num="5.2"/>
+        <vers num="5.2.0.26"/>
+        <vers num="5.2.0.26.1"/>
+        <vers num="5.2.0.26.2"/>
+        <vers num="5.3.0.40.1"/>
+        <vers num="5.3.0.40.2"/>
+        <vers num="5.3.0.40.3"/>
+        <vers num="5.3.0.40.4"/>
+        <vers num="5.3.0.40.5"/>
+        <vers num="5.3.0.40.6"/>
+        <vers num="5.3.0.40.7"/>
+        <vers num="5.3.0.40.8"/>
+        <vers num="5.3.0.40.9"/>
+        <vers num="5.4.0.46.1"/>
+        <vers prev="1" num="5.4.0.46.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0651" published="2014-01-08" name="CVE-2014-0651" modified="2014-01-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:N)" CVSS_score="4.9" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="6.8" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90166" source="XF">cisco-cda-cve20140651-priv-esc(90166)</ref>
+      <ref url="http://www.securitytracker.com/id/1029573" source="SECTRACK">1029573</ref>
+      <ref url="http://www.securityfocus.com/bid/64706" source="BID">64706</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32364" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32364</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0651" source="CISCO" adv="1">20140107 Cisco Context Directory Agent Privilege Escalation Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56365" source="SECUNIA">56365</ref>
+      <ref url="http://osvdb.org/101809" source="OSVDB">101809</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="context_directory_agent">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0652" published="2014-01-08" name="CVE-2014-0652" modified="2014-01-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco Context Directory Agent (CDA) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuj45358.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90167" source="XF">cisco-cda-cve20140652-xss(90167)</ref>
+      <ref url="http://www.securitytracker.com/id/1029572" source="SECTRACK">1029572</ref>
+      <ref url="http://www.securityfocus.com/bid/64703" source="BID">64703</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32365" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32365</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0652" source="CISCO" adv="1">20140107 Cisco Context Directory Agent Mappings Page Cross-Site Scripting Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56365" source="SECUNIA">56365</ref>
+      <ref url="http://osvdb.org/101803" source="OSVDB">101803</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="context_directory_agent">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0653" published="2014-01-08" name="CVE-2014-0653" modified="2014-01-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to trigger authentication-state modifications via a crafted NetBIOS logout probe response, aka Bug ID CSCuj45340.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90165" source="XF">cisco-asa-cve20140653-sec-bypass(90165)</ref>
+      <ref url="http://www.securitytracker.com/id/1029570" source="SECTRACK">1029570</ref>
+      <ref url="http://www.securityfocus.com/bid/64708" source="BID">64708</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32363" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32363</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0653" source="CISCO" adv="1">20140107 Cisco Adaptive Security Appliance Identity Firewall NetBIOS Logout Probe Auth State Change Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56366" source="SECUNIA">56366</ref>
+      <ref url="http://osvdb.org/101834" source="OSVDB">101834</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="adaptive_security_appliance">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0654" published="2014-01-08" name="CVE-2014-0654" modified="2014-01-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cisco Context Directory Agent (CDA) allows remote attackers to modify the cache via a replay attack involving crafted RADIUS accounting messages, aka Bug ID CSCuj45383.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90168" source="XF">cisco-cda-cve20140654-sec-bypass(90168)</ref>
+      <ref url="http://www.securitytracker.com/id/1029574" source="SECTRACK">1029574</ref>
+      <ref url="http://www.securityfocus.com/bid/64709" source="BID">64709</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32366" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32366</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0654" source="CISCO" adv="1">20140107 Cisco Context Directory Agent Replayed RADIUS Accounting Message Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56365" source="SECUNIA">56365</ref>
+      <ref url="http://osvdb.org/101802" source="OSVDB">101802</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="context_directory_agent">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0655" published="2014-01-08" name="CVE-2014-0655" modified="2014-01-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The Identity Firewall (IDFW) functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to change the user-cache contents via a replay attack involving crafted RADIUS Change of Authorization (CoA) messages, aka Bug ID CSCuj45332.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90164" source="XF">cisco-asa-cve20140655-sec-bypass(90164)</ref>
+      <ref url="http://www.securitytracker.com/id/1029575" source="SECTRACK">1029575</ref>
+      <ref url="http://www.securityfocus.com/bid/64700" source="BID">64700</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32362" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32362</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0655" source="CISCO" adv="1">20140107 Cisco Adaptive Security Appliance RADIUS Change of Authorization Message Replay Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56366" source="SECUNIA">56366</ref>
+      <ref url="http://osvdb.org/101838" source="OSVDB">101838</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="adaptive_security_appliance">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0656" published="2014-01-08" name="CVE-2014-0656" modified="2014-01-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Cisco Context Directory Agent (CDA) allows remote authenticated users to trigger the omission of certain user-interface data via crafted field values, aka Bug ID CSCuj45353.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90169" source="XF">cisco-cda-cve20140656-sec-bypass(90169)</ref>
+      <ref url="http://www.securitytracker.com/id/1029569" source="SECTRACK">1029569</ref>
+      <ref url="http://www.securityfocus.com/bid/64701" source="BID">64701</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0656" source="CISCO" adv="1">20140107 Cisco Context Directory Agent Hidden Input Vulnerability</ref>
+      <ref url="http://osvdb.org/101801" source="OSVDB">101801</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="context_directory_agent">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0657" published="2014-01-08" name="CVE-2014-0657" modified="2014-01-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90120" source="XF">cisco-ucm-cve20140657-sec-bypass(90120)</ref>
+      <ref url="http://www.securitytracker.com/id/1029571" source="SECTRACK">1029571</ref>
+      <ref url="http://www.securityfocus.com/bid/64690" source="BID">64690</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32341" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32341</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657" source="CISCO" adv="1">20140107 Cisco Unified Communications Manager Role Bypass Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56368" source="SECUNIA">56368</ref>
+      <ref url="http://osvdb.org/101800" source="OSVDB">101800</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="3.3(5)"/>
+        <vers num="3.3(5)sr1"/>
+        <vers num="3.3(5)sr2a"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(3)sr1"/>
+        <vers num="4.1(3)sr2"/>
+        <vers num="4.1(3)sr3"/>
+        <vers num="4.1(3)sr4"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.3sr1"/>
+        <vers num="4.2.3sr2"/>
+        <vers num="4.2.3sr2b"/>
+        <vers num="4.3"/>
+        <vers num="4.3(1)"/>
+        <vers num="5.0"/>
+        <vers num="5.1"/>
+        <vers num="5.1(1)"/>
+        <vers num="5.1(1b)"/>
+        <vers num="5.1(1c)"/>
+        <vers num="5.1(2)"/>
+        <vers num="5.1(2a)"/>
+        <vers num="5.1(2b)"/>
+        <vers num="5.1(3)"/>
+        <vers num="5.1(3a)"/>
+        <vers num="5.1(3c)"/>
+        <vers num="5.1(3d)"/>
+        <vers num="5.1(3e)"/>
+        <vers num="5.1.2"/>
+        <vers num="6.0"/>
+        <vers num="6.0(1)"/>
+        <vers num="6.0(1a)"/>
+        <vers num="6.0(1b)"/>
+        <vers num="6.1(1)"/>
+        <vers num="6.1(1a)"/>
+        <vers num="6.1(1b)"/>
+        <vers num="6.1(2)"/>
+        <vers num="6.1(2)su1"/>
+        <vers num="6.1(2)su1a"/>
+        <vers num="6.1(3)"/>
+        <vers num="6.1(3a)"/>
+        <vers num="6.1(3b)"/>
+        <vers num="6.1(3b)su1"/>
+        <vers num="6.1(4)"/>
+        <vers num="6.1(4)su1"/>
+        <vers num="6.1(4a)"/>
+        <vers num="6.1(4a)su2"/>
+        <vers num="6.1(5)"/>
+        <vers num="6.1(5)su1"/>
+        <vers num="6.1(5)su2"/>
+        <vers num="6.1(5)su3"/>
+        <vers num="7.0(1)su1"/>
+        <vers num="7.0(1)su1a"/>
+        <vers num="7.0(2)"/>
+        <vers num="7.0(2a)"/>
+        <vers num="7.0(2a)su1"/>
+        <vers num="7.0(2a)su2"/>
+        <vers num="7.1(2a)"/>
+        <vers num="7.1(2a)su1"/>
+        <vers num="7.1(2b)"/>
+        <vers num="7.1(2b)su1"/>
+        <vers num="7.1(3)"/>
+        <vers num="7.1(3a)"/>
+        <vers num="7.1(3a)su1"/>
+        <vers num="7.1(3a)su1a"/>
+        <vers num="7.1(3b)"/>
+        <vers num="7.1(3b)su1"/>
+        <vers num="7.1(3b)su2"/>
+        <vers num="7.1(5)"/>
+        <vers num="7.1(5)su1"/>
+        <vers num="7.1(5)su1a"/>
+        <vers num="7.1(5a)"/>
+        <vers num="7.1(5b)"/>
+        <vers num="7.1(5b)su1"/>
+        <vers num="7.1(5b)su1a"/>
+        <vers num="7.1(5b)su2"/>
+        <vers num="7.1(5b)su3"/>
+        <vers num="7.1(5b)su4"/>
+        <vers num="7.1(5b)su5"/>
+        <vers num="7.1(5b)su6"/>
+        <vers num="8.0"/>
+        <vers num="8.0(1)"/>
+        <vers num="8.0(2)"/>
+        <vers num="8.0(2a)"/>
+        <vers num="8.0(2b)"/>
+        <vers num="8.0(2c)"/>
+        <vers num="8.0(2c)su1"/>
+        <vers num="8.0(3)"/>
+        <vers num="8.0(3a)"/>
+        <vers num="8.0(3a)su1"/>
+        <vers num="8.0(3a)su2"/>
+        <vers num="8.0(3a)su3"/>
+        <vers num="8.5"/>
+        <vers num="8.5(1)"/>
+        <vers num="8.5(1)su1"/>
+        <vers num="8.5(1)su2"/>
+        <vers num="8.5(1)su3"/>
+        <vers num="8.5(1)su4"/>
+        <vers num="8.5(1)su5"/>
+        <vers num="8.6"/>
+        <vers num="8.6(1)"/>
+        <vers num="8.6(1a)"/>
+        <vers num="8.6(2)"/>
+        <vers num="8.6(2a)"/>
+        <vers num="8.6(2a)su1"/>
+        <vers num="8.6(2a)su2"/>
+        <vers num="8.6(2a)su3"/>
+        <vers num="8.6(3)"/>
+        <vers num="8.6(4)"/>
+        <vers num="9.0(1)"/>
+        <vers prev="1" num="9.1(1)"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0658" published="2014-01-10" name="CVE-2014-0658" modified="2014-01-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:N/A:C)" CVSS_score="5.4" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="4.9" CVSS_base_score="5.4">
+    <desc>
+      <descript source="cve">Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90236" source="XF">cisco-unified-cve20140658-dos(90236)</ref>
+      <ref url="http://www.securitytracker.com/id/1029596" source="SECTRACK">1029596</ref>
+      <ref url="http://www.securityfocus.com/bid/64770" source="BID">64770</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32402" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32402</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0658" source="CISCO" adv="1">20140110 Cisco 9900 Series IP Phone Crafted Header Unregister Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56384" source="SECUNIA">56384</ref>
+      <ref url="http://osvdb.org/101913" source="OSVDB">101913</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_ip_phone_9951">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="unified_ip_phone_9971">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="unified_ip_phones_9900_series_firmware">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0659" published="2014-01-12" name="CVE-2014-0659" modified="2014-01-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/elvanderb/TCP-32764" source="MISC">https://github.com/elvanderb/TCP-32764</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90233" source="XF">cisco-small-cve20140659-priv-esc(90233)</ref>
+      <ref url="http://www.securitytracker.com/id/1029580" source="SECTRACK">1029580</ref>
+      <ref url="http://www.securitytracker.com/id/1029579" source="SECTRACK">1029579</ref>
+      <ref url="http://www.securityfocus.com/bid/64776" source="BID">64776</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32381" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32381</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd" source="CISCO" adv="1">20140110 Undocumented Test Interface in Cisco Small Business Devices</ref>
+      <ref url="http://secunia.com/advisories/56292" source="SECUNIA">56292</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="rvs4000">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="wap4410n">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="wrvs4400n">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="rvs4000_firmware">
+        <vers num="1.3.2.0"/>
+        <vers num="1.3.3.5"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.2.7"/>
+        <vers prev="1" num="2.0.3.2"/>
+      </prod>
+      <prod vendor="cisco" name="wap4410n_firmware">
+        <vers num="2.0.2.1"/>
+        <vers num="2.0.3.3"/>
+        <vers num="2.0.4.2"/>
+        <vers prev="1" num="2.0.6.1"/>
+      </prod>
+      <prod vendor="cisco" name="wrvs4400n_firmware">
+        <vers num="1.1.03"/>
+        <vers num="1.1.13"/>
+        <vers num="2.0.1.3"/>
+        <vers num="2.0.2.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0660" published="2014-01-22" name="CVE-2014-0660" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows remote attackers to cause a denial of service (D-channel call outage) via a crafted Q.931 STATUS message, aka Bug ID CSCui50360.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90622" source="XF">cisco-isdn-cve20140660-dos(90622)</ref>
+      <ref url="http://www.securitytracker.com/id/1029657" source="SECTRACK">1029657</ref>
+      <ref url="http://www.securityfocus.com/bid/65072" source="BID">65072</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32460" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32460</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-isdngw" source="CISCO" adv="1">20140122 Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56591" source="SECUNIA">56591</ref>
+      <ref url="http://osvdb.org/102361" source="OSVDB">102361</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_isdn_gateway_software">
+        <vers num="2.1(1.43)"/>
+        <vers num="2.1(1.49)"/>
+        <vers num="2.1(1.56)"/>
+        <vers prev="1" num="2.1(1.79)"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0661" published="2014-01-22" name="CVE-2014-0661" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="8.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="6.5" CVSS_base_score="8.3">
+    <desc>
+      <descript source="cve">The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90624" source="XF">cisco-telepresence-cve20140661-command-exec(90624)</ref>
+      <ref url="http://www.securitytracker.com/id/1029656" source="SECTRACK">1029656</ref>
+      <ref url="http://www.securityfocus.com/bid/65071" source="BID">65071</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts" source="CISCO" adv="1">20140122 Cisco TelePresence System Software Command Execution Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56533" source="SECUNIA">56533</ref>
+      <ref url="http://osvdb.org/102362" source="OSVDB">102362</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_system_software">
+        <vers num="1.10.0"/>
+        <vers num="1.10.0(259)"/>
+        <vers num="1.10.1"/>
+        <vers prev="1" num="1.10.1(43)"/>
+        <vers num="1.5.10(3648)"/>
+        <vers num="1.7.5(42)"/>
+        <vers num="1.7.6(4)"/>
+        <vers num="1.8.0(55)"/>
+        <vers num="1.8.1(34)"/>
+        <vers num="1.8.2(11)"/>
+        <vers num="1.8.3(4)"/>
+        <vers num="1.8.4(13)"/>
+        <vers num="1.8.5(4)"/>
+        <vers num="1.9.0(46)"/>
+        <vers num="1.9.1(68)"/>
+        <vers num="1.9.2(19)"/>
+        <vers num="1.9.3(44)"/>
+        <vers num="1.9.4(19)"/>
+        <vers num="1.9.5(7)"/>
+        <vers num="1.9.6(2)"/>
+        <vers num="1.9.6.1(3)"/>
+        <vers num="6.0.0.1(4)"/>
+        <vers num="6.0.1(50)"/>
+        <vers num="6.0.2(28)"/>
+        <vers prev="1" num="6.0.3(33)"/>
+        <vers num="6.1.0(90)"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1000">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1100">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1300-65">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_3000">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_3010">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_3200">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_3210">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_500-32">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_500-37">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_tx1300_47">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_tx1310_65">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_tx9000">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_tx9200">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0662" published="2014-01-22" name="CVE-2014-0662" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90621" source="XF">cisco-vcs-cve20140662-dos(90621)</ref>
+      <ref url="http://www.securitytracker.com/id/1029655" source="SECTRACK">1029655</ref>
+      <ref url="http://www.securityfocus.com/bid/65076" source="BID">65076</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409" source="CONFIRM">http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=32409</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs" source="CISCO" adv="1">20140122 Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56592" source="SECUNIA">56592</ref>
+      <ref url="http://osvdb.org/102363" source="OSVDB">102363</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_video_communication_servers_software">
+        <vers num="x6"/>
+        <vers num="x6.1"/>
+        <vers num="x7.0"/>
+        <vers num="x7.0.1"/>
+        <vers num="x7.0.2"/>
+        <vers num="x7.0.3"/>
+        <vers num="x7.1"/>
+        <vers num="x7.2"/>
+        <vers num="x7.2.1"/>
+        <vers prev="1" num="x7.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0663" published="2014-01-10" name="CVE-2014-0663" modified="2014-01-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90232" source="XF">cisco-acs-cve20140663-xss(90232)</ref>
+      <ref url="http://www.securitytracker.com/id/1029595" source="SECTRACK">1029595</ref>
+      <ref url="http://www.securityfocus.com/bid/64773" source="BID">64773</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32403" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32403</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0663" source="CISCO" adv="1">20140110 Cisco Secure Access Control System Cross-Site Scripting Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56382" source="SECUNIA">56382</ref>
+      <ref url="http://osvdb.org/101914" source="OSVDB">101914</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="secure_access_control_system">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0664" published="2014-01-10" name="CVE-2014-0664" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:C)" CVSS_score="6.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.0" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90234" source="XF">cisco-unity-cve20140664-dos(90234)</ref>
+      <ref url="http://www.securitytracker.com/id/1029593" source="SECTRACK">1029593</ref>
+      <ref url="http://www.securityfocus.com/bid/64772" source="BID">64772</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0664" source="CISCO" adv="1">20140110 Cisco Unity Connection Internet Message Access Protocol Denial of Service Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56370" source="SECUNIA">56370</ref>
+      <ref url="http://osvdb.org/101915" source="OSVDB">101915</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unity_connection">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0665" published="2014-01-15" name="CVE-2014-0665" modified="2014-01-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90463" source="XF">cisco-ise-cve2040665-unsuth-access(90463)</ref>
+      <ref url="http://www.securitytracker.com/id/1029624" source="SECTRACK">1029624</ref>
+      <ref url="http://www.securityfocus.com/bid/64939" source="BID">64939</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32448" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32448</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665" source="CISCO" adv="1">20140115 Cisco ISE Unprivileged Support Bundle Download Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56439" source="SECUNIA">56439</ref>
+      <ref url="http://osvdb.org/102118" source="OSVDB">102118</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="identity_services_engine_software">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0666" published="2014-01-16" name="CVE-2014-0666" modified="2014-01-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90435" source="XF">cisco-jabber-cve20140666-code-exec(90435)</ref>
+      <ref url="http://www.securitytracker.com/id/1029635" source="SECTRACK">1029635</ref>
+      <ref url="http://www.securityfocus.com/bid/64965" source="BID">64965</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32451" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32451</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0666" source="CISCO" adv="1">20140115 Cisco Jabber for Windows Remote Code Execution Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56331" source="SECUNIA">56331</ref>
+      <ref url="http://osvdb.org/102122" source="OSVDB">102122</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="jabber">
+        <vers num="9.0" edition="-:~-~-~windows~~"/>
+        <vers num="9.0(.0)" edition="-:~-~-~windows~~"/>
+        <vers num="9.0(.1)" edition="-:~-~-~windows~~"/>
+        <vers num="9.0(.2)" edition="-:~-~-~windows~~"/>
+        <vers num="9.0(.3)" edition="-:~-~-~windows~~"/>
+        <vers num="9.0(.4)" edition="-:~-~-~windows~~"/>
+        <vers num="9.0(.5)" edition="-:~-~-~windows~~"/>
+        <vers num="9.1" edition="-:~-~-~windows~~"/>
+        <vers num="9.1(.0)" edition="-:~-~-~windows~~"/>
+        <vers num="9.1(.1)" edition="-:~-~-~windows~~"/>
+        <vers num="9.1(.2)" edition="-:~-~-~windows~~"/>
+        <vers num="9.1(.3)" edition="-:~-~-~windows~~"/>
+        <vers num="9.1(.4)" edition="-:~-~-~windows~~"/>
+        <vers num="9.1(.5)" edition="-:~-~-~windows~~"/>
+        <vers num="9.2" edition="-:~-~-~windows~~"/>
+        <vers num="9.2(.0)" edition="-:~-~-~windows~~"/>
+        <vers prev="1" num="9.2(.1)" edition="-:~-~-~windows~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0667" published="2014-01-16" name="CVE-2014-0667" modified="2014-01-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:C/I:N/A:N)" CVSS_score="6.3" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.8" CVSS_base_score="6.3">
+    <desc>
+      <descript source="cve">The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90497" source="XF">cisco-acs-cve20140667-info-disc(90497)</ref>
+      <ref url="http://www.securitytracker.com/id/1029641" source="SECTRACK">1029641</ref>
+      <ref url="http://www.securityfocus.com/bid/64983" source="BID">64983</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32468" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32468</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0667" source="CISCO" adv="1">20140116 Cisco Secure ACS RMI Arbitrary File Read Vulnerability</ref>
+      <ref url="http://osvdb.org/102168" source="OSVDB">102168</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="secure_access_control_system">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0668" published="2014-01-19" name="CVE-2014-0668" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90561" source="XF">cisco-acs-cve20140668-xss(90561)</ref>
+      <ref url="http://www.securitytracker.com/id/1029654" source="SECTRACK">1029654</ref>
+      <ref url="http://www.securityfocus.com/bid/65016" source="BID">65016</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32489" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32489</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0668" source="CISCO" adv="1">20140117 Cisco Secure ACS Portal Cross-Site Scripting Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56543" source="SECUNIA">56543</ref>
+      <ref url="http://osvdb.org/102256" source="OSVDB">102256</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="secure_access_control_system">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0669" published="2014-01-22" name="CVE-2014-0669" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Wireless Session Protocol (WSP) feature in the Gateway GPRS Support Node (GGSN) component on Cisco ASR 5000 series devices allows remote attackers to bypass intended Top-Up payment restrictions via unspecified WSP packets, aka Bug ID CSCuh28371.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90614" source="XF">cisco-ggsn-cve20140669-sec-bypass(90614)</ref>
+      <ref url="http://www.securitytracker.com/id/1029666" source="SECTRACK">1029666</ref>
+      <ref url="http://www.securityfocus.com/bid/65052" source="BID">65052</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32513" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32513</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0669" source="CISCO" adv="1">20140121 Cisco ASR 5000 Series Gateway GPRS Support Node Traffic Bypass Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56546" source="SECUNIA">56546</ref>
+      <ref url="http://osvdb.org/102318" source="OSVDB">102318</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="asr_5000_series_software">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0670" published="2014-01-22" name="CVE-2014-0670" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Search and Play interface in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum16686.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90615" source="XF">cisco-mediasense-cve20140670-xss(90615)</ref>
+      <ref url="http://www.securitytracker.com/id/1029667" source="SECTRACK">1029667</ref>
+      <ref url="http://www.securityfocus.com/bid/65053" source="BID">65053</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32514" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32514</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0670" source="CISCO" adv="1">20140121 Cisco MediaSense Search and Play Cross-Site Scripting Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56563" source="SECUNIA">56563</ref>
+      <ref url="http://osvdb.org/102319" source="OSVDB">102319</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="mediasense">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0671" published="2014-01-22" name="CVE-2014-0671" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Open redirect vulnerability in Cisco MediaSense allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCum16749.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90617" source="XF">cisco-mediasense-cve20140671-open-redirect(90617)</ref>
+      <ref url="http://www.securitytracker.com/id/1029669" source="SECTRACK">1029669</ref>
+      <ref url="http://www.securityfocus.com/bid/65055" source="BID">65055</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32517" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32517</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0671" source="CISCO" adv="1">20140121 Cisco MediaSense Open Redirection Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56544" source="SECUNIA">56544</ref>
+      <ref url="http://osvdb.org/102341" source="OSVDB">102341</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="mediasense">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0672" published="2014-01-22" name="CVE-2014-0672" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90616" source="XF">cisco-mediasense-cve20140672-info-disc(90616)</ref>
+      <ref url="http://www.securitytracker.com/id/1029668" source="SECTRACK">1029668</ref>
+      <ref url="http://www.securityfocus.com/bid/65054" source="BID">65054</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32516" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32516</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0672" source="CISCO" adv="1">20140121 Cisco MediaSense Search and Play Authorization Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56600" source="SECUNIA">56600</ref>
+      <ref url="http://osvdb.org/102342" source="OSVDB">102342</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="mediasense">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0673" published="2014-01-25" name="CVE-2014-0673" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90733" source="XF">cisco-video-cve20140673-xss(90733)</ref>
+      <ref url="http://www.securitytracker.com/id/1029689" source="SECTRACK">1029689</ref>
+      <ref url="http://www.securityfocus.com/bid/65145" source="BID">65145</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32568" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32568</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0673" source="CISCO" adv="1">20140124 Cisco Video Surveillance 5000 Series HD IP Dome Camera Multiple Cross-Site Scripting Vulnerabilities</ref>
+      <ref url="http://secunia.com/advisories/56552" source="SECUNIA">56552</ref>
+      <ref url="http://osvdb.org/102557" source="OSVDB">102557</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="video_surveillance_indoor_fixed_dome_ip_hd_camera">
+        <vers num="5010"/>
+        <vers num="5011"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0674" published="2014-01-23" name="CVE-2014-0674" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cisco Video Surveillance Operations Manager (VSOM) does not require authentication for MySQL database connections, which allows remote attackers to obtain sensitive information, modify data, or cause a denial of service by leveraging network connectivity from a client system with a crafted host name, aka Bug ID CSCud10992.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90651" source="XF">cisco-vsom-cve20140674-unauth-access(90651)</ref>
+      <ref url="http://www.securitytracker.com/id/1029692" source="SECTRACK">1029692</ref>
+      <ref url="http://www.securityfocus.com/bid/65111" source="BID">65111</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0674" source="CISCO" adv="1">20140123 Cisco Video Surveillance Operations Manager MySQL Database Insufficient Authentication Controls</ref>
+      <ref url="http://secunia.com/advisories/56619" source="SECUNIA">56619</ref>
+      <ref url="http://osvdb.org/102409" source="OSVDB">102409</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="video_surveillance_operations_manager">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0675" published="2014-01-22" name="CVE-2014-0675" modified="2014-01-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90650" source="XF">cisco-telepresence-cve20140675-mitm(90650)</ref>
+      <ref url="http://www.securitytracker.com/id/1029682" source="SECTRACK">1029682</ref>
+      <ref url="http://www.securityfocus.com/bid/65101" source="BID">65101</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32540" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32540</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675" source="CISCO" adv="1">20140122 Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56621" source="SECUNIA">56621</ref>
+      <ref url="http://osvdb.org/102377" source="OSVDB">102377</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_video_communication_server">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0676" published="2014-01-22" name="CVE-2014-0676" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="6.8" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.1" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90627" source="XF">cisco-nxos-cve20140676-priv-esc(90627)</ref>
+      <ref url="http://www.securitytracker.com/id/1029690" source="SECTRACK">1029690</ref>
+      <ref url="http://www.securityfocus.com/bid/65083" source="BID">65083</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32531" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32531</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676" source="CISCO" adv="1">20140122 Cisco NX-OS Software TACACS+ Command Authorization Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56597" source="SECUNIA">56597</ref>
+      <ref url="http://osvdb.org/102366" source="OSVDB">102366</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="nx-os">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0677" published="2014-01-22" name="CVE-2014-0677" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90623" source="XF">cisco-nxos-cve20140677-dos(90623)</ref>
+      <ref url="http://www.securitytracker.com/id/1029691" source="SECTRACK">1029691</ref>
+      <ref url="http://www.securityfocus.com/bid/65074" source="BID">65074</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32532" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32532</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0677" source="CISCO" adv="1">20140122 Cisco NX-OS Software Label Distribution Protocol Message Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56611" source="SECUNIA">56611</ref>
+      <ref url="http://osvdb.org/102368" source="OSVDB">102368</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="nx-os">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0678" published="2014-01-25" name="CVE-2014-0678" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_score="5.5" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.0" CVSS_base_score="5.5">
+    <desc>
+      <descript source="cve">The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90732" source="XF">cisco-acs-cve20140678-unauth-access(90732)</ref>
+      <ref url="http://www.securitytracker.com/id/1029688" source="SECTRACK">1029688</ref>
+      <ref url="http://www.securityfocus.com/bid/65144" source="BID">65144</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32567" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32567</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0678" source="CISCO" adv="1">20140124 Cisco Secure ACS Portal Session Management Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56540" source="SECUNIA">56540</ref>
+      <ref url="http://osvdb.org/102558" source="OSVDB">102558</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="secure_access_control_system">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0679" published="2014-02-27" name="CVE-2014-0679" modified="2014-02-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="9.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.0" CVSS_base_score="9.0">
+    <desc>
+      <descript source="cve">Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi" source="CISCO" adv="1">20140226 Cisco Prime Infrastructure Command Execution Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="prime_infrastructure">
+        <vers num="1.2.0"/>
+        <vers num="1.2.1"/>
+        <vers num="1.3.0"/>
+        <vers num="1.4.0"/>
+        <vers num="1.4.1"/>
+        <vers num="2.0.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0680" published="2014-01-29" name="CVE-2014-0680" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32617" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32617</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0680" source="CISCO" adv="1">20140128 Cisco Identity Services Engine HTTP Control Interface for NAC Web Agent Cross-Site Scripting Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56672" source="SECUNIA">56672</ref>
+      <ref url="http://osvdb.org/102588" source="OSVDB">102588</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="identity_services_engine">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0681" published="2014-01-29" name="CVE-2014-0681" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/65183" source="BID">65183</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32609" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32609</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681" source="CISCO" adv="1">20140128 Cisco Identity Services Engine Reports Output Cross-Site Scripting Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56714" source="SECUNIA">56714</ref>
+      <ref url="http://osvdb.org/102589" source="OSVDB">102589</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="identity_services_engine_software">
+        <vers prev="1" num="1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0682" published="2014-01-29" name="CVE-2014-0682" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:N/A:P)" CVSS_score="4.9" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="6.8" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID CSCuj42346.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/65198" source="BID">65198</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0682" source="CISCO" adv="1">20140128 Cisco WebEx Meetings Server Unauthorized Meeting Actions Vulnerability</ref>
+      <ref url="http://osvdb.org/102590" source="OSVDB">102590</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="webex_meetings_server">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0683" published="2014-03-06" name="CVE-2014-0683" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd" source="CISCO" patch="1" adv="1">20140305 Cisco Small Business Router Password Disclosure Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="cvr100w">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="rv110w">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="rv215w">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="cvr100w_firmware">
+        <vers prev="1" num="1.0.1.19"/>
+      </prod>
+      <prod vendor="cisco" name="rv110w_firmware">
+        <vers prev="1" num="1.2.0.9"/>
+      </prod>
+      <prod vendor="cisco" name="rv215w_firmware">
+        <vers prev="1" num="1.1.0.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0686" published="2014-02-04" name="CVE-2014-0686" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:H/Au:S/C:C/I:C/A:C)" CVSS_score="6.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="1.5" CVSS_base_score="6.0">
+    <desc>
+      <descript source="cve">Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32683" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32683</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686" source="CISCO" adv="1">20140131 Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="9.1(1)"/>
+        <vers num="9.1(2)"/>
+        <vers prev="1" num="9.1(2.10000.28)"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0694" published="2014-03-14" name="CVE-2014-0694" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33336" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=33336</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0694" source="CISCO">20140312 Cisco Intelligent Automation for Cloud Cryptographic Implementation Issues</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="cloud_portal">
+        <vers num="9.1" edition="sp1"/>
+        <vers num="9.1" edition="sp2"/>
+        <vers num="9.1" edition="sp3"/>
+        <vers num="9.3"/>
+        <vers num="9.3.1"/>
+        <vers num="9.3.2"/>
+        <vers num="9.4"/>
+        <vers prev="1" num="9.4.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0701" published="2014-03-06" name="CVE-2014-0701" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reboot) by sending WebAuth login requests at a high rate, aka Bug ID CSCuf52361.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" source="CISCO" adv="1">20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="wireless_lan_controller_software">
+        <vers num="7.0"/>
+        <vers num="7.0.220.0"/>
+        <vers num="7.0.235.0"/>
+        <vers num="7.2"/>
+        <vers num="7.2.103.0"/>
+        <vers num="7.2.110.0"/>
+        <vers num="7.3"/>
+        <vers num="7.3.101.0"/>
+        <vers num="7.4.100.0"/>
+        <vers num="7.4.100.60"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0703" published="2014-03-06" name="CVE-2014-0703" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to an Aironet access point on which this server had been disabled ineffectively, aka Bug ID CSCuf66202.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" source="CISCO" adv="1">20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="wireless_lan_controller">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="wireless_lan_controller_software">
+        <vers num="7.4.100.0"/>
+        <vers num="7.4.100.60"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0704" published="2014-03-06" name="CVE-2014-0704" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a denial of service (memory over-read and device restart) via a crafted field in an IGMPv3 message, aka Bug ID CSCuh33240.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" source="CISCO" adv="1">20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="wireless_lan_controller">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="wireless_lan_controller_software">
+        <vers num="4.0"/>
+        <vers num="4.0.108"/>
+        <vers num="4.0.155.0"/>
+        <vers num="4.0.155.5"/>
+        <vers num="4.0.179.11"/>
+        <vers num="4.0.179.8"/>
+        <vers num="4.0.196"/>
+        <vers num="4.0.206.0"/>
+        <vers num="4.0.217.0"/>
+        <vers num="4.0.219.0"/>
+        <vers num="4.1"/>
+        <vers num="4.1.171.0"/>
+        <vers num="4.1.181.0"/>
+        <vers num="4.1.185.0"/>
+        <vers num="4.1m"/>
+        <vers num="4.2"/>
+        <vers num="4.2.112.0"/>
+        <vers num="4.2.117.0"/>
+        <vers num="4.2.130.0"/>
+        <vers num="4.2.173.0"/>
+        <vers num="4.2.174.0"/>
+        <vers num="4.2.176.0"/>
+        <vers num="4.2.182.0"/>
+        <vers num="4.2.61.0"/>
+        <vers num="4.2.99.0"/>
+        <vers num="4.2m"/>
+        <vers num="5.0"/>
+        <vers num="5.0.148.0"/>
+        <vers num="5.0.148.2"/>
+        <vers num="5.1"/>
+        <vers num="5.1.151.0"/>
+        <vers num="5.1.152.0"/>
+        <vers num="5.1.160.0"/>
+        <vers num="5.2"/>
+        <vers num="5.2.157.0"/>
+        <vers num="5.2.169.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.182.0"/>
+        <vers num="6.0.188.0"/>
+        <vers num="6.0.196.0"/>
+        <vers num="6.0.199.0"/>
+        <vers num="6.0.199.4"/>
+        <vers num="7.0"/>
+        <vers num="7.0.220.0"/>
+        <vers num="7.0.235.0"/>
+        <vers num="7.0.98.0"/>
+        <vers num="7.1"/>
+        <vers num="7.1.91.0"/>
+        <vers num="7.2"/>
+        <vers num="7.2.103.0"/>
+        <vers num="7.2.110.0"/>
+        <vers num="7.3"/>
+        <vers num="7.3.101.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0705" published="2014-03-06" name="CVE-2014-0705" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">The multicast listener discovery (MLD) service on Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, 7.4 before 7.4.121.0, and 7.5, when MLDv2 Snooping is enabled, allows remote attackers to cause a denial of service (device restart) via a malformed IPv6 MLDv2 packet, aka Bug ID CSCuh74233.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" source="CISCO" adv="1">20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="wireless_lan_controller">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="wireless_lan_controller_software">
+        <vers num="7.2"/>
+        <vers num="7.2.103.0"/>
+        <vers num="7.2.110.0"/>
+        <vers num="7.3"/>
+        <vers num="7.3.101.0"/>
+        <vers num="7.4.100.0"/>
+        <vers num="7.4.100.60"/>
+        <vers num="7.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0706" published="2014-03-06" name="CVE-2014-0706" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCue87929.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" source="CISCO" adv="1">20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="wireless_lan_controller">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="wireless_lan_controller_software">
+        <vers num="7.2"/>
+        <vers num="7.2.103.0"/>
+        <vers num="7.2.110.0"/>
+        <vers num="7.3"/>
+        <vers num="7.3.101.0"/>
+        <vers num="7.4.100.0"/>
+        <vers num="7.4.100.60"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0707" published="2014-03-06" name="CVE-2014-0707" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7.4.110.0 allow remote attackers to cause a denial of service (device restart) via a crafted 802.11 Ethernet frame, aka Bug ID CSCuf80681.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-wlc" source="CISCO" adv="1">20140305 Multiple Vulnerabilities in Cisco Wireless LAN Controllers</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="wireless_lan_controller">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="wireless_lan_controller_software">
+        <vers num="7.2"/>
+        <vers num="7.2.103.0"/>
+        <vers num="7.2.110.0"/>
+        <vers num="7.3"/>
+        <vers num="7.3.101.0"/>
+        <vers num="7.4.100.0"/>
+        <vers num="7.4.100.60"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0708" published="2014-03-20" name="CVE-2014-0708" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) a browser's history, aka Bug ID CSCul98272.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0708" source="CISCO" adv="1">20140318 Cisco WebEx Business Suite HTTP GET Parameters Include Sensitive Information</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="webex_meeting_center">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0709" published="2014-02-22" name="CVE-2014-0709" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd" source="CISCO" adv="1">20140219 Cisco UCS Director Default Credentials Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ucs_director">
+        <vers num="4.0.0.0"/>
+        <vers num="4.0.0.1"/>
+        <vers prev="1" num="4.0.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0710" published="2014-02-22" name="CVE-2014-0710" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (device reload) via certain matching traffic, aka Bug ID CSCuj16824.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-fwsm" source="CISCO" adv="1">20140219 Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="firewall_services_module_software">
+        <vers num="3.1"/>
+        <vers num="3.1(10)"/>
+        <vers num="3.1(11)"/>
+        <vers num="3.1(12)"/>
+        <vers num="3.1(13)"/>
+        <vers num="3.1(14)"/>
+        <vers num="3.1(15)"/>
+        <vers num="3.1(16)"/>
+        <vers num="3.1(17)"/>
+        <vers num="3.1(18)"/>
+        <vers num="3.1(19)"/>
+        <vers num="3.1(2)"/>
+        <vers num="3.1(20)"/>
+        <vers num="3.1(21)"/>
+        <vers num="3.1(3)"/>
+        <vers num="3.1(4)"/>
+        <vers num="3.1(5)"/>
+        <vers num="3.1(6)"/>
+        <vers num="3.1(7)"/>
+        <vers num="3.1(8)"/>
+        <vers num="3.1(9)"/>
+        <vers num="3.2"/>
+        <vers num="3.2(1)"/>
+        <vers num="3.2(10)"/>
+        <vers num="3.2(11)"/>
+        <vers num="3.2(12)"/>
+        <vers num="3.2(13)"/>
+        <vers num="3.2(14)"/>
+        <vers num="3.2(15)"/>
+        <vers num="3.2(16)"/>
+        <vers num="3.2(17)"/>
+        <vers num="3.2(18)"/>
+        <vers num="3.2(19)"/>
+        <vers num="3.2(2)"/>
+        <vers num="3.2(20)"/>
+        <vers num="3.2(21)"/>
+        <vers num="3.2(22)"/>
+        <vers num="3.2(23)"/>
+        <vers num="3.2(24)"/>
+        <vers num="3.2(25)"/>
+        <vers num="3.2(26)"/>
+        <vers num="3.2(27)"/>
+        <vers num="3.2(3)"/>
+        <vers num="3.2(4)"/>
+        <vers num="3.2(5)"/>
+        <vers num="3.2(6)"/>
+        <vers num="3.2(7)"/>
+        <vers num="3.2(8)"/>
+        <vers num="3.2(9)"/>
+        <vers num="4.0"/>
+        <vers num="4.0(1)"/>
+        <vers num="4.0(10)"/>
+        <vers num="4.0(11)"/>
+        <vers num="4.0(12)"/>
+        <vers num="4.0(13)"/>
+        <vers num="4.0(14)"/>
+        <vers num="4.0(15)"/>
+        <vers num="4.0(2)"/>
+        <vers num="4.0(3)"/>
+        <vers num="4.0(4)"/>
+        <vers num="4.0(5)"/>
+        <vers num="4.0(6)"/>
+        <vers num="4.0(7)"/>
+        <vers num="4.0(8)"/>
+        <vers num="4.1"/>
+        <vers num="4.1(1)"/>
+        <vers num="4.1(10)"/>
+        <vers num="4.1(11)"/>
+        <vers num="4.1(12)"/>
+        <vers num="4.1(13)"/>
+        <vers num="4.1(14)"/>
+        <vers num="4.1(2)"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(4)"/>
+        <vers num="4.1(5)"/>
+        <vers num="4.1(6)"/>
+        <vers num="4.1(7)"/>
+        <vers num="4.1(8)"/>
+        <vers num="4.1(9)"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0718" published="2014-02-22" name="CVE-2014-0718" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips" source="CISCO" adv="1">20140219 Multiple Vulnerabilities in Cisco IPS Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ips_sensor_software">
+        <vers prev="1" num="7.1(1)e4"/>
+        <vers num="7.1(2)e4"/>
+        <vers num="7.1(3)e4"/>
+        <vers num="7.1(4)e4"/>
+        <vers num="7.1(6)e4"/>
+        <vers num="7.1(7)e4"/>
+        <vers num="7.1(8)e4"/>
+        <vers num="7.2(1)e4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0719" published="2014-02-22" name="CVE-2014-0719" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips" source="CISCO" adv="1">20140219 Multiple Vulnerabilities in Cisco IPS Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ips_sensor_software">
+        <vers prev="1" num="7.1(1)e4"/>
+        <vers num="7.1(2)e4"/>
+        <vers num="7.1(3)e4"/>
+        <vers num="7.1(4)e4"/>
+        <vers num="7.1(6)e4"/>
+        <vers num="7.1(7)e4"/>
+        <vers num="7.1(8)e4"/>
+        <vers num="7.2(1)e4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0720" published="2014-02-22" name="CVE-2014-0720" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips" source="CISCO" adv="1">20140219 Multiple Vulnerabilities in Cisco IPS Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ips_sensor_software">
+        <vers prev="1" num="7.1(1)e4"/>
+        <vers num="7.1(2)e4"/>
+        <vers num="7.1(3)e4"/>
+        <vers num="7.1(4)e4"/>
+        <vers num="7.1(6)e4"/>
+        <vers num="7.1(7)e4"/>
+        <vers num="7.1(8)e4"/>
+        <vers num="7.2(1)e4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0721" published="2014-02-22" name="CVE-2014-0721" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-phone" source="CISCO" adv="1">20140219 Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_sip_phone_3905">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0722" published="2014-02-13" name="CVE-2014-0722" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722" source="CISCO" adv="1">20140211 Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0723" published="2014-02-13" name="CVE-2014-0723" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0723" source="CISCO" adv="1">20140211 Cisco Unified Communications Manager IPMA Cross-Site Scripting Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0724" published="2014-02-13" name="CVE-2014-0724" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32825" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32825</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724" source="CISCO" adv="1">20140211 Cisco Unified Communications Manager Arbitrary File Read Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0725" published="2014-02-13" name="CVE-2014-0725" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725" source="CISCO" adv="1">20140212 Cisco Unified Communications Manager WAR File Availability Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0726" published="2014-02-13" name="CVE-2014-0726" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32843" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32843</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726" source="CISCO" adv="1">20140212 Cisco Unified Communications Manager IPMA Blind SQL Injection Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0727" published="2014-02-13" name="CVE-2014-0727" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0727" source="CISCO" adv="1">20140212 Cisco Unified Communications Manager CMIVR Blind SQL Injection Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0728" published="2014-02-13" name="CVE-2014-0728" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32834" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32834</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728" source="CISCO" adv="1">20140211 Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0729" published="2014-02-13" name="CVE-2014-0729" modified="2014-02-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0729" source="CISCO" adv="1">20140211 Cisco Unified Communications Manager Enterprise Mobility Application Blind SQL Injection Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0730" published="2014-02-22" name="CVE-2014-0730" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="6.8" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.1" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32910" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32910</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0730" source="CISCO" adv="1">20140218 Cisco Unified Computing System Central Software Privilege Escalation Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_computing_system_central_software">
+        <vers num="1.0"/>
+        <vers prev="1" num="1.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0731" published="2014-02-22" name="CVE-2014-0731" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32915" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32915</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0731" source="CISCO" adv="1">20140218 Cisco Unified Communications Manager Java Class File Availability Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+        <vers num="3.3(5)"/>
+        <vers num="3.3(5)sr1"/>
+        <vers num="3.3(5)sr2a"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(3)sr1"/>
+        <vers num="4.1(3)sr2"/>
+        <vers num="4.1(3)sr3"/>
+        <vers num="4.1(3)sr4"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.3sr1"/>
+        <vers num="4.2.3sr2"/>
+        <vers num="4.2.3sr2b"/>
+        <vers num="4.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0732" published="2014-02-20" name="CVE-2014-0732" modified="2014-02-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32913" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32913</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732" source="CISCO" adv="1">20140218 Cisco Unified Communications Manager Real Time Monitoring Tool Information Disclosure Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+        <vers num="3.3(5)"/>
+        <vers num="3.3(5)sr1"/>
+        <vers num="3.3(5)sr2a"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(3)sr1"/>
+        <vers num="4.1(3)sr2"/>
+        <vers num="4.1(3)sr3"/>
+        <vers num="4.1(3)sr4"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.3sr1"/>
+        <vers num="4.2.3sr2"/>
+        <vers num="4.2.3sr2b"/>
+        <vers num="4.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0733" published="2014-02-20" name="CVE-2014-0733" modified="2014-02-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32914" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32914</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733" source="CISCO" adv="1">20140218 Cisco Unified Communications Manager Enterprise License Manager Information Disclosure Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+        <vers num="3.3(5)"/>
+        <vers num="3.3(5)sr1"/>
+        <vers num="3.3(5)sr2a"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(3)sr1"/>
+        <vers num="4.1(3)sr2"/>
+        <vers num="4.1(3)sr3"/>
+        <vers num="4.1(3)sr4"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.3sr1"/>
+        <vers num="4.2.3sr2"/>
+        <vers num="4.2.3sr2b"/>
+        <vers num="4.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0734" published="2014-02-20" name="CVE-2014-0734" modified="2014-02-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32916" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32916</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0734" source="CISCO" adv="1">20140218 Cisco Unified Communications Manager CAPF Unauthenticated Blind SQL Injection Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+        <vers num="3.3(5)"/>
+        <vers num="3.3(5)sr1"/>
+        <vers num="3.3(5)sr2a"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(3)sr1"/>
+        <vers num="4.1(3)sr2"/>
+        <vers num="4.1(3)sr3"/>
+        <vers num="4.1(3)sr4"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.3sr1"/>
+        <vers num="4.2.3sr2"/>
+        <vers num="4.2.3sr2b"/>
+        <vers num="4.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0735" published="2014-02-20" name="CVE-2014-0735" modified="2014-02-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32912" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32912</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735" source="CISCO" adv="1">20140218 Cisco Unified Communications Manager IPMA Reflected Cross-Site Scripting Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+        <vers num="3.3(5)"/>
+        <vers num="3.3(5)sr1"/>
+        <vers num="3.3(5)sr2a"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(3)sr1"/>
+        <vers num="4.1(3)sr2"/>
+        <vers num="4.1(3)sr3"/>
+        <vers num="4.1(3)sr4"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.3sr1"/>
+        <vers num="4.2.3sr2"/>
+        <vers num="4.2.3sr2b"/>
+        <vers num="4.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0736" published="2014-02-20" name="CVE-2014-0736" modified="2014-02-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32911" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=32911</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736" source="CISCO" adv="1">20140218 Cisco Unified Communications Manager CAR Page CSRF Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+        <vers num="3.3(5)"/>
+        <vers num="3.3(5)sr1"/>
+        <vers num="3.3(5)sr2a"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(3)sr1"/>
+        <vers num="4.1(3)sr2"/>
+        <vers num="4.1(3)sr3"/>
+        <vers num="4.1(3)sr4"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.3sr1"/>
+        <vers num="4.2.3sr2"/>
+        <vers num="4.2.3sr2b"/>
+        <vers num="4.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0737" published="2014-02-22" name="CVE-2014-0737" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32957" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32957</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0737" source="CISCO" adv="1">20140220 Cisco Third-Generation IP Phone CTL Trust Chain Enforcement Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_ip_phone_7960g">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0738" published="2014-02-22" name="CVE-2014-0738" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32956" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32956</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0738" source="CISCO" adv="1">20140220 Cisco Adaptive Security Appliance Phone Proxy CTL Authentication Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="adaptive_security_appliance_software">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0739" published="2014-02-22" name="CVE-2014-0739" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=32955" source="CONFIRM">http://tools.cisco.com/security/center/viewAlert.x?alertId=32955</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0739" source="CISCO" adv="1">20140220 Cisco Adaptive Security Appliance Phone Proxy sec_db Race Condition Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="adaptive_security_appliance_software">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0740" published="2014-02-26" name="CVE-2014-0740" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33049" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33049</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740" source="CISCO" adv="1">20140225 Cisco Unified Communications Manager OS Administration CSRF Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+        <vers num="3.3(5)"/>
+        <vers num="3.3(5)sr1"/>
+        <vers num="3.3(5)sr2a"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(3)sr1"/>
+        <vers num="4.1(3)sr2"/>
+        <vers num="4.1(3)sr3"/>
+        <vers num="4.1(3)sr4"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.3sr1"/>
+        <vers num="4.2.3sr2"/>
+        <vers num="4.2.3sr2b"/>
+        <vers num="4.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0741" published="2014-02-26" name="CVE-2014-0741" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:S/C:C/I:C/A:N)" CVSS_score="6.2" CVSS_impact_subscore="9.2" CVSS_exploit_subscore="3.1" CVSS_base_score="6.2">
+    <desc>
+      <descript source="cve">The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33046" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33046</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741" source="CISCO" adv="1">20140225 Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+        <vers num="3.3(5)"/>
+        <vers num="3.3(5)sr1"/>
+        <vers num="3.3(5)sr2a"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(3)sr1"/>
+        <vers num="4.1(3)sr2"/>
+        <vers num="4.1(3)sr3"/>
+        <vers num="4.1(3)sr4"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.3sr1"/>
+        <vers num="4.2.3sr2"/>
+        <vers num="4.2.3sr2b"/>
+        <vers num="4.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0742" published="2014-02-26" name="CVE-2014-0742" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:S/C:C/I:C/A:N)" CVSS_score="6.2" CVSS_impact_subscore="9.2" CVSS_exploit_subscore="3.1" CVSS_base_score="6.2">
+    <desc>
+      <descript source="cve">The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33045" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33045</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742" source="CISCO" adv="1">20140225 Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+        <vers num="3.3(5)"/>
+        <vers num="3.3(5)sr1"/>
+        <vers num="3.3(5)sr2a"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(3)sr1"/>
+        <vers num="4.1(3)sr2"/>
+        <vers num="4.1(3)sr3"/>
+        <vers num="4.1(3)sr4"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.3sr1"/>
+        <vers num="4.2.3sr2"/>
+        <vers num="4.2.3sr2b"/>
+        <vers num="4.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0743" published="2014-02-26" name="CVE-2014-0743" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33044" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33044</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743" source="CISCO" adv="1">20140225 Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+        <vers num="3.3(5)"/>
+        <vers num="3.3(5)sr1"/>
+        <vers num="3.3(5)sr2a"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(3)sr1"/>
+        <vers num="4.1(3)sr2"/>
+        <vers num="4.1(3)sr3"/>
+        <vers num="4.1(3)sr4"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.3sr1"/>
+        <vers num="4.2.3sr2"/>
+        <vers num="4.2.3sr2b"/>
+        <vers num="4.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0745" published="2014-02-26" name="CVE-2014-0745" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0745" source="CISCO" adv="1">20140225 Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_contact_center_express_editor_software">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0746" published="2014-02-26" name="CVE-2014-0746" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The disaster recovery system (DRS) in Cisco Unified Contact Center Express (Unified CCX) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCum95536.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0746" source="CISCO" adv="1">20140225 Cisco Unified Contact Center Express DRS Sensitive Information Disclosure Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_contact_center_express_editor_software">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0747" published="2014-02-26" name="CVE-2014-0747" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="6.8" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.1" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33048" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33048</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747" source="CISCO" adv="1">20140225 Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.0(1)"/>
+        <vers num="3.3(5)"/>
+        <vers num="3.3(5)sr1"/>
+        <vers num="3.3(5)sr2a"/>
+        <vers num="4.1(3)"/>
+        <vers num="4.1(3)sr1"/>
+        <vers num="4.1(3)sr2"/>
+        <vers num="4.1(3)sr3"/>
+        <vers num="4.1(3)sr4"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.3sr1"/>
+        <vers num="4.2.3sr2"/>
+        <vers num="4.2.3sr2b"/>
+        <vers num="4.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0750" published="2014-01-25" name="CVE-2014-0750" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01</ref>
+      <ref url="http://www.securityfocus.com/bid/65124" source="BID">65124</ref>
+      <ref url="http://support.ge-ip.com/support/index?page=kbchannel&amp;id=KB15939" source="CONFIRM" adv="1">http://support.ge-ip.com/support/index?page=kbchannel&amp;id=KB15939</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ge" name="intelligent_platforms_proficy_hmi%2fscada_cimplicity">
+        <vers prev="1" num="8.2" edition="sim24"/>
+      </prod>
+      <prod vendor="ge" name="intelligent_platforms_proficy_hmi/scada_cimplicity">
+        <vers num="4.01"/>
+        <vers num="7.5"/>
+        <vers num="8.0"/>
+        <vers num="8.1"/>
+        <vers num="8.2"/>
+      </prod>
+      <prod vendor="ge" name="intelligent_platforms_proficy_process_systems_with_cimplicity">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0751" published="2014-01-25" name="CVE-2014-0751" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/65117" source="BID">65117</ref>
+      <ref url="http://support.ge-ip.com/support/index?page=kbchannel&amp;id=KB15940" source="CONFIRM" adv="1">http://support.ge-ip.com/support/index?page=kbchannel&amp;id=KB15940</ref>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ge" name="intelligent_platforms_proficy_hmi%2fscada_cimplicity">
+        <vers prev="1" num="8.2" edition="sim24"/>
+      </prod>
+      <prod vendor="ge" name="intelligent_platforms_proficy_hmi/scada_cimplicity">
+        <vers num="4.01"/>
+        <vers num="7.5"/>
+        <vers num="8.0"/>
+        <vers num="8.1"/>
+        <vers num="8.2"/>
+      </prod>
+      <prod vendor="ge" name="intelligent_platforms_proficy_process_systems_with_cimplicity">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0752" published="2014-01-09" name="CVE-2014-0752" modified="2014-01-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-008-01" source="MISC" patch="1">http://ics-cert.us-cert.gov/advisories/ICSA-14-008-01</ref>
+      <ref url="http://www.integraxor.com/blog/category/security/vulnerability-note/" source="CONFIRM" patch="1" adv="1">http://www.integraxor.com/blog/category/security/vulnerability-note/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ecava" name="integraxor">
+        <vers num="3.5.3900.10"/>
+        <vers num="3.5.3900.5"/>
+        <vers num="3.6.4000.0"/>
+        <vers num="3.60.4061"/>
+        <vers num="3.71"/>
+        <vers num="3.71.4200"/>
+        <vers num="3.72"/>
+        <vers num="4.00"/>
+        <vers num="4.1"/>
+        <vers prev="1" num="4.1.4360"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0753" published="2014-01-20" name="CVE-2014-0753" modified="2014-01-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-016-01</ref>
+      <ref url="http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/" source="CONFIRM">http://www.integraxor.com/blog/buffer-overflow-vulnerability-note/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ecava" name="integraxor">
+        <vers num="3.5.3900.10"/>
+        <vers num="3.5.3900.5"/>
+        <vers num="3.6.4000.0"/>
+        <vers num="3.60.4061"/>
+        <vers num="3.71"/>
+        <vers num="3.71.4200"/>
+        <vers num="3.72"/>
+        <vers num="4.00"/>
+        <vers num="4.1"/>
+        <vers num="4.1.4360"/>
+        <vers num="4.1.4369"/>
+        <vers prev="1" num="4.1.4380"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0755" published="2014-02-05" name="CVE-2014-0755" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not properly implement password protection for .ACD files (aka project files), which allows local users to obtain sensitive information or modify data via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-021-01</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90981" source="XF">rslogix-cve20140755-info-disc(90981)</ref>
+      <ref url="http://www.securityfocus.com/bid/65337" source="BID">65337</ref>
+      <ref url="http://osvdb.org/102858" source="OSVDB">102858</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="rockwellautomation" name="rslogix_5000_design_and_configuration_software">
+        <vers num="18.0"/>
+        <vers num="20.01"/>
+        <vers num="21.0"/>
+        <vers num="7.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0757" published="2014-01-31" name="CVE-2014-0757" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01</ref>
+      <ref url="http://secunia.com/advisories/56713" source="SECUNIA">56713</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="3s-software" name="codesys_runtime_toolkit">
+        <vers prev="1" num="2.4.7.43"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0758" published="2014-02-23" name="CVE-2014-0758" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-051-01</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="iconics" name="genesis32">
+        <vers num="8.0"/>
+        <vers num="8.02"/>
+        <vers num="8.04"/>
+        <vers num="8.05"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0759" published="2014-02-28" name="CVE-2014-0759" modified="2014-02-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">Unquoted Windows search path vulnerability in Schneider Electric Floating License Manager 1.0.0 through 1.4.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/428.html
+
+"CWE-428: Unquoted Search Path or Element"</descript>
+    </desc>
+    <sols>
+      <sol source="nvd">Per: http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01
+
+"This license manager is used in the following Schneider Electric products:
+
+    Power Monitoring Expert,
+    Struxureware process Expert (PES),
+    Struxureware process Expert libraries,
+    Vijeo Citect (SCADA), and
+    Vijeo Citect Historian."</sol>
+    </sols>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-058-01</ref>
+      <ref url="http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01" source="CONFIRM" adv="1">http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-015-01</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="schneider-electric" name="floating_license_manager">
+        <vers num="1.0.0"/>
+        <vers num="1.4.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0760" published="2014-04-25" name="CVE-2014-0760" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="3s-software" name="codesys_runtime_system">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="softmotion3d" name="softmotion">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="festo" name="cecx-x-c1_modular_master_controller">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="festo" name="cecx-x-m1_modular_controller">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0763" published="2014-04-12" name="CVE-2014-0763" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="advantech" name="advantech_webaccess">
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="7.0"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0764" published="2014-04-12" name="CVE-2014-0764" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="advantech" name="advantech_webaccess">
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="7.0"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0765" published="2014-04-12" name="CVE-2014-0765" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="advantech" name="advantech_webaccess">
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="7.0"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0766" published="2014-04-12" name="CVE-2014-0766" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName2 argument.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="advantech" name="advantech_webaccess">
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="7.0"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0767" published="2014-04-12" name="CVE-2014-0767" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode argument.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="advantech" name="advantech_webaccess">
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="7.0"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0768" published="2014-04-12" name="CVE-2014-0768" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode2 argument.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="advantech" name="advantech_webaccess">
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="7.0"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0769" published="2014-04-25" name="CVE-2014-0769" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion do not require authentication for connections to certain TCP ports, which allows remote attackers to (1) modify the configuration via a request to the debug service on port 4000 or (2) delete log entries via a request to the log service on port 4001.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-084-01</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="3s-software" name="codesys_runtime_system">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="softmotion3d" name="softmotion">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="festo" name="cecx-x-c1_modular_master_controller">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="festo" name="cecx-x-m1_modular_controller">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0770" published="2014-04-12" name="CVE-2014-0770" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long UserName parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="advantech" name="advantech_webaccess">
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="7.0"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0771" published="2014-04-12" name="CVE-2014-0771" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="advantech" name="advantech_webaccess">
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="7.0"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0772" published="2014-04-12" name="CVE-2014-0772" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="advantech" name="advantech_webaccess">
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="7.0"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0773" published="2014-04-12" name="CVE-2014-0773" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname.</descript>
+      <descript source="nvd">CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="advantech" name="advantech_webaccess">
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="7.0"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0774" published="2014-02-28" name="CVE-2014-0774" modified="2014-02-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed configuration file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-058-02</ref>
+      <ref url="http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01" source="CONFIRM" adv="1">http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-031-01</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="schneider-electric" name="ofs_test_client_tlxcdlfofs33">
+        <vers num="3.35"/>
+      </prod>
+      <prod vendor="schneider-electric" name="ofs_test_client_tlxcdltofs33">
+        <vers num="3.35"/>
+      </prod>
+      <prod vendor="schneider-electric" name="ofs_test_client_tlxcdluofs33">
+        <vers num="3.35"/>
+      </prod>
+      <prod vendor="schneider-electric" name="ofs_test_client_tlxcdstofs33">
+        <vers num="3.35"/>
+      </prod>
+      <prod vendor="schneider-electric" name="ofs_test_client_tlxcdsuofs33">
+        <vers num="3.35"/>
+      </prod>
+      <prod vendor="schneider-electric" name="opc_factory_server">
+        <vers num="3.35"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0777" published="2014-04-11" name="CVE-2014-0777" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earlier in IOServer OPC Server allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-100-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-100-01</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ioserver" name="ioserver_opc_server">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="ioserver" name="opc_drivers">
+        <vers prev="1" num="1.0.20"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0778" published="2014-04-19" name="CVE-2014-0778" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-105-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-105-01</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="progea" name="movicon">
+        <vers num="11.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0779" published="2014-03-14" name="CVE-2014-0779" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013 R1.1a build 73.4903, 2013 R1.2 build 73.4955, and 2013 R2 build 74.5094 allows remote attackers to cause a denial of service (application crash) via a crafted OPF file (aka project file).</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-072-01</ref>
+      <ref url="http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01" source="CONFIRM" adv="1">http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-024-01</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="schneider-electric" name="clearscada">
+        <vers num="2010" edition="r2"/>
+        <vers num="2010" edition="r2.1"/>
+        <vers num="2010" edition="r3"/>
+        <vers num="2010" edition="r3.1"/>
+      </prod>
+      <prod vendor="schneider-electric" name="scada_expert_clearscada">
+        <vers num="2013" edition="r1"/>
+        <vers num="2013" edition="r1.1"/>
+        <vers num="2013" edition="r1.1a"/>
+        <vers num="2013" edition="r1.2"/>
+        <vers num="2013" edition="r2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0780" published="2014-04-25" name="CVE-2014-0780" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02" source="MISC" patch="1">http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="indusoft" name="web_studio">
+        <vers prev="1" num="7.1" edition="-"/>
+        <vers prev="1" num="7.1" edition="sp1"/>
+        <vers prev="1" num="7.1" edition="sp2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0781" published="2014-03-14" name="CVE-2014-0781" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="yokogawa" name="centum_cs_3000">
+        <vers num="r3.01"/>
+        <vers num="r3.02"/>
+        <vers num="r3.03"/>
+        <vers num="r3.04"/>
+        <vers num="r3.05"/>
+        <vers num="r3.06"/>
+        <vers num="r3.07"/>
+        <vers num="r3.08"/>
+        <vers num="r3.08.50"/>
+        <vers num="r3.08.70"/>
+        <vers num="r3.09"/>
+        <vers prev="1" num="r3.09.50"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0783" published="2014-03-14" name="CVE-2014-0783" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:C)" CVSS_score="9.0" CVSS_impact_subscore="8.5" CVSS_exploit_subscore="10.0" CVSS_base_score="9.0">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="yokogawa" name="centum_cs_3000">
+        <vers num="r3.01"/>
+        <vers num="r3.02"/>
+        <vers num="r3.03"/>
+        <vers num="r3.04"/>
+        <vers num="r3.05"/>
+        <vers num="r3.06"/>
+        <vers num="r3.07"/>
+        <vers num="r3.08"/>
+        <vers num="r3.08.50"/>
+        <vers num="r3.08.70"/>
+        <vers num="r3.09"/>
+        <vers prev="1" num="r3.09.50"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0784" published="2014-03-14" name="CVE-2014-0784" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:C)" CVSS_score="8.3" CVSS_impact_subscore="8.5" CVSS_exploit_subscore="8.6" CVSS_base_score="8.3">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="yokogawa" name="centum_cs_3000">
+        <vers num="r3.01"/>
+        <vers num="r3.02"/>
+        <vers num="r3.03"/>
+        <vers num="r3.04"/>
+        <vers num="r3.05"/>
+        <vers num="r3.06"/>
+        <vers num="r3.07"/>
+        <vers num="r3.08"/>
+        <vers num="r3.08.50"/>
+        <vers num="r3.08.70"/>
+        <vers num="r3.09"/>
+        <vers prev="1" num="r3.09.50"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0786" published="2014-04-30" name="CVE-2014-0786" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01" source="MISC" patch="1">http://ics-cert.us-cert.gov/advisories/ICSA-14-091-01</ref>
+      <ref url="http://www.integraxor.com/blog/category/security/vulnerability-note/" source="CONFIRM" adv="1">http://www.integraxor.com/blog/category/security/vulnerability-note/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ecava" name="integraxor">
+        <vers num="4.1"/>
+        <vers num="4.1.4340"/>
+        <vers num="4.1.4360"/>
+        <vers num="4.1.4369"/>
+        <vers num="4.1.4380"/>
+        <vers prev="1" num="4.1.4390"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0787" published="2014-04-12" name="CVE-2014-0787" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-098-02" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-098-02</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="wellintech" name="kingscada">
+        <vers num="3.1"/>
+        <vers prev="1" num="3.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0789" published="2014-04-04" name="CVE-2014-0789" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Multiple buffer overflows in the OPC Automation 2.0 Server Object ActiveX control in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 3.5 and earlier, TLXCDSTOFS33 3.5 and earlier, TLXCDLUOFS33 3.5 and earlier, TLXCDLTOFS33 3.5 and earlier, and TLXCDLFOFS33 3.5 and earlier allow remote attackers to cause a denial of service via long arguments to unspecified functions.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-093-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-093-01</ref>
+      <ref url="http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml" source="CONFIRM" adv="1">http://www.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2014/03/20140325_vulnerability_disclosure_opc_factory_server.xml</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="schneider-electric" name="opc_factory_server_tlxcdlfofs">
+        <vers prev="1" num="3.35"/>
+      </prod>
+      <prod vendor="schneider-electric" name="opc_factory_server_tlxcdltofs">
+        <vers prev="1" num="3.35"/>
+      </prod>
+      <prod vendor="schneider-electric" name="opc_factory_server_tlxcdluofs">
+        <vers prev="1" num="3.35"/>
+      </prod>
+      <prod vendor="schneider-electric" name="opc_factory_server_tlxcdstofs">
+        <vers prev="1" num="3.35"/>
+      </prod>
+      <prod vendor="schneider-electric" name="opc_factory_server_tlxcdsuofs">
+        <vers prev="1" num="3.35"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0791" published="2014-01-03" name="CVE-2014-0791" modified="2014-01-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e" source="MISC">https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e</ref>
+      <ref url="https://github.com/FreeRDP/FreeRDP/pull/1649" source="MISC">https://github.com/FreeRDP/FreeRDP/pull/1649</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=998941" source="MISC">https://bugzilla.redhat.com/show_bug.cgi?id=998941</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/01/03/4" source="MLIST">[oss-security] 20140103 Re: CVE for freerdp int overflow?</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/01/02/5" source="MLIST">[oss-security] 20140102 CVE for freerdp int overflow?</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="freerdp_project" name="freerdp">
+        <vers num="1.0.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0792" published="2014-01-17" name="CVE-2014-0792" modified="2014-01-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability" source="CONFIRM" patch="1" adv="1">https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability</ref>
+      <ref url="http://www.sonatype.org/advisories/archive/2014-01-13-Nexus" source="CONFIRM" patch="1" adv="1">http://www.sonatype.org/advisories/archive/2014-01-13-Nexus</ref>
+      <ref url="https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist" source="CONFIRM">https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sonatype" name="nexus">
+        <vers num="1.0"/>
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4" edition="1"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.2"/>
+        <vers num="2.3.1"/>
+        <vers num="2.4.0"/>
+        <vers num="2.5.0"/>
+        <vers num="2.5.1"/>
+        <vers num="2.6.0"/>
+        <vers num="2.6.1"/>
+        <vers num="2.6.2"/>
+        <vers num="2.6.3"/>
+        <vers num="2.6.4"/>
+        <vers num="2.7.0" edition="04"/>
+        <vers num="2.7.0" edition="05"/>
+        <vers num="2.7.0" edition="06"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0793" published="2014-01-30" name="CVE-2014-0793" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23194" source="MISC">https://www.htbridge.com/advisory/HTB23194</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/530873/100/0/threaded" source="BUGTRAQ">20140123 Cross-Site Scripting (XSS) in Komento Joomla Extension</ref>
+      <ref url="http://www.exploit-db.com/exploits/31174" source="EXPLOIT-DB">31174</ref>
+      <ref url="http://stackideas.com/downloads/changelog/komento" source="CONFIRM">http://stackideas.com/downloads/changelog/komento</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="stackideas" name="komento">
+        <vers num="1.7.0"/>
+        <vers num="1.7.1"/>
+        <vers prev="1" num="1.7.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0794" published="2014-01-26" name="CVE-2014-0794" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in JV Comment (com_jvcomment) 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the id parameter in a comment.like action.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23195" source="MISC">https://www.htbridge.com/advisory/HTB23195</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90532" source="XF">joomla-jvcomment-unspecified-sql-injection(90532)</ref>
+      <ref url="http://www.securityfocus.com/bid/64661" source="BID">64661</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/530872/100/0/threaded" source="BUGTRAQ">20140123 SQL Injection in JV Comment Joomla Extension</ref>
+      <ref url="http://www.osvdb.org/101960" source="OSVDB">101960</ref>
+      <ref url="http://www.exploit-db.com/exploits/31175" source="EXPLOIT-DB">31175</ref>
+      <ref url="http://extensions.joomla.org/extensions/contacts-and-feedback/articles-comments/23394" source="CONFIRM" adv="1">http://extensions.joomla.org/extensions/contacts-and-feedback/articles-comments/23394</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="joomla" name="com_jvcomment">
+        <vers num="3.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0802" published="2014-01-12" name="CVE-2014-0802" modified="2014-01-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the aokitaka ZIP with Pass application 4.5.7 and earlier, and ZIP with Pass Pro application 6.3.8 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000001" source="JVNDB">JVNDB-2014-000001</ref>
+      <ref url="http://jvn.jp/en/jp/JVN88313872/index.html" source="JVN">JVN#88313872</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="aokitaka" name="zip_with_pass">
+        <vers prev="1" num="4.5.7" edition="-:~-~-~android~~"/>
+      </prod>
+      <prod vendor="aokitaka" name="zip_with_pass_pro">
+        <vers num="6.2.1" edition="-:~-~-~android~~"/>
+        <vers num="6.2.2" edition="-:~-~-~android~~"/>
+        <vers num="6.3.0" edition="-:~-~-~android~~"/>
+        <vers num="6.3.4" edition="-:~-~-~android~~"/>
+        <vers num="6.3.5" edition="-:~-~-~android~~"/>
+        <vers num="6.3.7" edition="-:~-~-~android~~"/>
+        <vers prev="1" num="6.3.8" edition="-:~-~-~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0803" published="2014-01-12" name="CVE-2014-0803" modified="2014-01-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free" source="CONFIRM">https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.free</ref>
+      <ref url="https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app" source="CONFIRM">https://play.google.com/store/apps/details?id=jp.main.brits.android.filer.app</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000002" source="JVNDB">JVNDB-2014-000002</ref>
+      <ref url="http://jvn.jp/en/jp/JVN51285738/index.html" source="JVN">JVN#51285738</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="yuichiro_okuyama" name="tetra_filer">
+        <vers prev="1" num="1.5.1" edition="-:~-~-~android~~"/>
+        <vers prev="1" num="2.3.1" edition="-:~-~-~android~~"/>
+      </prod>
+      <prod vendor="yuichiro_okuyama" name="tetra_filer_free">
+        <vers prev="1" num="1.5.1" edition="-:~-~-~android~~"/>
+        <vers prev="1" num="2.3.1" edition="-:~-~-~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0804" published="2014-01-12" name="CVE-2014-0804" modified="2014-01-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the CGENE Security File Manager Pro application 1.0.6 and earlier, and Security File Manager Trial application 1.0.6 and earlier, for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.pro" source="CONFIRM">https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.pro</ref>
+      <ref url="https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.free" source="CONFIRM">https://play.google.com/store/apps/details?id=com.cgene.android.secret.filelock.free</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000003" source="JVNDB">JVNDB-2014-000003</ref>
+      <ref url="http://jvn.jp/en/jp/JVN44392991/index.html" source="JVN">JVN#44392991</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cgene" name="security_file_manager">
+        <vers prev="1" num="1.0.6" edition="-:~-~trial~android~~"/>
+        <vers prev="1" num="1.0.6" edition="-:~-~pro~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0805" published="2014-01-12" name="CVE-2014-0805" modified="2014-01-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free application 5.4.3 and earlier, and NeoFiler Lite application 2.4.2 and earlier for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerlite" source="CONFIRM">https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerlite</ref>
+      <ref url="https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerfree" source="CONFIRM">https://play.google.com/store/apps/details?id=com.skyarts.android.neofilerfree</ref>
+      <ref url="https://play.google.com/store/apps/details?id=com.skyarts.android.neofiler" source="CONFIRM">https://play.google.com/store/apps/details?id=com.skyarts.android.neofiler</ref>
+      <ref url="http://www.skyarts.com/products/android/neofiler/index.html" source="CONFIRM">http://www.skyarts.com/products/android/neofiler/index.html</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000004" source="JVNDB">JVNDB-2014-000004</ref>
+      <ref url="http://jvn.jp/en/jp/JVN85716574/index.html" source="JVN">JVN#85716574</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="skyarts" name="neofiler">
+        <vers prev="1" num="2.4.2" edition="-:~-~lite~android~~"/>
+        <vers prev="1" num="5.4.3" edition="-:~-~free~android~~"/>
+        <vers prev="1" num="5.4.3" edition="-:~-~-~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0806" published="2014-01-22" name="CVE-2014-0806" modified="2014-01-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile Black Edition application 2.12.1 and earlier for Android provide Geolocation API data without verifying user consent, which allows remote attackers to obtain sensitive location information via a web site that makes API calls.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000007" source="JVNDB">JVNDB-2014-000007</ref>
+      <ref url="http://jvn.jp/en/jp/JVN81637882/index.html" source="JVN">JVN#81637882</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="fenrir-inc" name="sleipnir_mobile">
+        <vers num="1.0.0" edition="alpha:black"/>
+        <vers num="1.0.0" edition="beta_update1:black"/>
+        <vers num="1.0.0" edition="rc:black"/>
+        <vers num="1.1.0" edition="-:black"/>
+        <vers num="1.2.0" edition="-:black"/>
+        <vers num="1.3.0" edition="-:black"/>
+        <vers num="1.4.0" edition="-:black"/>
+        <vers num="1.5.0" edition="-:black"/>
+        <vers num="1.5.1" edition="-:black"/>
+        <vers num="1.6.0" edition="-:black"/>
+        <vers num="1.7.0" edition="-:black"/>
+        <vers num="1.7.1" edition="-:black"/>
+        <vers num="2.0.0" edition="-:black"/>
+        <vers num="2.0.1" edition="-:black"/>
+        <vers num="2.0.2" edition="-:black"/>
+        <vers num="2.0.3" edition="-:black"/>
+        <vers num="2.0.4" edition="-:black"/>
+        <vers num="2.1.0" edition="-:black"/>
+        <vers num="2.10" edition="-:black"/>
+        <vers num="2.10.0" edition="-:black"/>
+        <vers num="2.11" edition="-:black"/>
+        <vers num="2.12" edition="-:black"/>
+        <vers prev="1" num="2.12.1" edition="-:black"/>
+        <vers num="2.2.0" edition="-:black"/>
+        <vers num="2.2.1" edition="-:black"/>
+        <vers num="2.2.2" edition="-:black"/>
+        <vers num="2.2.3" edition="-:black"/>
+        <vers num="2.3.0" edition="-:black"/>
+        <vers num="2.4.0" edition="-:black"/>
+        <vers num="2.4.1" edition="-:black"/>
+        <vers num="2.5.0" edition="-:black"/>
+        <vers num="2.5.1" edition="-:black"/>
+        <vers num="2.6.0" edition="-:black"/>
+        <vers num="2.7.0" edition="-:black"/>
+        <vers num="2.8.0" edition="-:black"/>
+        <vers num="2.9.0" edition="-:black"/>
+        <vers num="2.9.1" edition="-:black"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0807" published="2014-01-22" name="CVE-2014-0807" modified="2014-01-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:P)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.ec-cube.net/info/weakness/weakness.php?id=56" source="CONFIRM" adv="1">http://www.ec-cube.net/info/weakness/weakness.php?id=56</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000005" source="JVNDB">JVNDB-2014-000005</ref>
+      <ref url="http://jvn.jp/en/jp/JVN17849447/index.html" source="JVN">JVN#17849447</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="lockon" name="ec-cube">
+        <vers num="2.11.0" edition="beta"/>
+        <vers num="2.11.0" edition="beta2"/>
+        <vers num="2.11.1"/>
+        <vers num="2.11.2"/>
+        <vers num="2.11.3"/>
+        <vers num="2.11.4"/>
+        <vers num="2.11.5"/>
+        <vers num="2.12.0"/>
+        <vers num="2.12.1"/>
+        <vers num="2.12.2"/>
+        <vers num="2.4.0" edition="rc1"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers prev="1" num="2.4.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0808" published="2014-01-22" name="CVE-2014-0808" modified="2014-01-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The lfCheckError function in data/class/pages/shopping/LC_Page_Shopping_Multiple.php in LOCKON EC-CUBE 2.11.0 through 2.12.2 allows remote attackers to obtain sensitive shipping information via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.ec-cube.net/info/weakness/weakness.php?id=57" source="CONFIRM" adv="1">http://www.ec-cube.net/info/weakness/weakness.php?id=57</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000006" source="JVNDB">JVNDB-2014-000006</ref>
+      <ref url="http://jvn.jp/en/jp/JVN51770585/index.html" source="JVN">JVN#51770585</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="lockon" name="ec-cube">
+        <vers num="2.11.0" edition="beta"/>
+        <vers num="2.11.0" edition="beta2"/>
+        <vers num="2.11.1"/>
+        <vers num="2.11.2"/>
+        <vers num="2.11.3"/>
+        <vers num="2.11.4"/>
+        <vers num="2.11.5"/>
+        <vers num="2.12.0"/>
+        <vers num="2.12.1"/>
+        <vers num="2.12.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0809" published="2014-01-24" name="CVE-2014-0809" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the Gapless Player SimZip (aka Simple Zip Viewer) application before 1.2.1 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://play.google.com/store/apps/details?id=com.acidzazz.simzip" source="CONFIRM">https://play.google.com/store/apps/details?id=com.acidzazz.simzip</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90980" source="XF">simple-zip-cve20140809-dir-traversal(90980)</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000008" source="JVNDB">JVNDB-2014-000008</ref>
+      <ref url="http://jvn.jp/en/jp/JVN49384502/index.html" source="JVN">JVN#49384502</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="gapless_player" name="simzip">
+        <vers num="1.1"/>
+        <vers prev="1" num="1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0810" published="2014-01-29" name="CVE-2014-0810" modified="2014-01-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 before update 6, and 2010 before update 6, and Sanshiro Viewer before 2.0.2.0, allows remote attackers to execute arbitrary code via a crafted document.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.justsystems.com/jp/info/js14001.html" source="CONFIRM" adv="1">http://www.justsystems.com/jp/info/js14001.html</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000011" source="JVNDB">JVNDB-2014-000011</ref>
+      <ref url="http://jvn.jp/en/jp/JVN28011378/index.html" source="JVN">JVN#28011378</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="justsystems" name="sanshiro">
+        <vers num="2007"/>
+        <vers num="2008"/>
+        <vers num="2009"/>
+        <vers num="2010"/>
+        <vers num="viewer"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0811" published="2014-02-22" name="CVE-2014-0811" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000012" source="JVNDB">JVNDB-2014-000012</ref>
+      <ref url="http://jvn.jp/en/jp/JVN24730765/index.html" source="JVN">JVN#24730765</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="blackboard" name="vista/ce">
+        <vers prev="1" num="8.0" edition="sp6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0812" published="2014-02-01" name="CVE-2014-0812" modified="2014-02-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kent-web.com/bbs/joyful.html" source="CONFIRM">http://www.kent-web.com/bbs/joyful.html</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000013" source="JVNDB">JVNDB-2014-000013</ref>
+      <ref url="http://jvn.jp/en/jp/JVN30718178/index.html" source="JVN">JVN#30718178</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="kent-web" name="joyful_note">
+        <vers prev="1" num="2.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0813" published="2014-02-14" name="CVE-2014-0813" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.phpmyfaq.de/advisory_2014-02-04.php" source="CONFIRM" patch="1" adv="1">http://www.phpmyfaq.de/advisory_2014-02-04.php</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90963" source="XF">phpmyfaq-cve20140813-csrf(90963)</ref>
+      <ref url="http://www.securityfocus.com/bid/65368" source="BID">65368</ref>
+      <ref url="http://secunia.com/advisories/56006" source="SECUNIA">56006</ref>
+      <ref url="http://osvdb.org/102939" source="OSVDB">102939</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016" source="JVNDB">JVNDB-2014-000016</ref>
+      <ref url="http://jvn.jp/en/jp/JVN50943964/index.html" source="JVN">JVN#50943964</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="phpmyfaq" name="phpmyfaq">
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.1a"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.3"/>
+        <vers num="1.1.4"/>
+        <vers num="1.1.4a"/>
+        <vers num="1.1.5"/>
+        <vers num="1.2.0"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5"/>
+        <vers num="1.2.5a"/>
+        <vers num="1.2.5b"/>
+        <vers num="1.3.0"/>
+        <vers num="1.3.1"/>
+        <vers num="1.3.10"/>
+        <vers num="1.3.11"/>
+        <vers num="1.3.12"/>
+        <vers num="1.3.13"/>
+        <vers num="1.3.14"/>
+        <vers num="1.3.2"/>
+        <vers num="1.3.3"/>
+        <vers num="1.3.4"/>
+        <vers num="1.3.5"/>
+        <vers num="1.3.6"/>
+        <vers num="1.3.7"/>
+        <vers num="1.3.8"/>
+        <vers num="1.3.9" edition="pl1"/>
+        <vers num="1.4" edition="alpha1"/>
+        <vers num="1.4" edition="alpha2"/>
+        <vers num="1.4.0"/>
+        <vers num="1.4.0a"/>
+        <vers num="1.4.1"/>
+        <vers num="1.4.10"/>
+        <vers num="1.4.11"/>
+        <vers num="1.4.2"/>
+        <vers num="1.4.3"/>
+        <vers num="1.4.4"/>
+        <vers num="1.4.5"/>
+        <vers num="1.4.6"/>
+        <vers num="1.4.7"/>
+        <vers num="1.4.8"/>
+        <vers num="1.4.9"/>
+        <vers num="1.5" edition="alpha1"/>
+        <vers num="1.5" edition="alpha2"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5" edition="beta3"/>
+        <vers num="1.5" edition="rc1"/>
+        <vers num="1.5" edition="rc2"/>
+        <vers num="1.5" edition="rc3"/>
+        <vers num="1.5" edition="rc4"/>
+        <vers num="1.5" edition="rc5"/>
+        <vers num="1.5.0"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="1.5.9"/>
+        <vers num="1.6.0"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.10"/>
+        <vers num="1.6.11"/>
+        <vers num="1.6.12"/>
+        <vers num="1.6.2"/>
+        <vers num="1.6.3"/>
+        <vers num="1.6.4"/>
+        <vers num="1.6.5"/>
+        <vers num="1.6.6"/>
+        <vers num="1.6.7"/>
+        <vers num="1.6.8"/>
+        <vers num="1.6.9"/>
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.15"/>
+        <vers num="2.0.16"/>
+        <vers num="2.0.17"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.5.0"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="2.5.5"/>
+        <vers num="2.5.6"/>
+        <vers num="2.5.7"/>
+        <vers num="2.6.0"/>
+        <vers num="2.6.1"/>
+        <vers num="2.6.10"/>
+        <vers num="2.6.11"/>
+        <vers num="2.6.12"/>
+        <vers num="2.6.13"/>
+        <vers num="2.6.14"/>
+        <vers num="2.6.15"/>
+        <vers num="2.6.16"/>
+        <vers num="2.6.17"/>
+        <vers num="2.6.18"/>
+        <vers num="2.6.2"/>
+        <vers num="2.6.3"/>
+        <vers num="2.6.4"/>
+        <vers num="2.6.5"/>
+        <vers num="2.6.6"/>
+        <vers num="2.6.7"/>
+        <vers num="2.6.8"/>
+        <vers num="2.6.9"/>
+        <vers num="2.7.0"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.7.3"/>
+        <vers num="2.7.4"/>
+        <vers num="2.7.5"/>
+        <vers num="2.7.6"/>
+        <vers num="2.7.7"/>
+        <vers num="2.7.8"/>
+        <vers num="2.7.9"/>
+        <vers num="2.8.0"/>
+        <vers num="2.8.1"/>
+        <vers num="2.8.2"/>
+        <vers num="2.8.3"/>
+        <vers num="2.8.4"/>
+        <vers prev="1" num="2.8.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0814" published="2014-02-14" name="CVE-2014-0814" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.phpmyfaq.de/advisory_2014-02-04.php" source="CONFIRM" patch="1" adv="1">http://www.phpmyfaq.de/advisory_2014-02-04.php</ref>
+      <ref url="http://www.securityfocus.com/bid/65368" source="BID">65368</ref>
+      <ref url="http://secunia.com/advisories/56006" source="SECUNIA">56006</ref>
+      <ref url="http://osvdb.org/102940" source="OSVDB">102940</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015" source="JVNDB">JVNDB-2014-000015</ref>
+      <ref url="http://jvn.jp/en/jp/JVN30050348/index.html" source="JVN">JVN#30050348</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="phpmyfaq" name="phpmyfaq">
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.1a"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.3"/>
+        <vers num="1.1.4"/>
+        <vers num="1.1.4a"/>
+        <vers num="1.1.5"/>
+        <vers num="1.2.0"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5"/>
+        <vers num="1.2.5a"/>
+        <vers num="1.2.5b"/>
+        <vers num="1.3.0"/>
+        <vers num="1.3.1"/>
+        <vers num="1.3.10"/>
+        <vers num="1.3.11"/>
+        <vers num="1.3.12"/>
+        <vers num="1.3.13"/>
+        <vers num="1.3.14"/>
+        <vers num="1.3.2"/>
+        <vers num="1.3.3"/>
+        <vers num="1.3.4"/>
+        <vers num="1.3.5"/>
+        <vers num="1.3.6"/>
+        <vers num="1.3.7"/>
+        <vers num="1.3.8"/>
+        <vers num="1.3.9" edition="pl1"/>
+        <vers num="1.4" edition="alpha1"/>
+        <vers num="1.4" edition="alpha2"/>
+        <vers num="1.4.0"/>
+        <vers num="1.4.0a"/>
+        <vers num="1.4.1"/>
+        <vers num="1.4.10"/>
+        <vers num="1.4.11"/>
+        <vers num="1.4.2"/>
+        <vers num="1.4.3"/>
+        <vers num="1.4.4"/>
+        <vers num="1.4.5"/>
+        <vers num="1.4.6"/>
+        <vers num="1.4.7"/>
+        <vers num="1.4.8"/>
+        <vers num="1.4.9"/>
+        <vers num="1.5" edition="alpha1"/>
+        <vers num="1.5" edition="alpha2"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5" edition="beta3"/>
+        <vers num="1.5" edition="rc1"/>
+        <vers num="1.5" edition="rc2"/>
+        <vers num="1.5" edition="rc3"/>
+        <vers num="1.5" edition="rc4"/>
+        <vers num="1.5" edition="rc5"/>
+        <vers num="1.5.0"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="1.5.9"/>
+        <vers num="1.6.0"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.10"/>
+        <vers num="1.6.11"/>
+        <vers num="1.6.12"/>
+        <vers num="1.6.2"/>
+        <vers num="1.6.3"/>
+        <vers num="1.6.4"/>
+        <vers num="1.6.5"/>
+        <vers num="1.6.6"/>
+        <vers num="1.6.7"/>
+        <vers num="1.6.8"/>
+        <vers num="1.6.9"/>
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.15"/>
+        <vers num="2.0.16"/>
+        <vers num="2.0.17"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.5.0"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="2.5.5"/>
+        <vers num="2.5.6"/>
+        <vers num="2.5.7"/>
+        <vers num="2.6.0"/>
+        <vers num="2.6.1"/>
+        <vers num="2.6.10"/>
+        <vers num="2.6.11"/>
+        <vers num="2.6.12"/>
+        <vers num="2.6.13"/>
+        <vers num="2.6.14"/>
+        <vers num="2.6.15"/>
+        <vers num="2.6.16"/>
+        <vers num="2.6.17"/>
+        <vers num="2.6.18"/>
+        <vers num="2.6.2"/>
+        <vers num="2.6.3"/>
+        <vers num="2.6.4"/>
+        <vers num="2.6.5"/>
+        <vers num="2.6.6"/>
+        <vers num="2.6.7"/>
+        <vers num="2.6.8"/>
+        <vers num="2.6.9"/>
+        <vers num="2.7.0"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.7.3"/>
+        <vers num="2.7.4"/>
+        <vers num="2.7.5"/>
+        <vers num="2.7.6"/>
+        <vers num="2.7.7"/>
+        <vers num="2.7.8"/>
+        <vers num="2.7.9"/>
+        <vers num="2.8.0"/>
+        <vers num="2.8.1"/>
+        <vers num="2.8.2"/>
+        <vers num="2.8.3"/>
+        <vers num="2.8.4"/>
+        <vers prev="1" num="2.8.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0815" published="2014-02-06" name="CVE-2014-0815" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91090" source="XF">opera-android-cve20140815-info-disc(91090)</ref>
+      <ref url="http://www.securityfocus.com/bid/65391" source="BID">65391</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000014" source="JVNDB">JVNDB-2014-000014</ref>
+      <ref url="http://jvn.jp/en/jp/JVN23256725/index.html" source="JVN">JVN#23256725</ref>
+      <ref url="http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/" source="CONFIRM" adv="1">http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="opera" name="opera_browser">
+        <vers num="1.00"/>
+        <vers num="10.00" edition="alpha"/>
+        <vers num="10.00" edition="beta1"/>
+        <vers num="10.00" edition="beta2"/>
+        <vers num="10.00" edition="beta3"/>
+        <vers num="10.01"/>
+        <vers num="10.10" edition="beta1"/>
+        <vers num="10.11"/>
+        <vers num="10.20" edition="alpha"/>
+        <vers num="10.50" edition="beta1"/>
+        <vers num="10.50" edition="beta2"/>
+        <vers num="10.51"/>
+        <vers num="10.52" edition="beta1"/>
+        <vers num="10.52" edition="beta2"/>
+        <vers num="10.53" edition="b"/>
+        <vers num="10.53" edition="beta1"/>
+        <vers num="10.54"/>
+        <vers num="10.60" edition="alpha"/>
+        <vers num="10.60" edition="beta1"/>
+        <vers num="10.61"/>
+        <vers num="10.62"/>
+        <vers num="10.63"/>
+        <vers num="11.00" edition="beta"/>
+        <vers num="11.01"/>
+        <vers num="11.10" edition="beta"/>
+        <vers num="11.11"/>
+        <vers num="11.50" edition="beta"/>
+        <vers num="11.51"/>
+        <vers num="11.52"/>
+        <vers num="11.52.1100"/>
+        <vers num="11.60" edition="beta"/>
+        <vers num="11.61"/>
+        <vers num="11.62"/>
+        <vers num="11.64"/>
+        <vers num="11.65"/>
+        <vers num="11.66"/>
+        <vers num="11.67"/>
+        <vers num="12.00" edition="beta"/>
+        <vers num="12.01"/>
+        <vers num="12.02"/>
+        <vers num="12.10" edition="beta"/>
+        <vers num="12.11"/>
+        <vers num="12.12"/>
+        <vers num="12.13"/>
+        <vers num="12.14"/>
+        <vers num="12.15"/>
+        <vers num="15.00" edition="next"/>
+        <vers num="16.00"/>
+        <vers prev="1" num="17.00"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0816" published="2014-02-26" name="CVE-2014-0816" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000026" source="JVNDB">JVNDB-2014-000026</ref>
+      <ref url="http://jvn.jp/en/jp/JVN02017463/index.html" source="JVN">JVN#02017463</ref>
+      <ref url="http://jvn.jp/en/jp/JVN02017463/995510/index.html" source="CONFIRM">http://jvn.jp/en/jp/JVN02017463/995510/index.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="norman" name="security_suite">
+        <vers num="10.0"/>
+        <vers prev="1" num="10.1"/>
+        <vers num="8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0817" published="2014-02-26" name="CVE-2014-0817" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:N)" CVSS_score="4.9" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="6.8" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://support.cybozu.com/ja-jp/article/7992" source="CONFIRM" patch="1" adv="1">https://support.cybozu.com/ja-jp/article/7992</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000021" source="JVNDB">JVNDB-2014-000021</ref>
+      <ref url="http://jvn.jp/en/jp/JVN24035499/index.html" source="JVN">JVN#24035499</ref>
+      <ref url="http://cs.cybozu.co.jp/information/gr20140225up03.php" source="CONFIRM" adv="1">http://cs.cybozu.co.jp/information/gr20140225up03.php</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cybozu" name="garoon">
+        <vers num="2.0" edition="sp1"/>
+        <vers num="2.0" edition="sp2"/>
+        <vers num="2.0" edition="sp3"/>
+        <vers num="2.0" edition="sp4"/>
+        <vers num="2.0" edition="sp5"/>
+        <vers num="2.0" edition="sp6"/>
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.1" edition="sp1"/>
+        <vers num="2.1" edition="sp2"/>
+        <vers num="2.1" edition="sp3"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.5" edition="sp1"/>
+        <vers num="2.5" edition="sp2"/>
+        <vers num="2.5" edition="sp3"/>
+        <vers num="2.5" edition="sp4"/>
+        <vers num="2.5.0"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="3.0" edition="sp1"/>
+        <vers num="3.0" edition="sp2"/>
+        <vers num="3.0" edition="sp3"/>
+        <vers num="3.1" edition="sp1"/>
+        <vers num="3.1" edition="sp2"/>
+        <vers num="3.1" edition="sp3"/>
+        <vers num="3.5" edition="sp1"/>
+        <vers num="3.5" edition="sp2"/>
+        <vers num="3.5" edition="sp3"/>
+        <vers num="3.5" edition="sp4"/>
+        <vers num="3.5" edition="sp5"/>
+        <vers num="3.5.3"/>
+        <vers num="3.7" edition="sp1"/>
+        <vers num="3.7" edition="sp2"/>
+        <vers num="3.7" edition="sp3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0818" published="2014-02-22" name="CVE-2014-0818" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000019" source="JVNDB">JVNDB-2014-000019</ref>
+      <ref url="http://jvn.jp/en/jp/JVN33382534/index.html" source="JVN">JVN#33382534</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="autodesk" name="autocad">
+        <vers num="2005" edition="::english"/>
+        <vers num="2006"/>
+        <vers num="2007" edition="::english"/>
+        <vers num="2010"/>
+        <vers num="2011"/>
+        <vers num="2012"/>
+        <vers prev="1" num="2013"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0819" published="2014-02-22" name="CVE-2014-0819" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="4.4" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.4" CVSS_base_score="4.4">
+    <desc>
+      <descript source="cve">Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000020" source="JVNDB">JVNDB-2014-000020</ref>
+      <ref url="http://jvn.jp/en/jp/JVN43254599/index.html" source="JVN">JVN#43254599</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="autodesk" name="autocad">
+        <vers num="2005" edition="::english"/>
+        <vers num="2006"/>
+        <vers num="2007" edition="::english"/>
+        <vers num="2010"/>
+        <vers num="2011"/>
+        <vers num="2012"/>
+        <vers prev="1" num="2013"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0820" published="2014-02-26" name="CVE-2014-0820" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://support.cybozu.com/ja-jp/article/7994" source="CONFIRM" adv="1">https://support.cybozu.com/ja-jp/article/7994</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000023" source="JVNDB">JVNDB-2014-000023</ref>
+      <ref url="http://jvn.jp/en/jp/JVN26393529/index.html" source="JVN">JVN#26393529</ref>
+      <ref url="http://cs.cybozu.co.jp/information/gr20140225up05.php" source="CONFIRM" adv="1">http://cs.cybozu.co.jp/information/gr20140225up05.php</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cybozu" name="garoon">
+        <vers num="2.0" edition="sp1"/>
+        <vers num="2.0" edition="sp2"/>
+        <vers num="2.0" edition="sp3"/>
+        <vers num="2.0" edition="sp4"/>
+        <vers num="2.0" edition="sp5"/>
+        <vers num="2.0" edition="sp6"/>
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.1" edition="sp1"/>
+        <vers num="2.1" edition="sp2"/>
+        <vers num="2.1" edition="sp3"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.5" edition="sp1"/>
+        <vers num="2.5" edition="sp2"/>
+        <vers num="2.5" edition="sp3"/>
+        <vers num="2.5" edition="sp4"/>
+        <vers num="2.5.0"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="3.0" edition="sp1"/>
+        <vers num="3.0" edition="sp2"/>
+        <vers num="3.0" edition="sp3"/>
+        <vers num="3.1" edition="sp1"/>
+        <vers num="3.1" edition="sp2"/>
+        <vers num="3.1" edition="sp3"/>
+        <vers num="3.5" edition="sp1"/>
+        <vers num="3.5" edition="sp2"/>
+        <vers num="3.5" edition="sp3"/>
+        <vers num="3.5" edition="sp4"/>
+        <vers num="3.5" edition="sp5"/>
+        <vers num="3.5.3"/>
+        <vers num="3.7" edition="sp1"/>
+        <vers num="3.7" edition="sp2"/>
+        <vers num="3.7" edition="sp3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0821" published="2014-02-26" name="CVE-2014-0821" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://support.cybozu.com/ja-jp/article/7993" source="CONFIRM" adv="1">https://support.cybozu.com/ja-jp/article/7993</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000024" source="JVNDB">JVNDB-2014-000024</ref>
+      <ref url="http://jvn.jp/en/jp/JVN71045461/index.html" source="JVN">JVN#71045461</ref>
+      <ref url="http://cs.cybozu.co.jp/information/gr20140225up04.php" source="CONFIRM" adv="1">http://cs.cybozu.co.jp/information/gr20140225up04.php</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cybozu" name="garoon">
+        <vers num="2.0" edition="sp1"/>
+        <vers num="2.0" edition="sp2"/>
+        <vers num="2.0" edition="sp3"/>
+        <vers num="2.0" edition="sp4"/>
+        <vers num="2.0" edition="sp5"/>
+        <vers num="2.0" edition="sp6"/>
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.1" edition="sp1"/>
+        <vers num="2.1" edition="sp2"/>
+        <vers num="2.1" edition="sp3"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.5" edition="sp1"/>
+        <vers num="2.5" edition="sp2"/>
+        <vers num="2.5" edition="sp3"/>
+        <vers num="2.5" edition="sp4"/>
+        <vers num="2.5.0"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="3.0" edition="sp1"/>
+        <vers num="3.0" edition="sp2"/>
+        <vers num="3.0" edition="sp3"/>
+        <vers num="3.1" edition="sp1"/>
+        <vers num="3.1" edition="sp2"/>
+        <vers num="3.1" edition="sp3"/>
+        <vers num="3.5" edition="sp1"/>
+        <vers num="3.5" edition="sp2"/>
+        <vers num="3.5" edition="sp3"/>
+        <vers num="3.5" edition="sp4"/>
+        <vers num="3.5" edition="sp5"/>
+        <vers num="3.5.3"/>
+        <vers num="3.7" edition="sp1"/>
+        <vers num="3.7" edition="sp2"/>
+        <vers num="3.7" edition="sp3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0822" published="2014-02-06" name="CVE-2014-0822" modified="2014-02-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90235" source="XF">ibm-domino-cve20140822-dos(90235)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21663023" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21663023</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="lotus_domino_server">
+        <vers num="8.5.3.0"/>
+        <vers num="8.5.3.1"/>
+        <vers num="8.5.3.2"/>
+        <vers num="8.5.3.3"/>
+        <vers num="8.5.3.4"/>
+        <vers num="8.5.3.5"/>
+        <vers num="9.0.0.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0823" published="2014-05-01" name="CVE-2014-0823" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90498" source="XF">ibm-was-cve20140823-viewfiles(90498)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI05324" source="AIXAPAR">PI05324</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="websphere_application_server">
+        <vers num="8.0.0.0"/>
+        <vers num="8.0.0.1"/>
+        <vers num="8.0.0.2"/>
+        <vers num="8.0.0.3"/>
+        <vers num="8.0.0.4"/>
+        <vers num="8.0.0.5"/>
+        <vers num="8.0.0.6"/>
+        <vers num="8.0.0.7"/>
+        <vers num="8.0.0.8"/>
+        <vers num="8.5.0.0"/>
+        <vers num="8.5.0.1"/>
+        <vers num="8.5.0.2"/>
+        <vers num="8.5.5.0"/>
+        <vers num="8.5.5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0827" published="2014-04-05" name="CVE-2014-0827" modified="2014-04-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workload Replay 1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90503" source="XF">ibm-infosphere-cve20140827-xss(90503)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21669093" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21669093</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="optim_workload_replay">
+        <vers num="1.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0828" published="2014-04-01" name="CVE-2014-0828" modified="2014-04-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90566" source="XF">ibm-wsportal-cve20140828-wcm-xss(90566)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21667016" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21667016</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI10734" source="AIXAPAR">PI10734</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="websphere_portal">
+        <vers num="6.1.0.0"/>
+        <vers num="6.1.0.1"/>
+        <vers num="6.1.0.2"/>
+        <vers num="6.1.0.3"/>
+        <vers num="6.1.0.4"/>
+        <vers num="6.1.0.5"/>
+        <vers num="6.1.0.6"/>
+        <vers num="6.1.5.0"/>
+        <vers num="6.1.5.1"/>
+        <vers num="6.1.5.2"/>
+        <vers num="6.1.5.3"/>
+        <vers num="7.0.0.0"/>
+        <vers num="7.0.0.1"/>
+        <vers num="7.0.0.2"/>
+        <vers num="8.0.0.0"/>
+        <vers num="8.0.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0829" published="2014-03-21" name="CVE-2014-0829" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.13, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.3 allow remote authenticated users to obtain privileged access via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www-01.ibm.com/support/docview.wss?&amp;uid=swg21662086" source="CONFIRM" patch="1" adv="1">http://www-01.ibm.com/support/docview.wss?&amp;uid=swg21662086</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90568" source="XF">ibm-clearcase-cve20140829-bo(90568)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="rational_clearcase">
+        <vers num="7.0.0.3"/>
+        <vers num="7.0.0.4"/>
+        <vers num="7.0.0.5"/>
+        <vers num="7.0.0.6"/>
+        <vers num="7.0.0.7"/>
+        <vers num="7.0.0.8"/>
+        <vers num="7.0.0.9"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.1.1"/>
+        <vers num="7.0.1.10"/>
+        <vers num="7.0.1.11"/>
+        <vers num="7.0.1.2"/>
+        <vers num="7.0.1.3"/>
+        <vers num="7.0.1.4"/>
+        <vers num="7.0.1.5"/>
+        <vers num="7.0.1.6"/>
+        <vers num="7.0.1.7"/>
+        <vers num="7.0.1.8"/>
+        <vers num="7.0.1.9"/>
+        <vers num="7.1"/>
+        <vers num="7.1.0.1"/>
+        <vers num="7.1.0.2"/>
+        <vers num="7.1.1"/>
+        <vers num="7.1.1.1"/>
+        <vers num="7.1.1.2"/>
+        <vers num="7.1.1.3"/>
+        <vers num="7.1.1.4"/>
+        <vers num="7.1.1.5"/>
+        <vers num="7.1.1.6"/>
+        <vers num="7.1.1.7"/>
+        <vers num="7.1.1.8"/>
+        <vers num="7.1.1.9"/>
+        <vers num="7.1.2"/>
+        <vers num="7.1.2.1"/>
+        <vers num="7.1.2.10"/>
+        <vers num="7.1.2.11"/>
+        <vers num="7.1.2.12"/>
+        <vers num="7.1.2.2"/>
+        <vers num="7.1.2.3"/>
+        <vers num="7.1.2.4"/>
+        <vers num="7.1.2.5"/>
+        <vers num="7.1.2.6"/>
+        <vers num="7.1.2.7"/>
+        <vers num="7.1.2.9"/>
+        <vers num="8.0"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.0.1"/>
+        <vers num="8.0.0.2"/>
+        <vers num="8.0.0.3"/>
+        <vers num="8.0.0.4"/>
+        <vers num="8.0.0.5"/>
+        <vers num="8.0.0.6"/>
+        <vers num="8.0.0.7"/>
+        <vers num="8.0.0.8"/>
+        <vers num="8.0.0.9"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.1.1"/>
+        <vers num="8.0.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0830" published="2014-02-01" name="CVE-2014-0830" modified="2014-02-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the table-export implementation in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 and 2.1 before 2.1.0.1 allows remote authenticated users to read arbitrary files via a modified pathname.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90584" source="XF">ibm-ftm-cve20140830-trav(90584)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21662714" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21662714</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="financial_transaction_manager">
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.1.0.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0831" published="2014-02-01" name="CVE-2014-0831" modified="2014-02-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90585" source="XF">ibm-ftm-cve20140831-csrf(90585)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21662714" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21662714</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="financial_transaction_manager">
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0832" published="2014-02-01" name="CVE-2014-0832" modified="2014-02-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted text value.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90586" source="XF">ibm-ftm-cve20140832-xss(90586)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21662714" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21662714</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="financial_transaction_manager">
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0833" published="2014-02-01" name="CVE-2014-0833" modified="2014-02-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_score="5.5" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.0" CVSS_base_score="5.5">
+    <desc>
+      <descript source="cve">The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90612" source="XF">ibm-ftm-cve20140833-auth(90612)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21662714" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21662714</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="financial_transaction_manager">
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0834" published="2014-02-04" name="CVE-2014-0834" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90647" source="XF">ibm-gpfs-cve20140834-dos(90647)</ref>
+      <ref url="http://www.securityfocus.com/bid/65297" source="BID">65297</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1IV54381" source="AIXAPAR" adv="1">IV54381</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1IV52863" source="AIXAPAR" adv="1">IV52863</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=isg3T1020542" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=isg3T1020542</ref>
+      <ref url="http://osvdb.org/102765" source="OSVDB">102765</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="general_parallel_file_system">
+        <vers num="3.4.0.0"/>
+        <vers num="3.4.0.10"/>
+        <vers num="3.4.0.11"/>
+        <vers num="3.4.0.12"/>
+        <vers num="3.4.0.13"/>
+        <vers num="3.4.0.14"/>
+        <vers num="3.4.0.15"/>
+        <vers num="3.4.0.16"/>
+        <vers num="3.4.0.17"/>
+        <vers num="3.4.0.18"/>
+        <vers num="3.4.0.19"/>
+        <vers num="3.4.0.2"/>
+        <vers num="3.4.0.20"/>
+        <vers num="3.4.0.21"/>
+        <vers num="3.4.0.22"/>
+        <vers num="3.4.0.23"/>
+        <vers num="3.4.0.24"/>
+        <vers num="3.4.0.25"/>
+        <vers num="3.4.0.26"/>
+        <vers num="3.4.0.27"/>
+        <vers num="3.4.0.3"/>
+        <vers num="3.4.0.4"/>
+        <vers num="3.4.0.5"/>
+        <vers num="3.4.0.6"/>
+        <vers num="3.4.0.7"/>
+        <vers num="3.4.0.8"/>
+        <vers num="3.4.0.9"/>
+        <vers num="3.5.0.0"/>
+        <vers num="3.5.0.10"/>
+        <vers num="3.5.0.11"/>
+        <vers num="3.5.0.12"/>
+        <vers num="3.5.0.13"/>
+        <vers num="3.5.0.14"/>
+        <vers num="3.5.0.15"/>
+        <vers num="3.5.0.16"/>
+        <vers num="3.5.0.2"/>
+        <vers num="3.5.0.3"/>
+        <vers num="3.5.0.4"/>
+        <vers num="3.5.0.6"/>
+        <vers num="3.5.0.7"/>
+        <vers num="3.5.0.8"/>
+        <vers num="3.5.0.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0835" published="2014-01-30" name="CVE-2014-0835" modified="2014-02-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90678" source="XF">ibm-qradar-cve20140835-csrf(90678)</ref>
+      <ref url="http://www.securityfocus.com/bid/65127" source="BID">65127</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21663066" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21663066</ref>
+      <ref url="http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html" source="MISC">http://thomaspollet.blogspot.be/2014/01/ibm-qradar-siem-csrf-xss-mitm-rce.html</ref>
+      <ref url="http://secunia.com/advisories/56653" source="SECUNIA">56653</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Jan/166" source="FULLDISC">20140124 ADV: IBM QRadar SIEM</ref>
+      <ref url="http://osvdb.org/102554" source="OSVDB">102554</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="qradar_security_information_and_event_manager">
+        <vers prev="1" num="7.2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0836" published="2014-01-30" name="CVE-2014-0836" modified="2014-02-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90679" source="XF">ibm-qradar-cve20140836-xss(90679)</ref>
+      <ref url="http://www.securityfocus.com/bid/65127" source="BID">65127</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21663066" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21663066</ref>
+      <ref url="http://secunia.com/advisories/56653" source="SECUNIA">56653</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Jan/166" source="FULLDISC">20140124 ADV: IBM QRadar SIEM</ref>
+      <ref url="http://osvdb.org/102555" source="OSVDB">102555</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="qradar_security_information_and_event_manager">
+        <vers prev="1" num="7.2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0837" published="2014-01-30" name="CVE-2014-0837" modified="2014-02-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90680" source="XF">ibm-qradar-cve20140837-mitm(90680)</ref>
+      <ref url="http://www.securityfocus.com/bid/65127" source="BID">65127</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21663066" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21663066</ref>
+      <ref url="http://secunia.com/advisories/56653" source="SECUNIA">56653</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Jan/166" source="FULLDISC">20140124 ADV: IBM QRadar SIEM</ref>
+      <ref url="http://osvdb.org/102552" source="OSVDB">102552</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="qradar_security_information_and_event_manager">
+        <vers prev="1" num="7.2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0838" published="2014-01-30" name="CVE-2014-0838" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90681" source="XF">ibm-qradar-cve20140838-command-exec(90681)</ref>
+      <ref url="http://www.securityfocus.com/bid/65127" source="BID">65127</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21663066" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21663066</ref>
+      <ref url="http://osvdb.org/102553" source="OSVDB">102553</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="qradar_security_information_and_event_manager">
+        <vers prev="1" num="7.2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0839" published="2014-02-25" name="CVE-2014-0839" modified="2014-02-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21665005" source="CONFIRM" patch="1" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21665005</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90696" source="XF">ibm-focalpoint-cve20140839-sec-bypass(90696)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="rational_focal_point">
+        <vers num="6.4"/>
+        <vers num="6.4.0.1"/>
+        <vers num="6.4.1.0"/>
+        <vers num="6.4.1.1"/>
+        <vers num="6.4.1.2"/>
+        <vers num="6.4.1.3"/>
+        <vers num="6.5"/>
+        <vers num="6.5.0.1"/>
+        <vers num="6.5.0.2"/>
+        <vers num="6.5.1"/>
+        <vers num="6.5.1.1"/>
+        <vers num="6.5.2"/>
+        <vers num="6.5.2.1"/>
+        <vers num="6.5.2.2"/>
+        <vers num="6.5.2.3"/>
+        <vers num="6.6"/>
+        <vers num="6.6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0840" published="2014-02-25" name="CVE-2014-0840" modified="2014-02-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21665005" source="CONFIRM" patch="1" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21665005</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90698" source="XF">ibm-focalpoint-cve20140840-xss(90698)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="rational_focal_point">
+        <vers num="6.4"/>
+        <vers num="6.4.0.1"/>
+        <vers num="6.4.1.0"/>
+        <vers num="6.4.1.1"/>
+        <vers num="6.4.1.2"/>
+        <vers num="6.4.1.3"/>
+        <vers num="6.5"/>
+        <vers num="6.5.0.1"/>
+        <vers num="6.5.0.2"/>
+        <vers num="6.5.1"/>
+        <vers num="6.5.1.1"/>
+        <vers num="6.5.2"/>
+        <vers num="6.5.2.1"/>
+        <vers num="6.5.2.2"/>
+        <vers num="6.5.2.3"/>
+        <vers num="6.6"/>
+        <vers num="6.6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0842" published="2014-02-25" name="CVE-2014-0842" modified="2014-02-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The account-creation functionality in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 places the new user's default password within the creation page, which allows remote attackers to obtain sensitive information by reading the HTML source code.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21665005" source="CONFIRM" patch="1" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21665005</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90706" source="XF">ibm-focalpoint-cve20140842-default-pw(90706)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="rational_focal_point">
+        <vers num="6.4"/>
+        <vers num="6.4.0.1"/>
+        <vers num="6.4.1.0"/>
+        <vers num="6.4.1.1"/>
+        <vers num="6.4.1.2"/>
+        <vers num="6.4.1.3"/>
+        <vers num="6.5"/>
+        <vers num="6.5.0.1"/>
+        <vers num="6.5.0.2"/>
+        <vers num="6.5.1"/>
+        <vers num="6.5.1.1"/>
+        <vers num="6.5.2"/>
+        <vers num="6.5.2.1"/>
+        <vers num="6.5.2.2"/>
+        <vers num="6.5.2.3"/>
+        <vers num="6.6"/>
+        <vers num="6.6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0843" published="2014-02-25" name="CVE-2014-0843" modified="2014-02-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21665005" source="CONFIRM" patch="1" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21665005</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90714" source="XF">ibm-focalpoint-cve20140843-file-upload(90714)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="rational_focal_point">
+        <vers num="6.4"/>
+        <vers num="6.4.0.1"/>
+        <vers num="6.4.1.0"/>
+        <vers num="6.4.1.1"/>
+        <vers num="6.4.1.2"/>
+        <vers num="6.4.1.3"/>
+        <vers num="6.5"/>
+        <vers num="6.5.0.1"/>
+        <vers num="6.5.0.2"/>
+        <vers num="6.5.1"/>
+        <vers num="6.5.1.1"/>
+        <vers num="6.5.2"/>
+        <vers num="6.5.2.1"/>
+        <vers num="6.5.2.2"/>
+        <vers num="6.5.2.3"/>
+        <vers num="6.6"/>
+        <vers num="6.6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0844" published="2014-03-04" name="CVE-2014-0844" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:N/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90718" source="XF">ibm-rrc-cve20140844-retrieval(90718)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21664412" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21664412</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="rational_doors_next_generation">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.5"/>
+      </prod>
+      <prod vendor="ibm" name="rational_requirements_composer">
+        <vers num="3.0.1"/>
+        <vers num="3.0.1.1"/>
+        <vers num="3.0.1.2"/>
+        <vers num="3.0.1.3"/>
+        <vers num="3.0.1.4"/>
+        <vers num="3.0.1.5"/>
+        <vers num="3.0.1.6"/>
+        <vers num="4.0.0"/>
+        <vers num="4.0.0.1"/>
+        <vers num="4.0.0.2"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0845" published="2014-03-04" name="CVE-2014-0845" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:N)" CVSS_score="4.9" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="6.8" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">Open redirect vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90719" source="XF">ibm-rrc-cve20140845-redirect(90719)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21664412" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21664412</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="rational_doors_next_generation">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.5"/>
+      </prod>
+      <prod vendor="ibm" name="rational_requirements_composer">
+        <vers num="3.0.1"/>
+        <vers num="3.0.1.1"/>
+        <vers num="3.0.1.2"/>
+        <vers num="3.0.1.3"/>
+        <vers num="3.0.1.4"/>
+        <vers num="3.0.1.5"/>
+        <vers num="3.0.1.6"/>
+        <vers num="4.0.0"/>
+        <vers num="4.0.0.1"/>
+        <vers num="4.0.0.2"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0846" published="2014-03-04" name="CVE-2014-0846" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90720" source="XF">ibm-rrc-cve20140846-xss(90720)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21664412" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21664412</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="rational_doors_next_generation">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.5"/>
+      </prod>
+      <prod vendor="ibm" name="rational_requirements_composer">
+        <vers num="3.0.1"/>
+        <vers num="3.0.1.1"/>
+        <vers num="3.0.1.2"/>
+        <vers num="3.0.1.3"/>
+        <vers num="3.0.1.4"/>
+        <vers num="3.0.1.5"/>
+        <vers num="3.0.1.6"/>
+        <vers num="4.0.0"/>
+        <vers num="4.0.0.1"/>
+        <vers num="4.0.0.2"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0848" published="2014-03-26" name="CVE-2014-0848" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:N/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90723" source="XF">ibm-netezza-cve20140848-weak-sec(90723)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21665278" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21665278</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="netezza_performance_portal">
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0850" published="2014-03-16" name="CVE-2014-0850" modified="2014-03-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub 10.1 and 11.0 before 11.0.0.0-MDM-IF008 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90751" source="XF">ibm-mdm-rdm-cve20140850-xss(90751)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21666119" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21666119</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="infosphere_master_data_management_reference_data_management_hub">
+        <vers num="10.1"/>
+        <vers num="11.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0853" published="2014-02-25" name="CVE-2014-0853" modified="2014-02-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21665005" source="CONFIRM" patch="1" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21665005</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90754" source="XF">ibm-focalpoint-cve20140853-xss(90754)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="rational_focal_point">
+        <vers num="6.4"/>
+        <vers num="6.4.0.1"/>
+        <vers num="6.4.1.0"/>
+        <vers num="6.4.1.1"/>
+        <vers num="6.4.1.2"/>
+        <vers num="6.4.1.3"/>
+        <vers num="6.5"/>
+        <vers num="6.5.0.1"/>
+        <vers num="6.5.0.2"/>
+        <vers num="6.5.1"/>
+        <vers num="6.5.1.1"/>
+        <vers num="6.5.2"/>
+        <vers num="6.5.2.1"/>
+        <vers num="6.5.2.2"/>
+        <vers num="6.5.2.3"/>
+        <vers num="6.6"/>
+        <vers num="6.6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0854" published="2014-02-22" name="CVE-2014-0854" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90794" source="XF">ibm-cognos-cve20140854-xxe(90794)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21662856" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21662856</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="cognos_business_intelligence">
+        <vers num="10.1"/>
+        <vers num="10.1.1"/>
+        <vers num="10.2"/>
+        <vers num="10.2.1"/>
+        <vers num="10.2.1.1"/>
+        <vers num="8.4.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0855" published="2014-02-14" name="CVE-2014-0855" modified="2014-02-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections Portlets 4.x before 4.5.1 FP1 for IBM WebSphere Portal 7.0.0.2 and 8.0.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90802" source="XF">ibm-websphere-cve20140855-xss(90802)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21663921" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21663921</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="connections_portlets">
+        <vers num="4.0"/>
+        <vers num="4.5"/>
+        <vers num="4.5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0857" published="2014-05-01" name="CVE-2014-0857" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90863" source="XF">ibm-was-cve20140857-info-disc(90863)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI07808" source="AIXAPAR">PI07808</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="websphere_application_server">
+        <vers num="8.0.0.0"/>
+        <vers num="8.0.0.1"/>
+        <vers num="8.0.0.2"/>
+        <vers num="8.0.0.3"/>
+        <vers num="8.0.0.4"/>
+        <vers num="8.0.0.5"/>
+        <vers num="8.0.0.6"/>
+        <vers num="8.0.0.7"/>
+        <vers num="8.0.0.8"/>
+        <vers num="8.5.0.0"/>
+        <vers num="8.5.0.1"/>
+        <vers num="8.5.0.2"/>
+        <vers num="8.5.5.0"/>
+        <vers num="8.5.5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0858" published="2014-02-27" name="CVE-2014-0858" modified="2014-02-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90864" source="XF">ibm-navigator-cve20140858-xss(90864)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21665358" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21665358</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="content_navigator">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0859" published="2014-05-01" name="CVE-2014-0859" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90879" source="XF">ibm-was-cve20140859-retry(90879)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI08892" source="AIXAPAR">PI08892</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="websphere_application_server">
+        <vers num="7.0"/>
+        <vers num="7.0.0.1"/>
+        <vers num="7.0.0.10"/>
+        <vers num="7.0.0.11"/>
+        <vers num="7.0.0.12"/>
+        <vers num="7.0.0.13"/>
+        <vers num="7.0.0.14"/>
+        <vers num="7.0.0.15"/>
+        <vers num="7.0.0.16"/>
+        <vers num="7.0.0.17"/>
+        <vers num="7.0.0.18"/>
+        <vers num="7.0.0.19"/>
+        <vers num="7.0.0.2"/>
+        <vers num="7.0.0.21"/>
+        <vers num="7.0.0.22"/>
+        <vers num="7.0.0.23"/>
+        <vers num="7.0.0.24"/>
+        <vers num="7.0.0.25"/>
+        <vers num="7.0.0.27"/>
+        <vers num="7.0.0.29"/>
+        <vers num="7.0.0.3"/>
+        <vers num="7.0.0.31"/>
+        <vers num="7.0.0.4"/>
+        <vers num="7.0.0.5"/>
+        <vers num="7.0.0.6"/>
+        <vers num="7.0.0.7"/>
+        <vers num="7.0.0.8"/>
+        <vers num="7.0.0.9"/>
+        <vers num="8.0.0.0"/>
+        <vers num="8.0.0.1"/>
+        <vers num="8.0.0.2"/>
+        <vers num="8.0.0.3"/>
+        <vers num="8.0.0.4"/>
+        <vers num="8.0.0.5"/>
+        <vers num="8.0.0.6"/>
+        <vers num="8.0.0.7"/>
+        <vers num="8.0.0.8"/>
+        <vers num="8.5.0.0"/>
+        <vers num="8.5.0.1"/>
+        <vers num="8.5.0.2"/>
+        <vers num="8.5.5.0"/>
+        <vers num="8.5.5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0861" published="2014-02-22" name="CVE-2014-0861" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is not properly handled during use of the Back button.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21662856" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21662856</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="cognos_business_intelligence">
+        <vers num="10.1"/>
+        <vers num="10.1.1"/>
+        <vers num="10.2"/>
+        <vers num="10.2.1"/>
+        <vers num="10.2.1.1"/>
+        <vers num="8.4.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0862" published="2014-03-01" name="CVE-2014-0862" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Jazz Team Server in IBM Rational Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90895" source="XF">ibm-rationalclm-cve20140862-rce(90895)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21664566" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21664566</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="rational_collaborative_lifecycle_management">
+        <vers num="3.0.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.1.1"/>
+        <vers num="3.0.1.2"/>
+        <vers num="3.0.1.3"/>
+        <vers num="3.0.1.4"/>
+        <vers num="3.0.1.5"/>
+        <vers num="3.0.1.6"/>
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0873" published="2014-03-16" name="CVE-2014-0873" modified="2014-03-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Data Stewardship, (2) Business Admin, and (3) Product interfaces in IBM InfoSphere Master Data Management (MDM) Server 8.5 before 8.5.0.82, 9.0.1 before 9.0.1.38, 9.0.2 before 9.0.2.35, 10.0 before 10.0.0.0.26, and 10.1 before 10.1.0.0.15 allow remote attackers to hijack the authentication of arbitrary users.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90994" source="XF">ibm-infosphere-cve20140873-csrf(90994)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21666462" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21666462</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="infosphere_master_data_management_server">
+        <vers num="10.0"/>
+        <vers num="10.1"/>
+        <vers num="8.5"/>
+        <vers num="9.0.1"/>
+        <vers num="9.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0874" published="2014-02-28" name="CVE-2014-0874" modified="2014-02-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91002" source="XF">ibm-cn-cve20140874-xss(91002)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21665362" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21665362</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="content_navigator">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0879" published="2014-03-21" name="CVE-2014-0879" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21666888" source="CONFIRM" patch="1" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21666888</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91115" source="XF">ibm-taskmaster-cve20140879-code-exec(91115)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="datacap_taskmaster_capture">
+        <vers num="8.0.1"/>
+        <vers num="8.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0880" published="2014-03-28" name="CVE-2014-0880" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrative IP address.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91145" source="XF">ibm-storwize-cve20140880-cli(91145)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004570" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004570</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="flex_system_v7000_software">
+        <vers num="6.4.1.2"/>
+        <vers num="6.4.1.3"/>
+        <vers num="6.4.1.4"/>
+        <vers num="6.4.1.5"/>
+        <vers num="6.4.1.6"/>
+        <vers num="6.4.1.7"/>
+        <vers num="7.1.0.1"/>
+        <vers num="7.1.0.2"/>
+        <vers num="7.1.0.3"/>
+        <vers num="7.1.0.5"/>
+        <vers num="7.1.0.6"/>
+        <vers num="7.1.0.7"/>
+        <vers num="7.2.0.0"/>
+        <vers num="7.2.0.1"/>
+        <vers num="7.2.0.2"/>
+      </prod>
+      <prod vendor="ibm" name="san_volume_controller_software">
+        <vers num="6.1.0.0"/>
+        <vers num="6.1.0.1"/>
+        <vers num="6.1.0.10"/>
+        <vers num="6.1.0.2"/>
+        <vers num="6.1.0.3"/>
+        <vers num="6.1.0.4"/>
+        <vers num="6.1.0.5"/>
+        <vers num="6.1.0.6"/>
+        <vers num="6.1.0.7"/>
+        <vers num="6.1.0.8"/>
+        <vers num="6.1.0.9"/>
+        <vers num="6.2.0.0"/>
+        <vers num="6.2.0.1"/>
+        <vers num="6.2.0.2"/>
+        <vers num="6.2.0.3"/>
+        <vers num="6.2.0.4"/>
+        <vers num="6.2.0.5"/>
+        <vers num="6.2.0.6"/>
+        <vers num="6.3.0.0"/>
+        <vers num="6.3.0.1"/>
+        <vers num="6.3.0.2"/>
+        <vers num="6.3.0.3"/>
+        <vers num="6.3.0.4"/>
+        <vers num="6.3.0.5"/>
+        <vers num="6.3.0.6"/>
+        <vers num="6.3.0.7"/>
+        <vers num="6.4.0.0"/>
+        <vers num="6.4.0.1"/>
+        <vers num="6.4.0.2"/>
+        <vers num="6.4.0.3"/>
+        <vers num="6.4.0.4"/>
+        <vers num="6.4.1.1"/>
+        <vers num="6.4.1.2"/>
+        <vers num="6.4.1.3"/>
+        <vers num="6.4.1.4"/>
+        <vers num="6.4.1.5"/>
+        <vers num="6.4.1.6"/>
+        <vers num="6.4.1.7"/>
+        <vers num="7.1.0.0"/>
+        <vers num="7.1.0.1"/>
+        <vers num="7.1.0.2"/>
+        <vers num="7.1.0.3"/>
+        <vers num="7.1.0.5"/>
+        <vers num="7.1.0.6"/>
+        <vers num="7.1.0.7"/>
+        <vers num="7.2.0.0"/>
+        <vers num="7.2.0.1"/>
+        <vers num="7.2.0.2"/>
+      </prod>
+      <prod vendor="ibm" name="storwize_v3500_software">
+        <vers num="6.4.1.0"/>
+        <vers num="6.4.1.1"/>
+        <vers num="6.4.1.2"/>
+        <vers num="6.4.1.3"/>
+        <vers num="6.4.1.4"/>
+        <vers num="6.4.1.5"/>
+        <vers num="6.4.1.6"/>
+        <vers num="6.4.1.7"/>
+        <vers num="7.1.0.0"/>
+        <vers num="7.1.0.1"/>
+        <vers num="7.1.0.2"/>
+        <vers num="7.1.0.3"/>
+        <vers num="7.1.0.5"/>
+        <vers num="7.1.0.6"/>
+        <vers num="7.2.0.0"/>
+        <vers num="7.2.0.1"/>
+        <vers num="7.2.0.2"/>
+      </prod>
+      <prod vendor="ibm" name="storwize_v3700_software">
+        <vers num="6.4.1.0"/>
+        <vers num="6.4.1.1"/>
+        <vers num="6.4.1.2"/>
+        <vers num="6.4.1.3"/>
+        <vers num="6.4.1.4"/>
+        <vers num="6.4.1.5"/>
+        <vers num="6.4.1.6"/>
+        <vers num="6.4.1.7"/>
+        <vers num="7.1.0.0"/>
+        <vers num="7.1.0.1"/>
+        <vers num="7.1.0.2"/>
+        <vers num="7.1.0.3"/>
+        <vers num="7.1.0.5"/>
+        <vers num="7.1.0.6"/>
+        <vers num="7.1.0.7"/>
+        <vers num="7.2.0.0"/>
+        <vers num="7.2.0.1"/>
+        <vers num="7.2.0.2"/>
+      </prod>
+      <prod vendor="ibm" name="storwize_v5000_software">
+        <vers num="7.1.0.2"/>
+        <vers num="7.1.0.3"/>
+        <vers num="7.1.0.4"/>
+        <vers num="7.1.0.5"/>
+        <vers num="7.1.0.6"/>
+        <vers num="7.1.0.7"/>
+        <vers num="7.2.0.0"/>
+        <vers num="7.2.0.1"/>
+        <vers num="7.2.0.2"/>
+      </prod>
+      <prod vendor="ibm" name="storwize_v7000_software">
+        <vers num="6.3.0.0"/>
+        <vers num="6.3.0.1"/>
+        <vers num="6.3.0.2"/>
+        <vers num="6.3.0.3"/>
+        <vers num="6.3.0.4"/>
+        <vers num="6.3.0.5"/>
+        <vers num="6.3.0.6"/>
+        <vers num="6.3.0.7"/>
+        <vers num="6.4.0.0"/>
+        <vers num="6.4.0.1"/>
+        <vers num="6.4.0.2"/>
+        <vers num="6.4.0.3"/>
+        <vers num="6.4.0.4"/>
+        <vers num="6.4.1.1"/>
+        <vers num="6.4.1.2"/>
+        <vers num="6.4.1.3"/>
+        <vers num="6.4.1.4"/>
+        <vers num="6.4.1.5"/>
+        <vers num="6.4.1.6"/>
+        <vers num="6.4.1.7"/>
+        <vers num="7.1.0.0"/>
+        <vers num="7.1.0.1"/>
+        <vers num="7.1.0.2"/>
+        <vers num="7.1.0.3"/>
+        <vers num="7.1.0.5"/>
+        <vers num="7.1.0.6"/>
+        <vers num="7.1.0.7"/>
+        <vers num="7.2.0.0"/>
+        <vers num="7.2.0.1"/>
+        <vers num="7.2.0.2"/>
+      </prod>
+      <prod vendor="ibm" name="flex_system_v7000">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="ibm" name="san_volume_controller">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="ibm" name="storwize_v3500">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="ibm" name="storwize_v3700">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="ibm" name="storwize_v5000">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="ibm" name="storwize_v7000">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0884" published="2014-03-25" name="CVE-2014-0884" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91170" source="XF">ibm-lpms-cve20140884-xss(91170)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21668124" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21668124</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="lotus_protector_for_mail_security">
+        <vers num="2.8"/>
+        <vers num="2.8.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0885" published="2014-03-25" name="CVE-2014-0885" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91171" source="XF">ibm-lpms-cve20140885-csrf(91171)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21668124" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21668124</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="lotus_protector_for_mail_security">
+        <vers num="2.8"/>
+        <vers num="2.8.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0886" published="2014-03-25" name="CVE-2014-0886" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:S/C:C/I:C/A:C)" CVSS_score="7.1" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91172" source="XF">ibm-lpms-cve20140886-command(91172)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21668124" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21668124</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="lotus_protector_for_mail_security">
+        <vers num="2.8"/>
+        <vers num="2.8.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0887" published="2014-03-25" name="CVE-2014-0887" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:S/C:C/I:C/A:C)" CVSS_score="7.1" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91173" source="XF">ibm-lpms-cve20140887-command-root(91173)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21668124" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21668124</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="lotus_protector_for_mail_security">
+        <vers num="2.8"/>
+        <vers num="2.8.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0890" published="2014-03-06" name="CVE-2014-0890" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="1.9" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.4" CVSS_base_score="1.9">
+    <desc>
+      <descript source="cve">The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91282" source="XF">ibm-lotus-cve20148090-info-disc(91282)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21665658" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21665658</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="sametime">
+        <vers num="8.5.1.0"/>
+        <vers num="8.5.1.1"/>
+        <vers num="8.5.1.2"/>
+        <vers num="8.5.2.0"/>
+        <vers num="8.5.2.1"/>
+        <vers num="9.0.0.0"/>
+        <vers num="9.0.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0892" published="2014-04-23" name="CVE-2014-0892" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/350089" source="CERT-VN">VU#350089</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91286" source="XF">ibm-notes-cve20140892-linux32-rce(91286)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21670264" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21670264</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="lotus_domino">
+        <vers num="8.5.0"/>
+        <vers num="8.5.0.1"/>
+        <vers num="8.5.1"/>
+        <vers num="8.5.1.1"/>
+        <vers num="8.5.1.2"/>
+        <vers num="8.5.1.3"/>
+        <vers num="8.5.1.4"/>
+        <vers num="8.5.1.5"/>
+        <vers num="8.5.2.0"/>
+        <vers num="8.5.2.1"/>
+        <vers num="8.5.2.2"/>
+        <vers num="8.5.2.3"/>
+        <vers num="8.5.2.4"/>
+        <vers num="8.5.3.0"/>
+        <vers num="8.5.3.1"/>
+        <vers num="8.5.3.2"/>
+        <vers num="8.5.3.3"/>
+        <vers num="8.5.3.4"/>
+        <vers num="8.5.3.5"/>
+        <vers num="8.5.3.6"/>
+        <vers num="9.0.0.0"/>
+        <vers num="9.0.1.0"/>
+      </prod>
+      <prod vendor="ibm" name="lotus_notes">
+        <vers num="8.5"/>
+        <vers num="8.5.0.0"/>
+        <vers num="8.5.0.1"/>
+        <vers num="8.5.1"/>
+        <vers num="8.5.1.0"/>
+        <vers num="8.5.1.1"/>
+        <vers num="8.5.1.2"/>
+        <vers num="8.5.1.3"/>
+        <vers num="8.5.1.4"/>
+        <vers num="8.5.1.5"/>
+        <vers num="8.5.2.0"/>
+        <vers num="8.5.2.1"/>
+        <vers num="8.5.2.2"/>
+        <vers num="8.5.2.3"/>
+        <vers num="8.5.3"/>
+        <vers num="8.5.3.1"/>
+        <vers num="8.5.3.2"/>
+        <vers num="8.5.3.3"/>
+        <vers num="8.5.3.4"/>
+        <vers num="8.5.3.5"/>
+        <vers num="8.5.3.6"/>
+        <vers num="9.0.0.0"/>
+        <vers num="9.0.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0895" published="2014-03-16" name="CVE-2014-0895" modified="2014-03-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 3.0.1-IM-S3SAMPC-WIN32-FP001-IF02 allows remote attackers to execute arbitrary code via a crafted ComboList property value.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91314" source="XF">ibm-spss-cve20140895-code-exec(91314)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21666790" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21666790</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI09800" source="AIXAPAR">PI09800</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="spss_samplepower">
+        <vers num="3.0.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0896" published="2014-05-01" name="CVE-2014-0896" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91326" source="XF">ibm-was-cve20140896-info-disc(91326)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21669554" source="CONFIRM">http://www-01.ibm.com/support/docview.wss?uid=swg21669554</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI10134" source="AIXAPAR">PI10134</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="websphere_application_server">
+        <vers num="8.5.0.0" edition="-:liberty_profile"/>
+        <vers num="8.5.0.1" edition="-:liberty_profile"/>
+        <vers num="8.5.0.2" edition="-:liberty_profile"/>
+        <vers num="8.5.5.0" edition="-:liberty_profile"/>
+        <vers num="8.5.5.1" edition="-:liberty_profile"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0899" published="2014-03-11" name="CVE-2014-0899" modified="2014-03-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91396" source="XF">ibm-aix-wpar-ftpd(91396)</ref>
+      <ref url="http://www.ibm.com/support/docview.wss?uid=isg1IV51421" source="AIXAPAR">IV51421</ref>
+      <ref url="http://www.ibm.com/support/docview.wss?uid=isg1IV51420" source="AIXAPAR" adv="1">IV51420</ref>
+      <ref url="http://aix.software.ibm.com/aix/efixes/security/wparcre_advisory.asc" source="CONFIRM" adv="1">http://aix.software.ibm.com/aix/efixes/security/wparcre_advisory.asc</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="aix">
+        <vers num="7.1.1"/>
+        <vers num="7.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0901" published="2014-04-01" name="CVE-2014-0901" modified="2014-04-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91398" source="XF">ibm-wsportal-cve20140901-sr-xss(91398)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21667016" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21667016</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI12659" source="AIXAPAR">PI12659</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="websphere_portal">
+        <vers num="8.0.0.0"/>
+        <vers num="8.0.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0904" published="2014-03-26" name="CVE-2014-0904" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:C/I:C/A:C)" CVSS_score="7.6" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="4.9" CVSS_base_score="7.6">
+    <desc>
+      <descript source="cve">The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91536" source="XF">ibm-appscan-cve20140904-code-exec(91536)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21666775" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21666775</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="security_appscan">
+        <vers num="7.9" edition="-:standard"/>
+        <vers num="8.0" edition="-:standard"/>
+        <vers num="8.5" edition="-:standard"/>
+        <vers num="8.6" edition="-:standard"/>
+        <vers num="8.7" edition="-:standard"/>
+        <vers num="8.8" edition="-:standard"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0908" published="2014-04-10" name="CVE-2014-0908" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="6.0" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.8" CVSS_base_score="6.0">
+    <desc>
+      <descript source="cve">The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91870" source="XF">ibm-bpm-cve20140908-priv-escalation(91870)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21669330" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21669330</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1JR49505" source="AIXAPAR">JR49505</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="business_process_manager">
+        <vers num="7.5.0.0"/>
+        <vers num="7.5.0.1"/>
+        <vers num="7.5.1.0"/>
+        <vers num="7.5.1.1"/>
+        <vers num="7.5.1.2"/>
+        <vers num="8.0.0.0"/>
+        <vers num="8.0.1.0"/>
+        <vers num="8.0.1.1"/>
+        <vers num="8.0.1.2"/>
+        <vers num="8.5.0.0"/>
+        <vers num="8.5.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0920" published="2014-04-10" name="CVE-2014-0920" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92073" source="XF">ibm-spssas-cve20140920-plaintext-pw(92073)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21669506" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21669506</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1PI13527" source="AIXAPAR">PI13527</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="spss_analytic_server">
+        <vers num="1.0.0.0"/>
+        <vers num="1.0.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0921" published="2014-04-15" name="CVE-2014-0921" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92074" source="XF">ibm-messagesight-cve20140921-dos(92074)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21670278" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21670278</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1IC98583" source="AIXAPAR">IC98583</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="messagesight_jms_client">
+        <vers num="1.0.0.0"/>
+        <vers num="1.0.0.1"/>
+        <vers num="1.1.0.0"/>
+      </prod>
+      <prod vendor="ibm" name="messagesight">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0922" published="2014-04-15" name="CVE-2014-0922" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92075" source="XF">ibm-messagesight-cve20140922-dos(92075)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21670278" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21670278</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1IC98692" source="AIXAPAR">IC98692</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="messagesight_jms_client">
+        <vers num="1.0.0.0"/>
+        <vers num="1.0.0.1"/>
+        <vers num="1.1.0.0"/>
+      </prod>
+      <prod vendor="ibm" name="messagesight">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0923" published="2014-04-15" name="CVE-2014-0923" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92076" source="XF">ibm-messagesight-cve20140923-dos(92076)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21670278" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21670278</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1IT00582" source="AIXAPAR">IT00582</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="messagesight_jms_client">
+        <vers num="1.0.0.0"/>
+        <vers num="1.0.0.1"/>
+        <vers num="1.1.0.0"/>
+      </prod>
+      <prod vendor="ibm" name="messagesight">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0924" published="2014-04-15" name="CVE-2014-0924" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:S/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify that all of the characters of a password are correct, which makes it easier for remote authenticated users to bypass intended access restrictions by leveraging knowledge of a password substring.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92077" source="XF">ibm-messagesight-cve20140924-sec-bypass(92077)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21670278" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21670278</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1IT00583" source="AIXAPAR">IT00583</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="messagesight_jms_client">
+        <vers num="1.0.0.0"/>
+        <vers num="1.0.0.1"/>
+        <vers num="1.1.0.0"/>
+      </prod>
+      <prod vendor="ibm" name="messagesight">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0932" published="2014-04-21" name="CVE-2014-0932" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92264" source="XF">ibm-sterlingom-cve20140932-xss(92264)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21670912" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21670912</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg1IT00419" source="AIXAPAR">IT00419</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="sterling_order_management">
+        <vers num="8.5"/>
+      </prod>
+      <prod vendor="ibm" name="sterling_selling_and_fulfillment_foundation">
+        <vers num="9.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0941" published="2014-05-01" name="CVE-2014-0941" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0942.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92400" source="XF">ibm-netcoolomnibus-cve20140941-xss(92400)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21671686" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21671686</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="tivoli_netcool/omnibus">
+        <vers num="7.4.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0942" published="2014-05-01" name="CVE-2014-0942" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventViewer.jsp in the Web GUI in IBM Netcool/OMNIbus 7.4.0 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-0941.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92401" source="XF">ibm-netcoolomnibus-cve20140942-xss(92401)</ref>
+      <ref url="http://www-01.ibm.com/support/docview.wss?uid=swg21671686" source="CONFIRM" adv="1">http://www-01.ibm.com/support/docview.wss?uid=swg21671686</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ibm" name="tivoli_netcool/omnibus">
+        <vers num="7.4.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0977" published="2014-01-10" name="CVE-2014-0977" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90095" source="XF">movabletype-richtexteditor-xss(90095)</ref>
+      <ref url="http://www.securitytracker.com/id/1029588" source="SECTRACK">1029588</ref>
+      <ref url="http://www.securityfocus.com/bid/64657" source="BID">64657</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2841" source="DEBIAN">DSA-2841</ref>
+      <ref url="http://secunia.com/advisories/56405" source="SECUNIA">56405</ref>
+      <ref url="http://secunia.com/advisories/56295" source="SECUNIA" adv="1">56295</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/36" source="MLIST">[oss-security] 20140107 Re: CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/24" source="MLIST">[oss-security] 20140106 CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161</ref>
+      <ref url="http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html" source="CONFIRM" adv="1">http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html</ref>
+      <ref url="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304" source="CONFIRM">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sixapart" name="movabletype">
+        <vers num="5.0" edition="rc2"/>
+        <vers num="5.01"/>
+        <vers num="5.02"/>
+        <vers num="5.03"/>
+        <vers num="5.031"/>
+        <vers num="5.04"/>
+        <vers num="5.11"/>
+        <vers num="5.12"/>
+        <vers num="5.13"/>
+        <vers num="5.14"/>
+        <vers num="5.15"/>
+        <vers num="5.2"/>
+        <vers num="5.2.2"/>
+        <vers num="5.2.3"/>
+        <vers num="5.2.6"/>
+        <vers num="5.2.7"/>
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0978" published="2014-01-10" name="CVE-2014-0978" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a" source="CONFIRM" patch="1">https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1049165" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1049165</ref>
+      <ref url="https://bugs.gentoo.org/show_bug.cgi?id=497274" source="MISC">https://bugs.gentoo.org/show_bug.cgi?id=497274</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90085" source="XF">graphviz-yyerror-bo(90085)</ref>
+      <ref url="http://www.securityfocus.com/bid/64674" source="BID">64674</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:024" source="MANDRIVA">MDVSA-2014:024</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2843" source="DEBIAN">DSA-2843</ref>
+      <ref url="http://secunia.com/advisories/56244" source="SECUNIA">56244</ref>
+      <ref url="http://secunia.com/advisories/55666" source="SECUNIA" adv="1">55666</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/38" source="MLIST">[oss-security] 20140107 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/28" source="MLIST">[oss-security] 20140107 CVE Request: graphviz: stack-based buffer overflow in yyerror()</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="graphviz" name="graphviz">
+        <vers num="2.34.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-0979" published="2014-01-22" name="CVE-2014-0979" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/476.html
+
+"CWE-476: NULL Pointer Dereference"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.novell.com/show_bug.cgi?id=857303" source="CONFIRM">https://bugzilla.novell.com/show_bug.cgi?id=857303</ref>
+      <ref url="https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449" source="CONFIRM">https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449</ref>
+      <ref url="http://www.securityfocus.com/bid/64679" source="BID">64679</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/07/15" source="MLIST">[oss-security] 20140107 Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference</ref>
+      <ref url="http://secunia.com/advisories/56423" source="SECUNIA" adv="1">56423</ref>
+      <ref url="http://secunia.com/advisories/56211" source="SECUNIA" adv="1">56211</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-01/msg00048.html" source="SUSE">openSUSE-SU-2014:0071</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128150.html" source="FEDORA">FEDORA-2014-1648</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128117.html" source="FEDORA">FEDORA-2014-1647</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="lightdm_gtk+_greeter_project" name="lightdm_gtk+_greeter">
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.3"/>
+        <vers num="1.1.4"/>
+        <vers num="1.1.5"/>
+        <vers num="1.1.6"/>
+        <vers num="1.3.0"/>
+        <vers num="1.3.1"/>
+        <vers num="1.5.0"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.6.0"/>
+        <vers num="1.6.1"/>
+        <vers prev="1" num="1.7.0"/>
+      </prod>
+      <prod vendor="novell" name="opensuse">
+        <vers num="12.2"/>
+        <vers num="12.3"/>
+        <vers num="13.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-0980" published="2014-02-11" name="CVE-2014-0980" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90989" source="XF">publishit-cve20140980-bo(90989)</ref>
+      <ref url="http://www.securityfocus.com/bid/65366" source="BID">65366</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/530943/100/0/threaded" source="BUGTRAQ">20140205 CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability</ref>
+      <ref url="http://www.exploit-db.com/exploits/31461" source="EXPLOIT-DB">31461</ref>
+      <ref url="http://www.coresecurity.com/advisories/publish-it-buffer-overflow-vulnerability" source="MISC">http://www.coresecurity.com/advisories/publish-it-buffer-overflow-vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56618" source="SECUNIA" adv="1">56618</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Feb/34" source="FULLDISC">20140205 CORE-2014-0001 - Publish-It Buffer Overflow Vulnerability</ref>
+      <ref url="http://packetstormsecurity.com/files/125089" source="MISC">http://packetstormsecurity.com/files/125089</ref>
+      <ref url="http://osvdb.org/102911" source="OSVDB">102911</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="poster_software" name="publish_it">
+        <vers num="3.6d"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0981" published="2014-03-31" name="CVE-2014-0981" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="4.4" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.4" CVSS_base_score="4.4">
+    <desc>
+      <descript source="cve">VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption.  NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://www.virtualbox.org/changeset/50437/vbox" source="CONFIRM">https://www.virtualbox.org/changeset/50437/vbox</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531418/100/0/threaded" source="BUGTRAQ">20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+      <ref url="http://www.exploit-db.com/exploits/32208" source="EXPLOIT-DB">32208</ref>
+      <ref url="http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities" source="MISC">http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities</ref>
+      <ref url="http://secunia.com/advisories/57384" source="SECUNIA" adv="1">57384</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/95" source="FULLDISC">20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="vm_virtualbox">
+        <vers num="4.2.0"/>
+        <vers num="4.2.10"/>
+        <vers num="4.2.12"/>
+        <vers num="4.2.14"/>
+        <vers num="4.2.16"/>
+        <vers num="4.2.18"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.20"/>
+        <vers num="4.2.4"/>
+        <vers num="4.2.6"/>
+        <vers num="4.2.8"/>
+        <vers num="4.3.0"/>
+        <vers num="4.3.2"/>
+        <vers num="4.3.4"/>
+        <vers num="4.3.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-0982" reject="1" published="2014-03-31" name="CVE-2014-0982" modified="2014-03-31">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0981. Reason: This issue was MERGED into CVE-2014-0981 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should reference CVE-2014-0981 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
+    </desc>
+    <refs/>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0983" published="2014-03-31" name="CVE-2014-0983" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://www.virtualbox.org/changeset/50441/vbox" source="CONFIRM">https://www.virtualbox.org/changeset/50441/vbox</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531418/100/0/threaded" source="BUGTRAQ">20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+      <ref url="http://www.exploit-db.com/exploits/32208" source="EXPLOIT-DB">32208</ref>
+      <ref url="http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities" source="MISC">http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities</ref>
+      <ref url="http://secunia.com/advisories/57384" source="SECUNIA" adv="1">57384</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/95" source="FULLDISC">20140311 CORE-2014-0002 - Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="vm_virtualbox">
+        <vers num="4.2.0"/>
+        <vers num="4.2.10"/>
+        <vers num="4.2.12"/>
+        <vers num="4.2.14"/>
+        <vers num="4.2.16"/>
+        <vers num="4.2.18"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.20"/>
+        <vers num="4.2.4"/>
+        <vers num="4.2.6"/>
+        <vers num="4.2.8"/>
+        <vers num="4.3.0"/>
+        <vers num="4.3.2"/>
+        <vers num="4.3.4"/>
+        <vers num="4.3.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-0984" published="2014-04-17" name="CVE-2014-0984" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtrain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1986895" source="CONFIRM">https://service.sap.com/sap/support/notes/1986895</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531854/100/0/threaded" source="BUGTRAQ">20140416 [CORE-2014-0003] - SAP Router Password Timing Attack</ref>
+      <ref url="http://www.exploit-db.com/exploits/32919" source="EXPLOIT-DB">32919</ref>
+      <ref url="http://www.coresecurity.com/advisories/sap-router-password-timing-attack" source="MISC">http://www.coresecurity.com/advisories/sap-router-password-timing-attack</ref>
+      <ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="router">
+        <vers num="710" edition="029"/>
+        <vers num="720" edition="411"/>
+        <vers num="721" edition="117"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1201" published="2014-01-15" name="CVE-2014-1201" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html" source="MISC">https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-testcase.html</ref>
+      <ref url="https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt" source="MISC">https://github.com/pedrib/PoC/blob/master/lorexActivex/lorex-report.txt</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90223" source="XF">lorex-cve20141201-bo(90223)</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/530739/100/0/threaded" source="BUGTRAQ">20140110 [CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow</ref>
+      <ref url="http://osvdb.org/101903" source="OSVDB">101903</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="lorex_technology" name="edge+_lh320_firmware">
+        <vers num="7-35-28-1b26e"/>
+      </prod>
+      <prod vendor="lorex_technology" name="edge2_lh330_firmware">
+        <vers num="11.17.38-33_1d97a"/>
+      </prod>
+      <prod vendor="lorex_technology" name="edge3_lh340_firmware">
+        <vers num="11.19.85_1fe3a"/>
+      </prod>
+      <prod vendor="lorex_technology" name="edge_lh310_firmware">
+        <vers num="7-35-28-1b26e"/>
+      </prod>
+      <prod vendor="lorextechnology" name="edge">
+        <vers num="lh310"/>
+      </prod>
+      <prod vendor="lorextechnology" name="edge+">
+        <vers num="lh320"/>
+      </prod>
+      <prod vendor="lorextechnology" name="edge2">
+        <vers num="lh330"/>
+      </prod>
+      <prod vendor="lorextechnology" name="edge3">
+        <vers num="lh340"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1202" published="2014-01-24" name="CVE-2014-1202" modified="2014-01-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt" source="CONFIRM">https://github.com/SmartBear/soapui/blob/master/RELEASENOTES.txt</ref>
+      <ref url="http://www.youtube.com/watch?v=3lCLE64rsc0" source="MISC">http://www.youtube.com/watch?v=3lCLE64rsc0</ref>
+      <ref url="http://www.exploit-db.com/exploits/30908" source="EXPLOIT-DB">30908</ref>
+      <ref url="http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html" source="MISC">http://packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.html</ref>
+      <ref url="http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html" source="MISC">http://baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="eviware" name="soapui">
+        <vers num="2.5.1"/>
+        <vers num="3.0.1"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+      </prod>
+      <prod vendor="smartbear" name="soapui">
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0.1"/>
+        <vers num="4.5"/>
+        <vers num="4.5.1"/>
+        <vers num="4.5.2"/>
+        <vers num="4.6.0"/>
+        <vers num="4.6.1"/>
+        <vers num="4.6.2"/>
+        <vers prev="1" num="4.6.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1204" published="2014-01-31" name="CVE-2014-1204" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.  NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.trustwave.com/spiderlabs/advisories/TWSL2014-003.txt" source="MISC">https://www.trustwave.com/spiderlabs/advisories/TWSL2014-003.txt</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90730" source="XF">tableau-server-cve20141204-sql-injection(90730)</ref>
+      <ref url="http://www.tableausoftware.com/support/releases/812" source="CONFIRM" adv="1">http://www.tableausoftware.com/support/releases/812</ref>
+      <ref url="http://www.tableausoftware.com/support/releases/8.0.7" source="CONFIRM">http://www.tableausoftware.com/support/releases/8.0.7</ref>
+      <ref url="http://www.securitytracker.com/id/1029706" source="SECTRACK">1029706</ref>
+      <ref url="http://www.securityfocus.com/bid/65171" source="BID">65171</ref>
+      <ref url="http://www.exploit-db.com/exploits/31578" source="EXPLOIT-DB">31578</ref>
+      <ref url="http://secunia.com/advisories/56620" source="SECUNIA" adv="1">56620</ref>
+      <ref url="http://osvdb.org/102568" source="OSVDB">102568</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="tableau_software" name="tableau_server">
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+        <vers num="8.0.3"/>
+        <vers num="8.0.4"/>
+        <vers num="8.0.5"/>
+        <vers num="8.0.6"/>
+        <vers num="8.1"/>
+        <vers num="8.1.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1206" published="2014-01-15" name="CVE-2014-1206" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/64774" source="BID">64774</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531105/100/0/threaded" source="BUGTRAQ">20140214 [SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection</ref>
+      <ref url="http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf" source="MISC">http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf</ref>
+      <ref url="http://www.exploit-db.com/exploits/31738" source="EXPLOIT-DB">31738</ref>
+      <ref url="http://wiki.openwebanalytics.com/index.php?title=1.5.5" source="CONFIRM" adv="1">http://wiki.openwebanalytics.com/index.php?title=1.5.5</ref>
+      <ref url="http://secunia.com/advisories/56350" source="SECUNIA" adv="1">56350</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openwebanalytics" name="open_web_analytics">
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.1.0" edition="rc1"/>
+        <vers num="1.1.0" edition="rc2"/>
+        <vers num="1.1.0" edition="rc3"/>
+        <vers num="1.1.0" edition="rc4"/>
+        <vers num="1.1.1"/>
+        <vers num="1.2.0" edition="rc1"/>
+        <vers num="1.2.0" edition="rc2"/>
+        <vers num="1.2.0" edition="rc3"/>
+        <vers num="1.2.1" edition="rc1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.3.0" edition="rc1"/>
+        <vers num="1.3.1"/>
+        <vers num="1.4.0" edition="rc1"/>
+        <vers num="1.4.0" edition="rc2"/>
+        <vers num="1.4.0" edition="rc3"/>
+        <vers num="1.4.0" edition="rc4"/>
+        <vers num="1.4.1"/>
+        <vers num="1.5.0" edition="rc1"/>
+        <vers num="1.5.0" edition="rc2"/>
+        <vers num="1.5.0" edition="rc3"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers prev="1" num="1.5.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1207" published="2014-01-17" name="CVE-2014-1207" modified="2014-01-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers to cause a denial of service (NULL pointer dereference) by intercepting and modifying Network File Copy (NFC) traffic.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/476.html
+
+"CWE-476: NULL Pointer Dereference"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90559" source="XF">vmware-esx-cve20141207-dos(90559)</ref>
+      <ref url="http://www.vmware.com/security/advisories/VMSA-2014-0001.html" source="CONFIRM" adv="1">http://www.vmware.com/security/advisories/VMSA-2014-0001.html</ref>
+      <ref url="http://www.securitytracker.com/id/1029643" source="SECTRACK">1029643</ref>
+      <ref url="http://www.securityfocus.com/bid/64995" source="BID">64995</ref>
+      <ref url="http://secunia.com/advisories/56499" source="SECUNIA">56499</ref>
+      <ref url="http://osvdb.org/102196" source="OSVDB">102196</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="vmware" name="esx">
+        <vers num="4.0"/>
+        <vers num="4.1"/>
+      </prod>
+      <prod vendor="vmware" name="esxi">
+        <vers num="4.0" edition="1"/>
+        <vers num="4.0" edition="2"/>
+        <vers num="4.0" edition="3"/>
+        <vers num="4.0" edition="4"/>
+        <vers num="4.1" edition="1"/>
+        <vers num="4.1" edition="2"/>
+        <vers num="5.0" edition="1"/>
+        <vers num="5.0" edition="2"/>
+        <vers num="5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1208" published="2014-01-17" name="CVE-2014-1208" modified="2014-01-30" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="3.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.5" CVSS_base_score="3.3">
+    <desc>
+      <descript source="cve">VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, VMware Fusion 5.x before 5.0.1, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 allow guest OS users to cause a denial of service (VMX process disruption) by using an invalid port.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90558" source="XF">vmware-esx-cve20141208-dos(90558)</ref>
+      <ref url="http://www.vmware.com/security/advisories/VMSA-2014-0001.html" source="CONFIRM" adv="1">http://www.vmware.com/security/advisories/VMSA-2014-0001.html</ref>
+      <ref url="http://www.securitytracker.com/id/1029644" source="SECTRACK">1029644</ref>
+      <ref url="http://www.securitytracker.com/id/1029643" source="SECTRACK">1029643</ref>
+      <ref url="http://www.securityfocus.com/bid/64994" source="BID">64994</ref>
+      <ref url="http://secunia.com/advisories/56499" source="SECUNIA">56499</ref>
+      <ref url="http://osvdb.org/102197" source="OSVDB">102197</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="vmware" name="fusion">
+        <vers num="5.0"/>
+      </prod>
+      <prod vendor="vmware" name="player">
+        <vers num="5.0"/>
+      </prod>
+      <prod vendor="vmware" name="workstation">
+        <vers num="9.0"/>
+      </prod>
+      <prod vendor="vmware" name="esx">
+        <vers num="4.0"/>
+        <vers num="4.1"/>
+      </prod>
+      <prod vendor="vmware" name="esxi">
+        <vers num="4.0" edition="1"/>
+        <vers num="4.0" edition="2"/>
+        <vers num="4.0" edition="3"/>
+        <vers num="4.0" edition="4"/>
+        <vers num="4.1" edition="1"/>
+        <vers num="4.1" edition="2"/>
+        <vers num="5.0" edition="1"/>
+        <vers num="5.0" edition="2"/>
+        <vers num="5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1209" published="2014-04-11" name="CVE-2014-1209" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.vmware.com/security/advisories/VMSA-2014-0003.html" source="CONFIRM" adv="1">http://www.vmware.com/security/advisories/VMSA-2014-0003.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="vmware" name="vsphere_client">
+        <vers num="4.0"/>
+        <vers num="4.1"/>
+        <vers num="5.0"/>
+        <vers num="5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1210" published="2014-04-11" name="CVE-2014-1210" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.vmware.com/security/advisories/VMSA-2014-0003.html" source="CONFIRM" adv="1">http://www.vmware.com/security/advisories/VMSA-2014-0003.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="vmware" name="vsphere_client">
+        <vers num="5.0"/>
+        <vers num="5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1211" published="2014-01-17" name="CVE-2014-1211" modified="2014-01-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90560" source="XF">vmware-vcloud-cve20141211-csrf(90560)</ref>
+      <ref url="http://www.vmware.com/security/advisories/VMSA-2014-0001.html" source="CONFIRM" adv="1">http://www.vmware.com/security/advisories/VMSA-2014-0001.html</ref>
+      <ref url="http://www.securitytracker.com/id/1029645" source="SECTRACK">1029645</ref>
+      <ref url="http://www.securityfocus.com/bid/64993" source="BID">64993</ref>
+      <ref url="http://osvdb.org/102198" source="OSVDB">102198</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="vmware" name="vcloud_director">
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1213" published="2014-02-10" name="CVE-2014-1213" modified="2014-02-11" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:P/A:C)" CVSS_score="5.6" CVSS_impact_subscore="7.8" CVSS_exploit_subscore="3.9" CVSS_base_score="5.6">
+    <desc>
+      <descript source="cve">Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service (resource consumption, CPU consumption, and eventual crash) or spoof "ready for update" messages by performing certain operations on mutexes or events including (1) DataUpdateRequest, (2) MmfMutexSAV-****, (3) MmfMutexSAV-Info, (4) ReadyForUpdateSAV-****, (5) ReadyForUpdateSAV-Info, (6) SAV-****, (7) SAV-Info, (8) StateChange, (9) SuspendedSAV-****, (10) SuspendedSAV-Info, (11) UpdateComplete, (12) UpdateMutex, (13) UpdateRequest, or (14) SophosALMonSessionInstance, as demonstrated by triggering a ReadyForUpdateSAV event and modifying the UpdateComplete, UpdateMutex, and UpdateRequest objects.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.sophos.com/en-us/support/knowledgebase/2300/7200/1031/120401.aspx" source="CONFIRM">http://www.sophos.com/en-us/support/knowledgebase/2300/7200/1031/120401.aspx</ref>
+      <ref url="http://www.securityfocus.com/bid/65286" source="BID">65286</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/530915/100/0/threaded" source="BUGTRAQ">20140131 CVE-2014-1213 - Denial of Service in Sophos Anti Virus</ref>
+      <ref url="http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1213/" source="MISC">http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1213/</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Feb/1" source="FULLDISC">20140131 CVE-2014-1213 - Denial of Service in Sophos Anti Virus</ref>
+      <ref url="http://packetstormsecurity.com/files/125024/Sophos-Anti-Virus-Denial-Of-Service.html" source="MISC">http://packetstormsecurity.com/files/125024/Sophos-Anti-Virus-Denial-Of-Service.html</ref>
+      <ref url="http://osvdb.org/102762" source="OSVDB">102762</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sophos" name="scanning_engine">
+        <vers prev="1" num="3.48"/>
+      </prod>
+      <prod vendor="sophos" name="sophos_anti-virus">
+        <vers num="10.0.11"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1216" published="2014-04-22" name="CVE-2014-1216" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.</descript>
+      <descript source="nvd">Per: https://cwe.mitre.org/data/definitions/77.html
+
+"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1216/" source="MISC">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1216/</ref>
+      <ref url="http://www.exploit-db.com/exploits/32568" source="EXPLOIT-DB">32568</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="fitnesse" name="fitnesse_wiki">
+        <vers num="20131110"/>
+        <vers prev="1" num="20140201"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1217" published="2014-04-28" name="CVE-2014-1217" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/" source="MISC">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1217/</ref>
+      <ref url="http://www.securityfocus.com/bid/67043" source="BID">67043</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531911/100/0/threaded" source="BUGTRAQ">20140423 CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/259" source="FULLDISC">20140423 CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="livetecs" name="timeline">
+        <vers num="2.81"/>
+        <vers num="2.91"/>
+        <vers num="2.94"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.5"/>
+        <vers num="3.1.1"/>
+        <vers num="3.2.1"/>
+        <vers num="3.5.1"/>
+        <vers num="3.6.1"/>
+        <vers num="3.7.1"/>
+        <vers num="3.8.1"/>
+        <vers num="4.2.1"/>
+        <vers num="4.3.1"/>
+        <vers num="4.9.1"/>
+        <vers num="5.2.1"/>
+        <vers num="6.0.1"/>
+        <vers num="6.2.1"/>
+        <vers num="6.2.3"/>
+        <vers num="6.2.4"/>
+        <vers num="6.2.6"/>
+        <vers num="6.2.7"/>
+        <vers num="6.2.71"/>
+        <vers num="7.1.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1219" published="2014-02-14" name="CVE-2014-1219" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:P)" CVSS_score="5.1" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="4.9" CVSS_base_score="5.1">
+    <desc>
+      <descript source="cve">CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/65537" source="BID">65537</ref>
+      <ref url="http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/" source="MISC">http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ca" name="2e_web_option">
+        <vers num="r8.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1223" published="2014-02-27" name="CVE-2014-1223" modified="2014-02-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.  NOTE: some of these details are obtained from third party information.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1223" source="MISC">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1223</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531223/100/0/threaded" source="BUGTRAQ">20140221 CVE-2014-1223 - Cross-site Scripting in Telligent Evolution</ref>
+      <ref url="http://secunia.com/advisories/56779" source="SECUNIA" adv="1">56779</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="telligent" name="evolution">
+        <vers prev="1" num="6.1.19"/>
+        <vers prev="1" num="7.1.12"/>
+        <vers prev="1" num="7.5.0"/>
+        <vers prev="1" num="7.5.0.32466"/>
+        <vers prev="1" num="7.6.7"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1232" published="2014-01-08" name="CVE-2014-1232" modified="2014-01-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://wordpress.org/plugins/foliopress-wysiwyg/changelog" source="CONFIRM" patch="1" adv="1">http://wordpress.org/plugins/foliopress-wysiwyg/changelog</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90102" source="XF">foliopress-unspecified-xss(90102)</ref>
+      <ref url="http://secunia.com/advisories/56261" source="SECUNIA" adv="1">56261</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="foliovision" name="foliopress_wysiwyg">
+        <vers num="2.6.8"/>
+        <vers num="2.6.8.1"/>
+        <vers num="2.6.8.2"/>
+        <vers num="2.6.8.3"/>
+        <vers prev="1" num="2.6.8.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1233" published="2014-01-10" name="CVE-2014-1233" modified="2014-01-10" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html" source="MISC">http://www.vapid.dhs.org/advisories/paratrooper-api-key-pingdom.html</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/01/08/1" source="MLIST">[oss-security] 20140107 paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="tobias_maier" name="paratrooper-pingdom">
+        <vers num="1.0.0" edition="-:~-~-~ruby~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1234" published="2014-01-10" name="CVE-2014-1234" modified="2014-01-10" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.vapid.dhs.org/advisories/paratrooper-newrelic-api.html" source="MISC">http://www.vapid.dhs.org/advisories/paratrooper-newrelic-api.html</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/01/08/2" source="MLIST">[oss-security] 20140107 Paratrooper-newrelic 1.0.1 Ruby Gem exposes API key</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paratrooper-newrelic_project" name="paratrooper-newrelic">
+        <vers num="1.0.1" edition="-:~-~-~ruby~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1236" published="2014-01-10" name="CVE-2014-1236" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff" source="CONFIRM" patch="1">https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1050872" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1050872</ref>
+      <ref url="http://www.securityfocus.com/bid/64737" source="BID">64737</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:024" source="MANDRIVA">MDVSA-2014:024</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2843" source="DEBIAN">DSA-2843</ref>
+      <ref url="http://secunia.com/advisories/56244" source="SECUNIA">56244</ref>
+      <ref url="http://secunia.com/advisories/55666" source="SECUNIA" adv="1">55666</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/54" source="MLIST">[oss-security] 20140108 Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/51" source="MLIST">[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/46" source="MLIST">[oss-security] 20140108 Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror()</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="graphviz" name="graphviz">
+        <vers num="2.34.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1237" published="2014-02-11" name="CVE-2014-1237" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90969" source="XF">idoit-cve20141237-xss(90969)</ref>
+      <ref url="http://www.securityfocus.com/bid/65353" source="BID">65353</ref>
+      <ref url="http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=136" source="CONFIRM" adv="1">http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=136</ref>
+      <ref url="http://www.csnc.ch/misc/files/advisories/CVE-2014-1237_i-doit_Cross-site_Scripting_-_XSS.txt" source="MISC">http://www.csnc.ch/misc/files/advisories/CVE-2014-1237_i-doit_Cross-site_Scripting_-_XSS.txt</ref>
+      <ref url="http://secunia.com/advisories/56834" source="SECUNIA" adv="1">56834</ref>
+      <ref url="http://secunia.com/advisories/56802" source="SECUNIA">56802</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Feb/26" source="FULLDISC">20140205 CVE-2014-1237 (XSS in i-doit Pro)</ref>
+      <ref url="http://packetstormsecurity.com/files/125062" source="MISC">http://packetstormsecurity.com/files/125062</ref>
+      <ref url="http://osvdb.org/102910" source="OSVDB">102910</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="i-doit" name="i-doit">
+        <vers num="1.1.1" edition=":~~pro~~~"/>
+        <vers num="1.1.2" edition=":~~pro~~~"/>
+        <vers num="1.2.1" edition=":~~pro~~~"/>
+        <vers num="1.2.2" edition=":~~pro~~~"/>
+        <vers prev="1" num="1.2.3" edition=":~~pro~~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1242" published="2014-01-23" name="CVE-2014-1242" modified="2014-01-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90653" source="XF">apple-itunes-cve20141242-mitm(90653)</ref>
+      <ref url="http://www.securitytracker.com/id/1029671" source="SECTRACK">1029671</ref>
+      <ref url="http://www.securityfocus.com/bid/65088" source="BID">65088</ref>
+      <ref url="http://support.apple.com/kb/HT6001" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6001</ref>
+      <ref url="http://osvdb.org/102410" source="OSVDB">102410</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="itunes">
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="11.0.2"/>
+        <vers num="11.0.3"/>
+        <vers num="11.0.4"/>
+        <vers num="11.0.5"/>
+        <vers num="11.1"/>
+        <vers num="11.1.1"/>
+        <vers num="11.1.2"/>
+        <vers prev="1" num="11.1.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1243" published="2014-02-26" name="CVE-2014-1243" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6151" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6151</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="quicktime">
+        <vers num="7.0.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.1.0"/>
+        <vers num="7.1.1"/>
+        <vers num="7.1.2"/>
+        <vers num="7.1.3"/>
+        <vers num="7.1.4"/>
+        <vers num="7.1.5"/>
+        <vers num="7.1.6"/>
+        <vers num="7.2.0"/>
+        <vers num="7.2.1"/>
+        <vers num="7.3.0"/>
+        <vers num="7.3.1"/>
+        <vers num="7.3.1.70"/>
+        <vers num="7.4.0"/>
+        <vers num="7.4.1"/>
+        <vers num="7.4.5"/>
+        <vers num="7.5.0"/>
+        <vers num="7.5.5"/>
+        <vers num="7.6.0"/>
+        <vers num="7.6.1"/>
+        <vers num="7.6.2"/>
+        <vers num="7.6.5"/>
+        <vers num="7.6.6"/>
+        <vers num="7.6.7"/>
+        <vers num="7.6.8"/>
+        <vers num="7.6.9"/>
+        <vers num="7.60.92.0"/>
+        <vers num="7.62.14.0"/>
+        <vers num="7.64.17.73"/>
+        <vers num="7.65.17.80"/>
+        <vers num="7.66.71.0"/>
+        <vers num="7.67.75.0"/>
+        <vers num="7.68.75.0"/>
+        <vers num="7.69.80.9"/>
+        <vers num="7.7.0"/>
+        <vers num="7.7.1"/>
+        <vers num="7.7.2"/>
+        <vers num="7.7.3"/>
+        <vers prev="1" num="7.7.4"/>
+        <vers num="7.70.80.34"/>
+        <vers num="7.71.80.42"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1244" published="2014-02-26" name="CVE-2014-1244" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6151" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6151</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="quicktime">
+        <vers num="7.0.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.1.0"/>
+        <vers num="7.1.1"/>
+        <vers num="7.1.2"/>
+        <vers num="7.1.3"/>
+        <vers num="7.1.4"/>
+        <vers num="7.1.5"/>
+        <vers num="7.1.6"/>
+        <vers num="7.2.0"/>
+        <vers num="7.2.1"/>
+        <vers num="7.3.0"/>
+        <vers num="7.3.1"/>
+        <vers num="7.3.1.70"/>
+        <vers num="7.4.0"/>
+        <vers num="7.4.1"/>
+        <vers num="7.4.5"/>
+        <vers num="7.5.0"/>
+        <vers num="7.5.5"/>
+        <vers num="7.6.0"/>
+        <vers num="7.6.1"/>
+        <vers num="7.6.2"/>
+        <vers num="7.6.5"/>
+        <vers num="7.6.6"/>
+        <vers num="7.6.7"/>
+        <vers num="7.6.8"/>
+        <vers num="7.6.9"/>
+        <vers num="7.60.92.0"/>
+        <vers num="7.62.14.0"/>
+        <vers num="7.64.17.73"/>
+        <vers num="7.65.17.80"/>
+        <vers num="7.66.71.0"/>
+        <vers num="7.67.75.0"/>
+        <vers num="7.68.75.0"/>
+        <vers num="7.69.80.9"/>
+        <vers num="7.7.0"/>
+        <vers num="7.7.1"/>
+        <vers num="7.7.2"/>
+        <vers num="7.7.3"/>
+        <vers prev="1" num="7.7.4"/>
+        <vers num="7.70.80.34"/>
+        <vers num="7.71.80.42"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1245" published="2014-02-26" name="CVE-2014-1245" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6151" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6151</ref>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="quicktime">
+        <vers num="7.0.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.1.0"/>
+        <vers num="7.1.1"/>
+        <vers num="7.1.2"/>
+        <vers num="7.1.3"/>
+        <vers num="7.1.4"/>
+        <vers num="7.1.5"/>
+        <vers num="7.1.6"/>
+        <vers num="7.2.0"/>
+        <vers num="7.2.1"/>
+        <vers num="7.3.0"/>
+        <vers num="7.3.1"/>
+        <vers num="7.3.1.70"/>
+        <vers num="7.4.0"/>
+        <vers num="7.4.1"/>
+        <vers num="7.4.5"/>
+        <vers num="7.5.0"/>
+        <vers num="7.5.5"/>
+        <vers num="7.6.0"/>
+        <vers num="7.6.1"/>
+        <vers num="7.6.2"/>
+        <vers num="7.6.5"/>
+        <vers num="7.6.6"/>
+        <vers num="7.6.7"/>
+        <vers num="7.6.8"/>
+        <vers num="7.6.9"/>
+        <vers num="7.60.92.0"/>
+        <vers num="7.62.14.0"/>
+        <vers num="7.64.17.73"/>
+        <vers num="7.65.17.80"/>
+        <vers num="7.66.71.0"/>
+        <vers num="7.67.75.0"/>
+        <vers num="7.68.75.0"/>
+        <vers num="7.69.80.9"/>
+        <vers num="7.7.0"/>
+        <vers num="7.7.1"/>
+        <vers num="7.7.2"/>
+        <vers num="7.7.3"/>
+        <vers prev="1" num="7.7.4"/>
+        <vers num="7.70.80.34"/>
+        <vers num="7.71.80.42"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1246" published="2014-02-26" name="CVE-2014-1246" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6151" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6151</ref>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="quicktime">
+        <vers num="7.0.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.1.0"/>
+        <vers num="7.1.1"/>
+        <vers num="7.1.2"/>
+        <vers num="7.1.3"/>
+        <vers num="7.1.4"/>
+        <vers num="7.1.5"/>
+        <vers num="7.1.6"/>
+        <vers num="7.2.0"/>
+        <vers num="7.2.1"/>
+        <vers num="7.3.0"/>
+        <vers num="7.3.1"/>
+        <vers num="7.3.1.70"/>
+        <vers num="7.4.0"/>
+        <vers num="7.4.1"/>
+        <vers num="7.4.5"/>
+        <vers num="7.5.0"/>
+        <vers num="7.5.5"/>
+        <vers num="7.6.0"/>
+        <vers num="7.6.1"/>
+        <vers num="7.6.2"/>
+        <vers num="7.6.5"/>
+        <vers num="7.6.6"/>
+        <vers num="7.6.7"/>
+        <vers num="7.6.8"/>
+        <vers num="7.6.9"/>
+        <vers num="7.60.92.0"/>
+        <vers num="7.62.14.0"/>
+        <vers num="7.64.17.73"/>
+        <vers num="7.65.17.80"/>
+        <vers num="7.66.71.0"/>
+        <vers num="7.67.75.0"/>
+        <vers num="7.68.75.0"/>
+        <vers num="7.69.80.9"/>
+        <vers num="7.7.0"/>
+        <vers num="7.7.1"/>
+        <vers num="7.7.2"/>
+        <vers num="7.7.3"/>
+        <vers prev="1" num="7.7.4"/>
+        <vers num="7.70.80.34"/>
+        <vers num="7.71.80.42"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1247" published="2014-02-26" name="CVE-2014-1247" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6151" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6151</ref>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="quicktime">
+        <vers num="7.0.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.1.0"/>
+        <vers num="7.1.1"/>
+        <vers num="7.1.2"/>
+        <vers num="7.1.3"/>
+        <vers num="7.1.4"/>
+        <vers num="7.1.5"/>
+        <vers num="7.1.6"/>
+        <vers num="7.2.0"/>
+        <vers num="7.2.1"/>
+        <vers num="7.3.0"/>
+        <vers num="7.3.1"/>
+        <vers num="7.3.1.70"/>
+        <vers num="7.4.0"/>
+        <vers num="7.4.1"/>
+        <vers num="7.4.5"/>
+        <vers num="7.5.0"/>
+        <vers num="7.5.5"/>
+        <vers num="7.6.0"/>
+        <vers num="7.6.1"/>
+        <vers num="7.6.2"/>
+        <vers num="7.6.5"/>
+        <vers num="7.6.6"/>
+        <vers num="7.6.7"/>
+        <vers num="7.6.8"/>
+        <vers num="7.6.9"/>
+        <vers num="7.60.92.0"/>
+        <vers num="7.62.14.0"/>
+        <vers num="7.64.17.73"/>
+        <vers num="7.65.17.80"/>
+        <vers num="7.66.71.0"/>
+        <vers num="7.67.75.0"/>
+        <vers num="7.68.75.0"/>
+        <vers num="7.69.80.9"/>
+        <vers num="7.7.0"/>
+        <vers num="7.7.1"/>
+        <vers num="7.7.2"/>
+        <vers num="7.7.3"/>
+        <vers prev="1" num="7.7.4"/>
+        <vers num="7.70.80.34"/>
+        <vers num="7.71.80.42"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1248" published="2014-02-26" name="CVE-2014-1248" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6151" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6151</ref>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="quicktime">
+        <vers num="7.0.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.1.0"/>
+        <vers num="7.1.1"/>
+        <vers num="7.1.2"/>
+        <vers num="7.1.3"/>
+        <vers num="7.1.4"/>
+        <vers num="7.1.5"/>
+        <vers num="7.1.6"/>
+        <vers num="7.2.0"/>
+        <vers num="7.2.1"/>
+        <vers num="7.3.0"/>
+        <vers num="7.3.1"/>
+        <vers num="7.3.1.70"/>
+        <vers num="7.4.0"/>
+        <vers num="7.4.1"/>
+        <vers num="7.4.5"/>
+        <vers num="7.5.0"/>
+        <vers num="7.5.5"/>
+        <vers num="7.6.0"/>
+        <vers num="7.6.1"/>
+        <vers num="7.6.2"/>
+        <vers num="7.6.5"/>
+        <vers num="7.6.6"/>
+        <vers num="7.6.7"/>
+        <vers num="7.6.8"/>
+        <vers num="7.6.9"/>
+        <vers num="7.60.92.0"/>
+        <vers num="7.62.14.0"/>
+        <vers num="7.64.17.73"/>
+        <vers num="7.65.17.80"/>
+        <vers num="7.66.71.0"/>
+        <vers num="7.67.75.0"/>
+        <vers num="7.68.75.0"/>
+        <vers num="7.69.80.9"/>
+        <vers num="7.7.0"/>
+        <vers num="7.7.1"/>
+        <vers num="7.7.2"/>
+        <vers num="7.7.3"/>
+        <vers prev="1" num="7.7.4"/>
+        <vers num="7.70.80.34"/>
+        <vers num="7.71.80.42"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1249" published="2014-02-26" name="CVE-2014-1249" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6151" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6151</ref>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="quicktime">
+        <vers num="7.0.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.1.0"/>
+        <vers num="7.1.1"/>
+        <vers num="7.1.2"/>
+        <vers num="7.1.3"/>
+        <vers num="7.1.4"/>
+        <vers num="7.1.5"/>
+        <vers num="7.1.6"/>
+        <vers num="7.2.0"/>
+        <vers num="7.2.1"/>
+        <vers num="7.3.0"/>
+        <vers num="7.3.1"/>
+        <vers num="7.3.1.70"/>
+        <vers num="7.4.0"/>
+        <vers num="7.4.1"/>
+        <vers num="7.4.5"/>
+        <vers num="7.5.0"/>
+        <vers num="7.5.5"/>
+        <vers num="7.6.0"/>
+        <vers num="7.6.1"/>
+        <vers num="7.6.2"/>
+        <vers num="7.6.5"/>
+        <vers num="7.6.6"/>
+        <vers num="7.6.7"/>
+        <vers num="7.6.8"/>
+        <vers num="7.6.9"/>
+        <vers num="7.60.92.0"/>
+        <vers num="7.62.14.0"/>
+        <vers num="7.64.17.73"/>
+        <vers num="7.65.17.80"/>
+        <vers num="7.66.71.0"/>
+        <vers num="7.67.75.0"/>
+        <vers num="7.68.75.0"/>
+        <vers num="7.69.80.9"/>
+        <vers num="7.7.0"/>
+        <vers num="7.7.1"/>
+        <vers num="7.7.2"/>
+        <vers num="7.7.3"/>
+        <vers prev="1" num="7.7.4"/>
+        <vers num="7.70.80.34"/>
+        <vers num="7.71.80.42"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1250" published="2014-02-26" name="CVE-2014-1250" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6151" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6151</ref>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="quicktime">
+        <vers num="7.0.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.1.0"/>
+        <vers num="7.1.1"/>
+        <vers num="7.1.2"/>
+        <vers num="7.1.3"/>
+        <vers num="7.1.4"/>
+        <vers num="7.1.5"/>
+        <vers num="7.1.6"/>
+        <vers num="7.2.0"/>
+        <vers num="7.2.1"/>
+        <vers num="7.3.0"/>
+        <vers num="7.3.1"/>
+        <vers num="7.3.1.70"/>
+        <vers num="7.4.0"/>
+        <vers num="7.4.1"/>
+        <vers num="7.4.5"/>
+        <vers num="7.5.0"/>
+        <vers num="7.5.5"/>
+        <vers num="7.6.0"/>
+        <vers num="7.6.1"/>
+        <vers num="7.6.2"/>
+        <vers num="7.6.5"/>
+        <vers num="7.6.6"/>
+        <vers num="7.6.7"/>
+        <vers num="7.6.8"/>
+        <vers num="7.6.9"/>
+        <vers num="7.60.92.0"/>
+        <vers num="7.62.14.0"/>
+        <vers num="7.64.17.73"/>
+        <vers num="7.65.17.80"/>
+        <vers num="7.66.71.0"/>
+        <vers num="7.67.75.0"/>
+        <vers num="7.68.75.0"/>
+        <vers num="7.69.80.9"/>
+        <vers num="7.7.0"/>
+        <vers num="7.7.1"/>
+        <vers num="7.7.2"/>
+        <vers num="7.7.3"/>
+        <vers prev="1" num="7.7.4"/>
+        <vers num="7.70.80.34"/>
+        <vers num="7.71.80.42"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1251" published="2014-02-26" name="CVE-2014-1251" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6151" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6151</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="quicktime">
+        <vers num="7.0.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.1.0"/>
+        <vers num="7.1.1"/>
+        <vers num="7.1.2"/>
+        <vers num="7.1.3"/>
+        <vers num="7.1.4"/>
+        <vers num="7.1.5"/>
+        <vers num="7.1.6"/>
+        <vers num="7.2.0"/>
+        <vers num="7.2.1"/>
+        <vers num="7.3.0"/>
+        <vers num="7.3.1"/>
+        <vers num="7.3.1.70"/>
+        <vers num="7.4.0"/>
+        <vers num="7.4.1"/>
+        <vers num="7.4.5"/>
+        <vers num="7.5.0"/>
+        <vers num="7.5.5"/>
+        <vers num="7.6.0"/>
+        <vers num="7.6.1"/>
+        <vers num="7.6.2"/>
+        <vers num="7.6.5"/>
+        <vers num="7.6.6"/>
+        <vers num="7.6.7"/>
+        <vers num="7.6.8"/>
+        <vers num="7.6.9"/>
+        <vers num="7.60.92.0"/>
+        <vers num="7.62.14.0"/>
+        <vers num="7.64.17.73"/>
+        <vers num="7.65.17.80"/>
+        <vers num="7.66.71.0"/>
+        <vers num="7.67.75.0"/>
+        <vers num="7.68.75.0"/>
+        <vers num="7.69.80.9"/>
+        <vers num="7.7.0"/>
+        <vers num="7.7.1"/>
+        <vers num="7.7.2"/>
+        <vers num="7.7.3"/>
+        <vers prev="1" num="7.7.4"/>
+        <vers num="7.70.80.34"/>
+        <vers num="7.71.80.42"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1252" published="2014-01-24" name="CVE-2014-1252" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90672" source="XF">apple-pages-cve20141252-code-exec(90672)</ref>
+      <ref url="http://www.securitytracker.com/id/1029683" source="SECTRACK">1029683</ref>
+      <ref url="http://www.securityfocus.com/bid/65113" source="BID">65113</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM">http://support.apple.com/kb/HT6162</ref>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM">http://support.apple.com/kb/HT6150</ref>
+      <ref url="http://support.apple.com/kb/HT6117" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6117</ref>
+      <ref url="http://secunia.com/advisories/56630" source="SECUNIA">56630</ref>
+      <ref url="http://secunia.com/advisories/56615" source="SECUNIA">56615</ref>
+      <ref url="http://osvdb.org/102460" source="OSVDB">102460</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="pages">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1253" published="2014-02-14" name="CVE-2014-1253" modified="2014-02-14" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="4.7" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.4" CVSS_base_score="4.7">
+    <desc>
+      <descript source="cve">AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6126" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6126</ref>
+      <ref url="http://seclists.org/bugtraq/2014/Feb/47" source="APPLE">APPLE-SA-2014-02-11-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="boot_camp">
+        <vers num="5.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1254" published="2014-02-26" name="CVE-2014-1254" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers num="10.8.5" edition="supplemental_update"/>
+        <vers num="10.9"/>
+        <vers prev="1" num="10.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1255" published="2014-02-26" name="CVE-2014-1255" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.9"/>
+        <vers prev="1" num="10.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1256" published="2014-02-26" name="CVE-2014-1256" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers num="10.8.5" edition="supplemental_update"/>
+        <vers num="10.9"/>
+        <vers prev="1" num="10.9.1"/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x_server">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1257" published="2014-02-26" name="CVE-2014-1257" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="3.6" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="3.9" CVSS_base_score="3.6">
+    <desc>
+      <descript source="cve">CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers prev="1" num="10.8.5" edition="supplemental_update"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1258" published="2014-02-26" name="CVE-2014-1258" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers num="10.8.5" edition="supplemental_update"/>
+        <vers num="10.9"/>
+        <vers prev="1" num="10.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1259" published="2014-02-26" name="CVE-2014-1259" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers num="10.8.5" edition="supplemental_update"/>
+        <vers num="10.9"/>
+        <vers prev="1" num="10.9.1"/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x_server">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1260" published="2014-02-26" name="CVE-2014-1260" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers prev="1" num="10.8.5" edition="supplemental_update"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1261" published="2014-02-26" name="CVE-2014-1261" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.9"/>
+        <vers prev="1" num="10.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1262" published="2014-02-26" name="CVE-2014-1262" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.9"/>
+        <vers prev="1" num="10.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1263" published="2014-02-26" name="CVE-2014-1263" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">curl in Apple OS X 10.9.x before 10.9.2 does not verify X.509 certificates from HTTPS servers that are accessed using a numerical IP address, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73" source="MISC">https://gist.github.com/rmoriz/fb2b0a6a0ce10550ab73</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/</ref>
+      <ref url="http://twitter.com/okoeroo/statuses/437272014043496449" source="MISC">http://twitter.com/okoeroo/statuses/437272014043496449</ref>
+      <ref url="http://twitter.com/agl__/statuses/437029812046422016" source="MISC">http://twitter.com/agl__/statuses/437029812046422016</ref>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+      <ref url="http://secunia.com/advisories/57968" source="SECUNIA">57968</ref>
+      <ref url="http://secunia.com/advisories/57966" source="SECUNIA">57966</ref>
+      <ref url="http://secunia.com/advisories/57836" source="SECUNIA">57836</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.9"/>
+        <vers prev="1" num="10.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1264" published="2014-02-26" name="CVE-2014-1264" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="3.3" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="3.4" CVSS_base_score="3.3">
+    <desc>
+      <descript source="cve">Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.9"/>
+        <vers prev="1" num="10.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1265" published="2014-02-26" name="CVE-2014-1265" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6150</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers num="10.8.5" edition="supplemental_update"/>
+        <vers num="10.9"/>
+        <vers prev="1" num="10.9.1"/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x_server">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1266" published="2014-02-22" name="CVE-2014-1266" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.imperialviolet.org/2014/02/22/applebug.html" source="MISC">https://www.imperialviolet.org/2014/02/22/applebug.html</ref>
+      <ref url="https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html" source="MISC">https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html</ref>
+      <ref url="https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html" source="MISC">https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html</ref>
+      <ref url="https://news.ycombinator.com/item?id=7281378" source="MISC">https://news.ycombinator.com/item?id=7281378</ref>
+      <ref url="http://support.apple.com/kb/HT6150" source="CONFIRM">http://support.apple.com/kb/HT6150</ref>
+      <ref url="http://support.apple.com/kb/HT6148" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6148</ref>
+      <ref url="http://support.apple.com/kb/HT6147" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6147</ref>
+      <ref url="http://support.apple.com/kb/HT6146" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6146</ref>
+      <ref url="http://it.slashdot.org/comments.pl?sid=4821073&amp;cid=46310187" source="MISC">http://it.slashdot.org/comments.pl?sid=4821073&amp;cid=46310187</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.1"/>
+        <vers num="6.1.2"/>
+        <vers num="6.1.3"/>
+        <vers num="6.1.4"/>
+        <vers num="6.1.5"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1267" published="2014-03-14" name="CVE-2014-1267" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1268" published="2014-02-26" name="CVE-2014-1268" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1269 and CVE-2014-1270.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6145" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6145</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers prev="1" num="6.1.1"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+      </prod>
+      <prod vendor="apple" name="webkit">
+        <vers num=""/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers num="10.8.5" edition="supplemental_update"/>
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x_server">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1269" published="2014-02-26" name="CVE-2014-1269" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM">http://support.apple.com/kb/HT6162</ref>
+      <ref url="http://support.apple.com/kb/HT6145" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6145</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers prev="1" num="6.1.1"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+      </prod>
+      <prod vendor="apple" name="webkit">
+        <vers num=""/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers num="10.8.5" edition="supplemental_update"/>
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x_server">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1270" published="2014-02-26" name="CVE-2014-1270" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1269.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM">http://support.apple.com/kb/HT6162</ref>
+      <ref url="http://support.apple.com/kb/HT6145" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6145</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers prev="1" num="6.1.1"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+      </prod>
+      <prod vendor="apple" name="webkit">
+        <vers num=""/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers num="10.8.5" edition="supplemental_update"/>
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x_server">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1271" published="2014-03-14" name="CVE-2014-1271" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1272" published="2014-03-14" name="CVE-2014-1272" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:C/A:C)" CVSS_score="6.3" CVSS_impact_subscore="9.2" CVSS_exploit_subscore="3.4" CVSS_base_score="6.3">
+    <desc>
+      <descript source="cve">CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1273" published="2014-03-14" name="CVE-2014-1273" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1274" published="2014-03-14" name="CVE-2014-1274" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1275" published="2014-03-14" name="CVE-2014-1275" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1276" published="2014-03-14" name="CVE-2014-1276" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-1277" reject="1" published="2014-03-13" name="CVE-2014-1277" modified="2014-03-13">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2013-3948.  Reason: This candidate is a duplicate of CVE-2013-3948.  Notes: All CVE users should reference CVE-2013-3948 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
+    </desc>
+    <refs/>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1278" published="2014-03-14" name="CVE-2014-1278" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
+    <desc>
+      <descript source="cve">The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1279" published="2014-03-14" name="CVE-2014-1279" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1280" published="2014-03-14" name="CVE-2014-1280" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/476.html
+
+"CWE-476: NULL Pointer Dereference"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1281" published="2014-03-14" name="CVE-2014-1281" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="1.9" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.4" CVSS_base_score="1.9">
+    <desc>
+      <descript source="cve">Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1282" published="2014-03-14" name="CVE-2014-1282" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-1284" reject="1" published="2014-03-13" name="CVE-2014-1284" modified="2014-03-13">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-2019.  Reason: This candidate is a duplicate of CVE-2014-2019.  Notes: All CVE users should reference CVE-2014-2019 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
+    </desc>
+    <refs/>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1285" published="2014-03-14" name="CVE-2014-1285" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1286" published="2014-03-14" name="CVE-2014-1286" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error.</descript>
+      <descript source="nvd">Per: https://cwe.mitre.org/data/definitions/361.html
+
+"CWE-361: Time and State"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1287" published="2014-03-14" name="CVE-2014-1287" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
+    <desc>
+      <descript source="cve">USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1289" published="2014-03-14" name="CVE-2014-1289" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1290" published="2014-03-14" name="CVE-2014-1290" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1291" published="2014-03-14" name="CVE-2014-1291" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1292" published="2014-03-14" name="CVE-2014-1292" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1293" published="2014-03-14" name="CVE-2014-1293" modified="2014-04-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1294.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1294" published="2014-03-14" name="CVE-2014-1294" modified="2014-04-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1293.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://support.apple.com/kb/HT6163" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6163</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM" adv="1">http://support.apple.com/kb/HT6162</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers prev="1" num="6.0.2"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers prev="1" num="7.0.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1295" published="2014-04-23" name="CVE-2014-1295" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://secure-resumption.com/" source="MISC">https://secure-resumption.com/</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" source="APPLE">APPLE-SA-2014-04-22-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers prev="1" num="6.1"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers num="7.0.6"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers num="10.8.5" edition="supplemental_update"/>
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+        <vers num="10.9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1296" published="2014-04-23" name="CVE-2014-1296" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" source="APPLE">APPLE-SA-2014-04-22-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers prev="1" num="6.1"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers num="7.0.6"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers num="10.8.5" edition="supplemental_update"/>
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+        <vers prev="1" num="10.9.2"/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x_server">
+        <vers num="10.7.0"/>
+        <vers num="10.7.1"/>
+        <vers num="10.7.2"/>
+        <vers num="10.7.3"/>
+        <vers num="10.7.4"/>
+        <vers num="10.7.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1297" published="2014-04-02" name="CVE-2014-1297" modified="2014-04-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1298" published="2014-04-02" name="CVE-2014-1298" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1299" published="2014-04-02" name="CVE-2014-1299" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1300" published="2014-03-26" name="CVE-2014-1300" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</ref>
+      <ref url="http://twitter.com/thezdi/statuses/443796547872903168" source="MISC">http://twitter.com/thezdi/statuses/443796547872903168</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1301" published="2014-04-02" name="CVE-2014-1301" modified="2014-04-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1302" published="2014-04-02" name="CVE-2014-1302" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1303" published="2014-03-26" name="CVE-2014-1303" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/</ref>
+      <ref url="http://twitter.com/thezdi/statuses/444157530139136000" source="MISC">http://twitter.com/thezdi/statuses/444157530139136000</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1304" published="2014-04-02" name="CVE-2014-1304" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1305" published="2014-04-02" name="CVE-2014-1305" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1307" published="2014-04-02" name="CVE-2014-1307" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1308" published="2014-04-02" name="CVE-2014-1308" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1309" published="2014-04-02" name="CVE-2014-1309" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1310" published="2014-04-02" name="CVE-2014-1310" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1311" published="2014-04-02" name="CVE-2014-1311" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1312" published="2014-04-02" name="CVE-2014-1312" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1313" published="2014-04-02" name="CVE-2014-1313" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="safari">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers num="6.0.4"/>
+        <vers num="6.0.5"/>
+        <vers num="6.1"/>
+        <vers num="6.1.1"/>
+        <vers prev="1" num="6.1.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1314" published="2014-04-23" name="CVE-2014-1314" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" source="APPLE">APPLE-SA-2014-04-22-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers num="10.8.5" edition="supplemental_update"/>
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+        <vers prev="1" num="10.9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1315" published="2014-04-23" name="CVE-2014-1315" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" source="APPLE">APPLE-SA-2014-04-22-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+        <vers num="10.9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1316" published="2014-04-23" name="CVE-2014-1316" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" source="APPLE">APPLE-SA-2014-04-22-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+        <vers prev="1" num="10.9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1318" published="2014-04-23" name="CVE-2014-1318" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" source="APPLE">APPLE-SA-2014-04-22-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.8.0"/>
+        <vers num="10.8.1"/>
+        <vers num="10.8.2"/>
+        <vers num="10.8.3"/>
+        <vers num="10.8.4"/>
+        <vers num="10.8.5" edition="supplemental_update"/>
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+        <vers prev="1" num="10.9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1319" published="2014-04-23" name="CVE-2014-1319" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" source="APPLE">APPLE-SA-2014-04-22-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+        <vers num="10.9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1320" published="2014-04-23" name="CVE-2014-1320" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:N/A:N)" CVSS_score="4.9" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.9" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" source="APPLE">APPLE-SA-2014-04-22-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="apple_tv">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers prev="1" num="6.1"/>
+      </prod>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers num="7.0.4"/>
+        <vers num="7.0.5"/>
+        <vers num="7.0.6"/>
+        <vers prev="1" num="7.1"/>
+      </prod>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+        <vers prev="1" num="10.9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1321" published="2014-04-23" name="CVE-2014-1321" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="3.3" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="3.4" CVSS_base_score="3.3">
+    <desc>
+      <descript source="cve">Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" source="APPLE">APPLE-SA-2014-04-22-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+        <vers num="10.9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1322" published="2014-04-23" name="CVE-2014-1322" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:N/A:N)" CVSS_score="4.9" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.9" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html" source="APPLE">APPLE-SA-2014-04-22-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers num="10.9"/>
+        <vers num="10.9.1"/>
+        <vers prev="1" num="10.9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1401" published="2014-02-11" name="CVE-2014-1401" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23196" source="MISC">https://www.htbridge.com/advisory/HTB23196</ref>
+      <ref url="https://github.com/auracms/AuraCMS/commit/790f66ffbc4f23a6e13636fc79d0aa1a7d81e747" source="CONFIRM">https://github.com/auracms/AuraCMS/commit/790f66ffbc4f23a6e13636fc79d0aa1a7d81e747</ref>
+      <ref url="https://github.com/auracms/AuraCMS/commit/4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade" source="CONFIRM">https://github.com/auracms/AuraCMS/commit/4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90965" source="XF">auracms-cve20141401-sql-injection(90965)</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/530930/100/0/threaded" source="BUGTRAQ">20140205 Multiple SQL Injection Vulnerabilities in AuraCMS</ref>
+      <ref url="http://www.exploit-db.com/exploits/31520" source="EXPLOIT-DB">31520</ref>
+      <ref url="http://secunia.com/advisories/56804" source="SECUNIA">56804</ref>
+      <ref url="http://packetstormsecurity.com/files/125079" source="MISC">http://packetstormsecurity.com/files/125079</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="auracms" name="auracms">
+        <vers num="1.0"/>
+        <vers num="1.1"/>
+        <vers num="1.2"/>
+        <vers num="1.3"/>
+        <vers num="1.5"/>
+        <vers num="1.61"/>
+        <vers num="1.62"/>
+        <vers num="2.0"/>
+        <vers num="2.1"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.2"/>
+        <vers prev="1" num="2.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1403" published="2014-02-05" name="CVE-2014-1403" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.19" source="CONFIRM" patch="1" adv="1">https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.19</ref>
+      <ref url="https://github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13#diff-6489956f1e1f52236929b4d33cbeb2db" source="CONFIRM" patch="1">https://github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13#diff-6489956f1e1f52236929b4d33cbeb2db</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90876" source="XF">easyxdm-cve20141403-xss(90876)</ref>
+      <ref url="http://www.securityfocus.com/bid/65291" source="BID">65291</ref>
+      <ref url="http://secunia.com/advisories/56634" source="SECUNIA" adv="1">56634</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Feb/5" source="FULLDISC">20140131 [CVE-2014-1403] DOM XSS in EasyXDM 2.4.18</ref>
+      <ref url="http://osvdb.org/102803" source="OSVDB">102803</ref>
+      <ref url="http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html" source="MISC">http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="easyxdm" name="easyxdm">
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4.0"/>
+        <vers num="2.4.1"/>
+        <vers prev="1" num="2.4.18"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1405" published="2014-01-10" name="CVE-2014-1405" modified="2014-01-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Multiple open redirect vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf" source="MISC" adv="1">http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="conceptronic" name="c54apm">
+        <vers num="1.26"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1406" published="2014-01-10" name="CVE-2014-1406" modified="2014-01-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf" source="MISC" adv="1">http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="conceptronic" name="c54apm">
+        <vers num="1.26"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1407" published="2014-01-10" name="CVE-2014-1407" modified="2014-01-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf" source="MISC" adv="1">http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="conceptronic" name="c54apm">
+        <vers num="1.26"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1408" published="2014-01-10" name="CVE-2014-1408" modified="2014-01-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:N/A:N)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf" source="CONFIRM">http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf</ref>
+      <ref url="http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf" source="MISC" adv="1">http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="conceptronic" name="c54apm">
+        <vers num="1.26"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1438" published="2014-01-18" name="CVE-2014-1438" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="4.7" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.4" CVSS_base_score="4.7">
+    <desc>
+      <descript source="cve">The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26bef1318adc1b3a530ecc807ef99346db2aa8b0" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26bef1318adc1b3a530ecc807ef99346db2aa8b0</ref>
+      <ref url="https://lkml.org/lkml/2014/1/9/637" source="MLIST">[linux-kernel] 20140110 Re: Sanitize CPU-state when switching tasks (was sanitize CPU-state when switching from virtual-8086 mode to other task)</ref>
+      <ref url="https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0" source="CONFIRM">https://github.com/torvalds/linux/commit/26bef1318adc1b3a530ecc807ef99346db2aa8b0</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1052914" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1052914</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2141-1" source="UBUNTU">USN-2141-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2139-1" source="UBUNTU">USN-2139-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2138-1" source="UBUNTU">USN-2138-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2136-1" source="UBUNTU">USN-2136-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2135-1" source="UBUNTU">USN-2135-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2134-1" source="UBUNTU">USN-2134-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2133-1" source="UBUNTU">USN-2133-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2117-1" source="UBUNTU">USN-2117-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2113-1" source="UBUNTU">USN-2113-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029592" source="SECTRACK">1029592</ref>
+      <ref url="http://www.securityfocus.com/bid/64781" source="BID">64781</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/14/1" source="MLIST">[oss-security] 20140114 Re: Linux kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:038" source="MANDRIVA">MDVSA-2014:038</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8</ref>
+      <ref url="http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/" source="MISC">http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html" source="FEDORA">FEDORA-2014-1062</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html" source="FEDORA">FEDORA-2014-1072</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers prev="1" num="3.12.7"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1439" published="2014-02-05" name="CVE-2014-1439" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp in HipHop Virtual Machine for PHP (HHVM) before 2.4.0 and 2.3.x before 2.3.3 does not properly disable a certain libxml handler, which allows remote attackers to conduct XML External Entity (XXE) attacks.</descript>
+      <descript source="nvd">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/facebook/hhvm/commit/95f96e7287effe2fcdfb9a5338d1a7e4f55b083b" source="CONFIRM">https://github.com/facebook/hhvm/commit/95f96e7287effe2fcdfb9a5338d1a7e4f55b083b</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90979" source="XF">hhvm-cve20141439-info-disc(90979)</ref>
+      <ref url="http://www.hhvm.com/blog/3287/hhvm-2-4-0" source="CONFIRM" adv="1">http://www.hhvm.com/blog/3287/hhvm-2-4-0</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="hiphop_virtual_machine_for_php_project" name="hiphop_virtual_machine_for_php">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.1.0"/>
+        <vers num="2.2.0"/>
+        <vers num="2.3.0"/>
+        <vers num="2.3.1"/>
+        <vers prev="1" num="2.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1441" published="2014-05-01" name="CVE-2014-1441" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Core FTP Server 1.2 before build 515 allows remote attackers to cause a denial of service (reachable assertion and crash) via an AUTH SSL command with malformed data, as demonstrated by pressing the enter key twice.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.osvdb.org/102966" source="OSVDB">102966</ref>
+      <ref url="http://secunia.com/advisories/56850" source="SECUNIA" adv="1">56850</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Feb/39" source="FULLDISC">20140205 Core FTP Server Vulnerabilities</ref>
+      <ref url="http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html" source="MISC">http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html</ref>
+      <ref url="http://coreftp.com/forums/viewtopic.php?t=2985707" source="CONFIRM" adv="1">http://coreftp.com/forums/viewtopic.php?t=2985707</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="coreftp" name="core_ftp">
+        <vers num="1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1442" published="2014-05-01" name="CVE-2014-1442" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.osvdb.org/102967" source="OSVDB">102967</ref>
+      <ref url="http://secunia.com/advisories/56850" source="SECUNIA" adv="1">56850</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Feb/39" source="FULLDISC">20140205 Core FTP Server Vulnerabilities</ref>
+      <ref url="http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html" source="MISC">http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html</ref>
+      <ref url="http://coreftp.com/forums/viewtopic.php?t=2985707" source="CONFIRM" adv="1">http://coreftp.com/forums/viewtopic.php?t=2985707</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="coreftp" name="core_ftp">
+        <vers num="1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1443" published="2014-05-01" name="CVE-2014-1443" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Core FTP Server 1.2 before build 515 allows remote authenticated users to obtain sensitive information (password for the previous user) via a USER command with a specific length, possibly related to an out-of-bounds read.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.osvdb.org/102968" source="OSVDB">102968</ref>
+      <ref url="http://secunia.com/advisories/56850" source="SECUNIA" adv="1">56850</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Feb/39" source="FULLDISC">20140205 Core FTP Server Vulnerabilities</ref>
+      <ref url="http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html" source="MISC">http://packetstormsecurity.com/files/125073/Core-FTP-Server-1.2-DoS-Traversal-Disclosure.html</ref>
+      <ref url="http://coreftp.com/forums/viewtopic.php?t=2985707" source="CONFIRM" adv="1">http://coreftp.com/forums/viewtopic.php?t=2985707</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="coreftp" name="core_ftp">
+        <vers num="1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1444" published="2014-01-18" name="CVE-2014-1444" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="1.7" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.1" CVSS_base_score="1.7">
+    <desc>
+      <descript source="cve">The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/96b340406724d87e4621284ebac5e059d67b2194" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/96b340406724d87e4621284ebac5e059d67b2194</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/15/3" source="MLIST" patch="1">[oss-security] 20140115 Re: CVE request: assorted kernel infoleak security fixes</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1053610" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1053610</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90443" source="XF">linux-kernel-cve20141444-info-disc(90443)</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2129-1" source="UBUNTU">USN-2129-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2128-1" source="UBUNTU">USN-2128-1</ref>
+      <ref url="http://www.securityfocus.com/bid/64952" source="BID">64952</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96b340406724d87e4621284ebac5e059d67b2194" source="CONFIRM">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96b340406724d87e4621284ebac5e059d67b2194</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers prev="1" num="3.11.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1445" published="2014-01-18" name="CVE-2014-1445" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/2b13d06c9584b4eb773f1e80bbaedab9a1c344e1" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/2b13d06c9584b4eb773f1e80bbaedab9a1c344e1</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/15/3" source="MLIST" patch="1">[oss-security] 20140115 Re: CVE request: assorted kernel infoleak security fixes</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1053613" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1053613</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90444" source="XF">linux-kernel-cve20141445-info-disc(90444)</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2129-1" source="UBUNTU">USN-2129-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2128-1" source="UBUNTU">USN-2128-1</ref>
+      <ref url="http://www.securityfocus.com/bid/64953" source="BID">64953</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers prev="1" num="3.11.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1446" published="2014-01-18" name="CVE-2014-1446" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="1.9" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.4" CVSS_base_score="1.9">
+    <desc>
+      <descript source="cve">The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/8e3fbf870481eb53b2d3a322d1fc395ad8b367ed" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/8e3fbf870481eb53b2d3a322d1fc395ad8b367ed</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1053620" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1053620</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90445" source="XF">linux-kernel-cve20141446-info-disc(90445)</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2141-1" source="UBUNTU">USN-2141-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2139-1" source="UBUNTU">USN-2139-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2138-1" source="UBUNTU">USN-2138-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2136-1" source="UBUNTU">USN-2136-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2135-1" source="UBUNTU">USN-2135-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2134-1" source="UBUNTU">USN-2134-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2133-1" source="UBUNTU">USN-2133-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2129-1" source="UBUNTU">USN-2129-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2128-1" source="UBUNTU">USN-2128-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2117-1" source="UBUNTU">USN-2117-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2113-1" source="UBUNTU">USN-2113-1</ref>
+      <ref url="http://www.securityfocus.com/bid/64954" source="BID">64954</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/15/3" source="MLIST">[oss-security] 20140115 Re: CVE request: assorted kernel infoleak security fixes</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:038" source="MANDRIVA">MDVSA-2014:038</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126874.html" source="FEDORA">FEDORA-2014-1062</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-January/126858.html" source="FEDORA">FEDORA-2014-1072</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8e3fbf870481eb53b2d3a322d1fc395ad8b367ed" source="CONFIRM">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8e3fbf870481eb53b2d3a322d1fc395ad8b367ed</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers prev="1" num="3.12.7"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1447" published="2014-01-24" name="CVE-2014-1447" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="3.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.5" CVSS_base_score="3.3">
+    <desc>
+      <descript source="cve">Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1047577" source="CONFIRM" adv="1">https://bugzilla.redhat.com/show_bug.cgi?id=1047577</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2093-1" source="UBUNTU">USN-2093-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029695" source="SECTRACK">1029695</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2846" source="DEBIAN">DSA-2846</ref>
+      <ref url="http://secunia.com/advisories/56446" source="SECUNIA" adv="1">56446</ref>
+      <ref url="http://secunia.com/advisories/56321" source="SECUNIA" adv="1">56321</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0103.html" source="REDHAT">RHSA-2014:0103</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00062.html" source="SUSE">openSUSE-SU-2014:0270</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00060.html" source="SUSE">openSUSE-SU-2014:0268</ref>
+      <ref url="http://libvirt.org/news.html" source="CONFIRM">http://libvirt.org/news.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="redhat" name="libvirt">
+        <vers num="0.0.1"/>
+        <vers num="0.0.2"/>
+        <vers num="0.0.3"/>
+        <vers num="0.0.4"/>
+        <vers num="0.0.5"/>
+        <vers num="0.0.6"/>
+        <vers num="0.1.0"/>
+        <vers num="0.1.1"/>
+        <vers num="0.1.3"/>
+        <vers num="0.1.4"/>
+        <vers num="0.1.5"/>
+        <vers num="0.1.6"/>
+        <vers num="0.1.7"/>
+        <vers num="0.1.8"/>
+        <vers num="0.1.9"/>
+        <vers num="0.10.0"/>
+        <vers num="0.10.1"/>
+        <vers num="0.10.2"/>
+        <vers num="0.10.2.1"/>
+        <vers num="0.10.2.2"/>
+        <vers num="0.10.2.3"/>
+        <vers num="0.10.2.4"/>
+        <vers num="0.10.2.5"/>
+        <vers num="0.10.2.6"/>
+        <vers num="0.10.2.7"/>
+        <vers num="0.10.2.8"/>
+        <vers num="0.2.0"/>
+        <vers num="0.2.1"/>
+        <vers num="0.2.2"/>
+        <vers num="0.2.3"/>
+        <vers num="0.3.0"/>
+        <vers num="0.3.1"/>
+        <vers num="0.3.2"/>
+        <vers num="0.3.3"/>
+        <vers num="0.4.0"/>
+        <vers num="0.4.1"/>
+        <vers num="0.4.2"/>
+        <vers num="0.4.3"/>
+        <vers num="0.4.4"/>
+        <vers num="0.4.5"/>
+        <vers num="0.4.6"/>
+        <vers num="0.5.0"/>
+        <vers num="0.5.1"/>
+        <vers num="0.6.0"/>
+        <vers num="0.6.1"/>
+        <vers num="0.6.2"/>
+        <vers num="0.6.3"/>
+        <vers num="0.6.4"/>
+        <vers num="0.6.5"/>
+        <vers num="0.7.0"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.7.4"/>
+        <vers num="0.7.5"/>
+        <vers num="0.7.6"/>
+        <vers num="0.7.7"/>
+        <vers num="0.8.0"/>
+        <vers num="0.8.1"/>
+        <vers num="0.8.2"/>
+        <vers num="0.8.3"/>
+        <vers num="0.8.4"/>
+        <vers num="0.8.5"/>
+        <vers num="0.8.6"/>
+        <vers num="0.8.7"/>
+        <vers num="0.8.8"/>
+        <vers num="0.9.0"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.10"/>
+        <vers num="0.9.11"/>
+        <vers num="0.9.11.1"/>
+        <vers num="0.9.11.2"/>
+        <vers num="0.9.11.3"/>
+        <vers num="0.9.11.4"/>
+        <vers num="0.9.11.5"/>
+        <vers num="0.9.11.6"/>
+        <vers num="0.9.11.7"/>
+        <vers num="0.9.11.8"/>
+        <vers num="0.9.12"/>
+        <vers num="0.9.13"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="0.9.4"/>
+        <vers num="0.9.5"/>
+        <vers num="0.9.6"/>
+        <vers num="0.9.6.1"/>
+        <vers num="0.9.6.2"/>
+        <vers num="0.9.6.3"/>
+        <vers num="0.9.7"/>
+        <vers num="0.9.8"/>
+        <vers num="0.9.9"/>
+        <vers num="1.0.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.5.1"/>
+        <vers num="1.0.5.2"/>
+        <vers num="1.0.5.3"/>
+        <vers num="1.0.5.4"/>
+        <vers num="1.0.5.5"/>
+        <vers num="1.0.5.6"/>
+        <vers num="1.0.6"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.3"/>
+        <vers num="1.1.4"/>
+        <vers prev="1" num="1.2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-1448" reject="1" published="2014-01-15" name="CVE-2014-1448" modified="2014-01-15">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-1447.  Reason: This candidate is a reservation duplicate of CVE-2014-1447.  Only one candidate was needed for the disclosure in question.  Notes: All CVE users should reference CVE-2014-1447 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
+    </desc>
+    <refs/>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1452" published="2014-01-21" name="CVE-2014-1452" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.5" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted GETBULK PDU request.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://svnweb.freebsd.org/base?view=revision&amp;amp;revision=260636" source="CONFIRM" patch="1">http://svnweb.freebsd.org/base?view=revision&amp;amp;revision=260636</ref>
+      <ref url="http://www.securitytracker.com/id/1029616" source="SECTRACK">1029616</ref>
+      <ref url="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:01.bsnmpd.asc" source="FREEBSD" adv="1">FreeBSD-SA-14:01</ref>
+      <ref url="http://secunia.com/advisories/56496" source="SECUNIA" adv="1">56496</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="freebsd" name="freebsd">
+        <vers num="10.0"/>
+        <vers num="8.3"/>
+        <vers num="8.4"/>
+        <vers num="9.0"/>
+        <vers num="9.1" edition="release-p4"/>
+        <vers num="9.1" edition="release-p5"/>
+        <vers num="9.2" edition="prerelease"/>
+        <vers num="9.2" edition="rc1"/>
+        <vers num="9.2" edition="rc2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1453" published="2014-04-16" name="CVE-2014-1453" modified="2014-04-17" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquire locks in the proper order when converting a directory file handle to a vnode, which allows remote authenticated users to cause a denial of service (deadlock) via vectors involving a thread that uses the correct locking order.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1030041" source="SECTRACK">1030041</ref>
+      <ref url="http://www.securityfocus.com/bid/66726" source="BID">66726</ref>
+      <ref url="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:05.nfsserver.asc" source="FREEBSD" adv="1">FreeBSD-SA-14:05</ref>
+      <ref url="http://secunia.com/advisories/57760" source="SECUNIA" adv="1">57760</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="freebsd" name="freebsd">
+        <vers num="10.0"/>
+        <vers num="8.3"/>
+        <vers num="8.4"/>
+        <vers num="9.0" edition="beta1"/>
+        <vers num="9.0" edition="beta2"/>
+        <vers num="9.0" edition="beta3"/>
+        <vers num="9.1" edition="release-p4"/>
+        <vers num="9.1" edition="release-p5"/>
+        <vers num="9.2" edition="prerelease"/>
+        <vers num="9.2" edition="rc1"/>
+        <vers num="9.2" edition="rc2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1455" published="2014-04-10" name="CVE-2014-1455" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student Information System, possibly 3.3.0.13 and earlier, allows remote attackers to execute arbitrary SQL commands via the new password.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531751/100/0/threaded" source="BUGTRAQ">20140406 Pearson eSIS Enterprise Student Information System SQL Injection</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="pearson" name="esis_enterprise_student_information_system">
+        <vers prev="1" num="3.3.0.13"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1456" published="2014-02-28" name="CVE-2014-1456" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91124" source="XF">owa-cve20141456-xss(91124)</ref>
+      <ref url="http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004" source="MISC">http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004</ref>
+      <ref url="http://www.openwebanalytics.com/?p=384" source="MISC" adv="1">http://www.openwebanalytics.com/?p=384</ref>
+      <ref url="http://secunia.com/advisories/56885" source="SECUNIA" adv="1">56885</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openwebanalytics" name="open_web_analytics">
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8" edition="rc1"/>
+        <vers num="1.0.8" edition="rc2"/>
+        <vers num="1.0.8" edition="rc3"/>
+        <vers num="1.0.8" edition="rc4"/>
+        <vers num="1.0.8" edition="rc5"/>
+        <vers num="1.1.0" edition="rc1"/>
+        <vers num="1.1.0" edition="rc2"/>
+        <vers num="1.1.0" edition="rc3"/>
+        <vers num="1.1.0" edition="rc4"/>
+        <vers num="1.1.1"/>
+        <vers num="1.2.0" edition="rc1"/>
+        <vers num="1.2.0" edition="rc2"/>
+        <vers num="1.2.0" edition="rc3"/>
+        <vers num="1.2.1" edition="rc1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.3.0" edition="rc1"/>
+        <vers num="1.3.1"/>
+        <vers num="1.4.0" edition="rc1"/>
+        <vers num="1.4.0" edition="rc2"/>
+        <vers num="1.4.0" edition="rc3"/>
+        <vers num="1.4.0" edition="rc4"/>
+        <vers num="1.4.1"/>
+        <vers num="1.5.0" edition="rc1"/>
+        <vers num="1.5.0" edition="rc2"/>
+        <vers num="1.5.0" edition="rc3"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers prev="1" num="1.5.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1458" published="2014-02-04" name="CVE-2014-1458" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90978" source="XF">fortiweb-cve20141458-xss(90978)</ref>
+      <ref url="http://www.fortiguard.com/advisory/FG-IR-14-001/" source="CONFIRM" adv="1">http://www.fortiguard.com/advisory/FG-IR-14-001/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="fortinet" name="fortiweb">
+        <vers prev="1" num="5.0.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1459" published="2014-02-11" name="CVE-2014-1459" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter.  NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23197" source="MISC">https://www.htbridge.com/advisory/HTB23197</ref>
+      <ref url="https://github.com/doorgets/doorGets/commit/6b81541fc1e5dd1c70614585c1a04d04ccdb3b19" source="CONFIRM">https://github.com/doorgets/doorGets/commit/6b81541fc1e5dd1c70614585c1a04d04ccdb3b19</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90967" source="XF">doorgets-cve20141459-sql-injection(90967)</ref>
+      <ref url="http://www.securityfocus.com/bid/65439" source="BID">65439</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/530931/100/0/threaded" source="BUGTRAQ">20140205 SQL Injection in doorGets CMS</ref>
+      <ref url="http://www.exploit-db.com/exploits/31521" source="EXPLOIT-DB">31521</ref>
+      <ref url="http://packetstormsecurity.com/files/125078" source="MISC">http://packetstormsecurity.com/files/125078</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="doorgets" name="doorgets_cms">
+        <vers num="3.0"/>
+        <vers num="4.0"/>
+        <vers prev="1" num="5.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1466" published="2014-01-15" name="CVE-2014-1466" modified="2014-01-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90210" source="XF">cpsmysql-login-sql-injection(90210)</ref>
+      <ref url="http://www.securityfocus.com/bid/64731" source="BID">64731</ref>
+      <ref url="http://secunia.com/advisories/56348" source="SECUNIA">56348</ref>
+      <ref url="http://packetstormsecurity.com/files/124724/cspmysql-sql.txt" source="MISC">http://packetstormsecurity.com/files/124724/cspmysql-sql.txt</ref>
+      <ref url="http://osvdb.org/101867" source="OSVDB">101867</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="csp_mysql_user_manager_project" name="csp_mysql_user_manager">
+        <vers num="2.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1467" published="2014-02-14" name="CVE-2014-1467" modified="2014-02-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.blackberry.com/btsc/KB35647" source="CONFIRM" adv="1">http://www.blackberry.com/btsc/KB35647</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="blackberry" name="blackberry_enterprise_service">
+        <vers num="10.0"/>
+        <vers num="10.1.0"/>
+        <vers num="10.1.2"/>
+        <vers num="10.2.0"/>
+      </prod>
+      <prod vendor="blackberry" name="blackberry_universal_device_service">
+        <vers num="6.0"/>
+      </prod>
+      <prod vendor="blackberry" name="enterprise_server">
+        <vers prev="1" num="5.0.4" edition="mr6:~~~lotus_domino~~"/>
+        <vers prev="1" num="5.0.4" edition="mr6:~~~exchange_server~~"/>
+        <vers prev="1" num="5.0.4" edition="mr6:~~~groupwise~~"/>
+      </prod>
+      <prod vendor="blackberry" name="enterprise_server_express">
+        <vers prev="1" num="5.0.4" edition=":~~~exchange_server~~"/>
+        <vers prev="1" num="5.0.4" edition=":~~~lotus_domino~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1471" published="2014-02-04" name="CVE-2014-1471" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.otrs.com/security-advisory-2014-02-sql-injection-issue" source="CONFIRM" patch="1" adv="1">https://www.otrs.com/security-advisory-2014-02-sql-injection-issue</ref>
+      <ref url="https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949" source="CONFIRM" patch="1">https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949</ref>
+      <ref url="https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d" source="CONFIRM" patch="1">https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d</ref>
+      <ref url="https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82" source="CONFIRM" patch="1">https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82</ref>
+      <ref url="https://www.otrs.com/release-notes-otrs-help-desk-3-3-4" source="CONFIRM">https://www.otrs.com/release-notes-otrs-help-desk-3-3-4</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/29/15" source="MLIST">[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2867" source="DEBIAN">DSA-2867</ref>
+      <ref url="http://secunia.com/advisories/56655" source="SECUNIA" adv="1">56655</ref>
+      <ref url="http://secunia.com/advisories/56644" source="SECUNIA" adv="1">56644</ref>
+      <ref url="http://osvdb.org/102661" source="OSVDB">102661</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="otrs" name="otrs">
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.18"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.2.0" edition="beta1"/>
+        <vers num="3.2.0" edition="beta2"/>
+        <vers num="3.2.0" edition="beta3"/>
+        <vers num="3.2.0" edition="beta4"/>
+        <vers num="3.2.0" edition="beta5"/>
+        <vers num="3.2.0" edition="rc1"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3.0" edition="beta1"/>
+        <vers num="3.3.0" edition="beta2"/>
+        <vers num="3.3.0" edition="beta3"/>
+        <vers num="3.3.0" edition="beta4"/>
+        <vers num="3.3.0" edition="beta5"/>
+        <vers num="3.3.0" edition="rc1"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1472" published="2014-01-16" name="CVE-2014-1472" modified="2014-01-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10061" source="CONFIRM" adv="1">https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10061</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90244" source="XF">mcafee-vm-unspec-xss(90244)</ref>
+      <ref url="http://www.securitytracker.com/id/1029591" source="SECTRACK">1029591</ref>
+      <ref url="http://www.securityfocus.com/bid/64795" source="BID">64795</ref>
+      <ref url="http://secunia.com/advisories/56394" source="SECUNIA" adv="1">56394</ref>
+      <ref url="http://osvdb.org/101940" source="OSVDB">101940</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mcafee" name="vulnerability_manager">
+        <vers num="7.0.11"/>
+        <vers num="7.5.4"/>
+        <vers prev="1" num="7.5.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1473" published="2014-01-16" name="CVE-2014-1473" modified="2014-01-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Multiple cross-site request forgery (CSRF) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to hijack the authentication of users for requests that modify HTML via unspecified vectors related to the "response web page."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10061" source="CONFIRM" adv="1">https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10061</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90245" source="XF">mcafee-vm-unspec-csrf(90245)</ref>
+      <ref url="http://www.securitytracker.com/id/1029591" source="SECTRACK">1029591</ref>
+      <ref url="http://www.securityfocus.com/bid/64795" source="BID">64795</ref>
+      <ref url="http://secunia.com/advisories/56394" source="SECUNIA" adv="1">56394</ref>
+      <ref url="http://osvdb.org/101939" source="OSVDB">101939</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mcafee" name="vulnerability_manager">
+        <vers num="7.0.11"/>
+        <vers num="7.5.4"/>
+        <vers prev="1" num="7.5.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1475" published="2014-01-24" name="CVE-2014-1475" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://drupal.org/SA-CORE-2014-001" source="CONFIRM" adv="1">https://drupal.org/SA-CORE-2014-001</ref>
+      <ref url="http://www.securityfocus.com/bid/64973" source="BID">64973</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:031" source="MANDRIVA">MDVSA-2014:031</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2851" source="DEBIAN">DSA-2851</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2847" source="DEBIAN">DSA-2847</ref>
+      <ref url="http://secunia.com/advisories/56601" source="SECUNIA">56601</ref>
+      <ref url="http://secunia.com/advisories/56260" source="SECUNIA" adv="1">56260</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="drupal" name="drupal">
+        <vers num="6.0" edition="beta1"/>
+        <vers num="6.0" edition="beta2"/>
+        <vers num="6.0" edition="beta3"/>
+        <vers num="6.0" edition="beta4"/>
+        <vers num="6.0" edition="dev"/>
+        <vers num="6.0" edition="rc-1"/>
+        <vers num="6.0" edition="rc-2"/>
+        <vers num="6.0" edition="rc-3"/>
+        <vers num="6.0" edition="rc-4"/>
+        <vers num="6.0" edition="rc1"/>
+        <vers num="6.0" edition="rc2"/>
+        <vers num="6.0" edition="rc3"/>
+        <vers num="6.0" edition="rc4"/>
+        <vers num="6.1"/>
+        <vers num="6.10"/>
+        <vers num="6.11"/>
+        <vers num="6.12"/>
+        <vers num="6.13"/>
+        <vers num="6.14"/>
+        <vers num="6.15"/>
+        <vers num="6.16"/>
+        <vers num="6.17"/>
+        <vers num="6.18"/>
+        <vers num="6.19"/>
+        <vers num="6.2"/>
+        <vers num="6.20"/>
+        <vers num="6.21"/>
+        <vers num="6.22"/>
+        <vers num="6.23"/>
+        <vers num="6.24"/>
+        <vers num="6.25"/>
+        <vers num="6.26"/>
+        <vers num="6.27"/>
+        <vers num="6.28"/>
+        <vers num="7.0" edition="alpha1"/>
+        <vers num="7.0" edition="alpha2"/>
+        <vers num="7.0" edition="alpha3"/>
+        <vers num="7.0" edition="alpha4"/>
+        <vers num="7.0" edition="alpha5"/>
+        <vers num="7.0" edition="alpha6"/>
+        <vers num="7.0" edition="alpha7"/>
+        <vers num="7.0" edition="beta1"/>
+        <vers num="7.0" edition="beta2"/>
+        <vers num="7.0" edition="beta3"/>
+        <vers num="7.0" edition="dev"/>
+        <vers num="7.0" edition="rc1"/>
+        <vers num="7.0" edition="rc2"/>
+        <vers num="7.0" edition="rc3"/>
+        <vers num="7.0" edition="rc4"/>
+        <vers num="7.1"/>
+        <vers num="7.10"/>
+        <vers num="7.11"/>
+        <vers num="7.12"/>
+        <vers num="7.13"/>
+        <vers num="7.14"/>
+        <vers num="7.15"/>
+        <vers num="7.16"/>
+        <vers num="7.17"/>
+        <vers num="7.18"/>
+        <vers num="7.19"/>
+        <vers num="7.2"/>
+        <vers num="7.20"/>
+        <vers num="7.21"/>
+        <vers num="7.22"/>
+        <vers num="7.23"/>
+        <vers num="7.24"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1476" published="2014-01-24" name="CVE-2014-1476" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://drupal.org/SA-CORE-2014-001" source="CONFIRM">https://drupal.org/SA-CORE-2014-001</ref>
+      <ref url="http://www.securityfocus.com/bid/64973" source="BID">64973</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:031" source="MANDRIVA">MDVSA-2014:031</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2847" source="DEBIAN">DSA-2847</ref>
+      <ref url="http://secunia.com/advisories/56260" source="SECUNIA" adv="1">56260</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="drupal" name="drupal">
+        <vers num="7.0" edition="alpha1"/>
+        <vers num="7.0" edition="alpha2"/>
+        <vers num="7.0" edition="alpha3"/>
+        <vers num="7.0" edition="alpha4"/>
+        <vers num="7.0" edition="alpha5"/>
+        <vers num="7.0" edition="alpha6"/>
+        <vers num="7.0" edition="alpha7"/>
+        <vers num="7.0" edition="beta1"/>
+        <vers num="7.0" edition="beta2"/>
+        <vers num="7.0" edition="beta3"/>
+        <vers num="7.0" edition="dev"/>
+        <vers num="7.0" edition="rc1"/>
+        <vers num="7.0" edition="rc2"/>
+        <vers num="7.0" edition="rc3"/>
+        <vers num="7.0" edition="rc4"/>
+        <vers num="7.1"/>
+        <vers num="7.10"/>
+        <vers num="7.11"/>
+        <vers num="7.12"/>
+        <vers num="7.13"/>
+        <vers num="7.14"/>
+        <vers num="7.15"/>
+        <vers num="7.16"/>
+        <vers num="7.17"/>
+        <vers num="7.18"/>
+        <vers num="7.19"/>
+        <vers num="7.2"/>
+        <vers num="7.20"/>
+        <vers num="7.21"/>
+        <vers num="7.22"/>
+        <vers num="7.23"/>
+        <vers num="7.24"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1477" published="2014-02-06" name="CVE-2014-1477" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=953114" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=953114</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=951366" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=951366</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=950438" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=950438</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=950000" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=950000</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=945939" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=945939</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=945334" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=945334</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=937697" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=937697</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=937132" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=937132</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=936808" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=936808</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=925896" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=925896</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=921470" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=921470</ref>
+      <ref url="https://8pecxstudios.com/?page_id=44080" source="CONFIRM">https://8pecxstudios.com/?page_id=44080</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2119-1" source="UBUNTU">USN-2119-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-01.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-01.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2858" source="DEBIAN">DSA-2858</ref>
+      <ref url="http://secunia.com/advisories/56706" source="SECUNIA">56706</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0133.html" source="REDHAT">RHSA-2014:0133</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0132.html" source="REDHAT">RHSA-2014:0132</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" source="SUSE">openSUSE-SU-2014:0213</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" source="FEDORA">FEDORA-2014-2083</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" source="FEDORA">FEDORA-2014-2041</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers prev="1" num="24.2"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1478" published="2014-02-06" name="CVE-2014-1478" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=953373" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=953373</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=950452" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=950452</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=946733" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=946733</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=945585" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=945585</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=944851" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=944851</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=944321" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=944321</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=944278" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=944278</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=942940" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=942940</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=942152" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=942152</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=939472" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=939472</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=938431" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=938431</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=932162" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=932162</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=925308" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=925308</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=924348" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=924348</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=922603" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=922603</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=916635" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=916635</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=911845" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=911845</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=911707" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=911707</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=867597" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=867597</ref>
+      <ref url="https://8pecxstudios.com/?page_id=44080" source="CONFIRM">https://8pecxstudios.com/?page_id=44080</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-01.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-01.html</ref>
+      <ref url="http://secunia.com/advisories/56706" source="SECUNIA">56706</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" source="SUSE">openSUSE-SU-2014:0213</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1479" published="2014-02-06" name="CVE-2014-1479" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=911864" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=911864</ref>
+      <ref url="https://8pecxstudios.com/?page_id=44080" source="CONFIRM">https://8pecxstudios.com/?page_id=44080</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2119-1" source="UBUNTU">USN-2119-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-02.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-02.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2858" source="DEBIAN">DSA-2858</ref>
+      <ref url="http://secunia.com/advisories/56706" source="SECUNIA">56706</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0133.html" source="REDHAT">RHSA-2014:0133</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0132.html" source="REDHAT">RHSA-2014:0132</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" source="SUSE">openSUSE-SU-2014:0213</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" source="FEDORA">FEDORA-2014-2083</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" source="FEDORA">FEDORA-2014-2041</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers prev="1" num="24.2"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1480" published="2014-02-06" name="CVE-2014-1480" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=916726" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=916726</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-03.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-03.html</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1481" published="2014-02-06" name="CVE-2014-1481" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=936056" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=936056</ref>
+      <ref url="https://8pecxstudios.com/?page_id=44080" source="CONFIRM">https://8pecxstudios.com/?page_id=44080</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2119-1" source="UBUNTU">USN-2119-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-13.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-13.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2858" source="DEBIAN">DSA-2858</ref>
+      <ref url="http://secunia.com/advisories/56706" source="SECUNIA">56706</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0133.html" source="REDHAT">RHSA-2014:0133</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0132.html" source="REDHAT">RHSA-2014:0132</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" source="SUSE">openSUSE-SU-2014:0213</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" source="FEDORA">FEDORA-2014-2083</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" source="FEDORA">FEDORA-2014-2041</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers prev="1" num="24.2"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1482" published="2014-02-06" name="CVE-2014-1482" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=943803" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=943803</ref>
+      <ref url="https://8pecxstudios.com/?page_id=44080" source="CONFIRM">https://8pecxstudios.com/?page_id=44080</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2119-1" source="UBUNTU">USN-2119-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-04.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-04.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2858" source="DEBIAN">DSA-2858</ref>
+      <ref url="http://secunia.com/advisories/56706" source="SECUNIA">56706</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0133.html" source="REDHAT">RHSA-2014:0133</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0132.html" source="REDHAT">RHSA-2014:0132</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" source="SUSE">openSUSE-SU-2014:0213</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" source="FEDORA">FEDORA-2014-2083</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" source="FEDORA">FEDORA-2014-2041</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers prev="1" num="24.2"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1483" published="2014-02-06" name="CVE-2014-1483" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=950427" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=950427</ref>
+      <ref url="https://8pecxstudios.com/?page_id=44080" source="CONFIRM">https://8pecxstudios.com/?page_id=44080</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-05.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-05.html</ref>
+      <ref url="http://secunia.com/advisories/56706" source="SECUNIA">56706</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1484" published="2014-02-06" name="CVE-2014-1484" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=953993" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=953993</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-06.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-06.html</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html" source="BUGTRAQ">20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1485" published="2014-02-06" name="CVE-2014-1485" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=910139" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=910139</ref>
+      <ref url="https://8pecxstudios.com/?page_id=44080" source="CONFIRM">https://8pecxstudios.com/?page_id=44080</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-07.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-07.html</ref>
+      <ref url="http://secunia.com/advisories/56706" source="SECUNIA">56706</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1486" published="2014-02-06" name="CVE-2014-1486" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=942164" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=942164</ref>
+      <ref url="https://8pecxstudios.com/?page_id=44080" source="CONFIRM">https://8pecxstudios.com/?page_id=44080</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2119-1" source="UBUNTU">USN-2119-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-08.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-08.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2858" source="DEBIAN">DSA-2858</ref>
+      <ref url="http://secunia.com/advisories/56706" source="SECUNIA">56706</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0133.html" source="REDHAT">RHSA-2014:0133</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0132.html" source="REDHAT">RHSA-2014:0132</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" source="SUSE">openSUSE-SU-2014:0213</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" source="FEDORA">FEDORA-2014-2083</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" source="FEDORA">FEDORA-2014-2041</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers prev="1" num="24.2"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1487" published="2014-02-06" name="CVE-2014-1487" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=947592" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=947592</ref>
+      <ref url="https://8pecxstudios.com/?page_id=44080" source="CONFIRM">https://8pecxstudios.com/?page_id=44080</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2119-1" source="UBUNTU">USN-2119-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-09.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-09.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2858" source="DEBIAN">DSA-2858</ref>
+      <ref url="http://secunia.com/advisories/56706" source="SECUNIA">56706</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0133.html" source="REDHAT">RHSA-2014:0133</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0132.html" source="REDHAT">RHSA-2014:0132</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" source="SUSE">openSUSE-SU-2014:0213</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" source="FEDORA">FEDORA-2014-2083</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" source="FEDORA">FEDORA-2014-2041</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers prev="1" num="24.2"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1488" published="2014-02-06" name="CVE-2014-1488" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=950604" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=950604</ref>
+      <ref url="https://8pecxstudios.com/?page_id=44080" source="CONFIRM">https://8pecxstudios.com/?page_id=44080</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-11.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-11.html</ref>
+      <ref url="http://secunia.com/advisories/56706" source="SECUNIA">56706</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1489" published="2014-02-06" name="CVE-2014-1489" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=959531" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=959531</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-10.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-10.html</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1490" published="2014-02-06" name="CVE-2014-1490" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=930874" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=930874</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=930857" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=930857</ref>
+      <ref url="https://8pecxstudios.com/?page_id=44080" source="CONFIRM">https://8pecxstudios.com/?page_id=44080</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2119-1" source="UBUNTU">USN-2119-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-12.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-12.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2858" source="DEBIAN">DSA-2858</ref>
+      <ref url="http://secunia.com/advisories/56706" source="SECUNIA">56706</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" source="SUSE">openSUSE-SU-2014:0213</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" source="FEDORA">FEDORA-2014-2083</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" source="FEDORA">FEDORA-2014-2041</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+      </prod>
+      <prod vendor="mozilla" name="network_security_services">
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.3.1"/>
+        <vers num="3.12.3.2"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.14"/>
+        <vers num="3.14.1"/>
+        <vers num="3.14.2"/>
+        <vers num="3.14.3"/>
+        <vers num="3.14.4"/>
+        <vers num="3.14.5"/>
+        <vers num="3.15"/>
+        <vers num="3.15.1"/>
+        <vers num="3.15.2"/>
+        <vers num="3.15.3"/>
+        <vers num="3.2"/>
+        <vers num="3.2.1"/>
+        <vers num="3.3"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.4"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.2"/>
+        <vers num="3.5"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.7"/>
+        <vers num="3.8"/>
+        <vers num="3.9"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers prev="1" num="24.2"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1491" published="2014-02-06" name="CVE-2014-1491" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=934545" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=934545</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2119-1" source="UBUNTU">USN-2119-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-2" source="UBUNTU">USN-2102-2</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2102-1" source="UBUNTU">USN-2102-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-12.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-12.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2858" source="DEBIAN">DSA-2858</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html" source="SUSE">SUSE-SU-2014:0248</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html" source="SUSE">openSUSE-SU-2014:0213</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html" source="SUSE">openSUSE-SU-2014:0212</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html" source="FEDORA">FEDORA-2014-2083</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html" source="FEDORA">FEDORA-2014-2041</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers prev="1" num="26.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+      </prod>
+      <prod vendor="mozilla" name="network_security_services">
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.3.1"/>
+        <vers num="3.12.3.2"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.14"/>
+        <vers num="3.14.1"/>
+        <vers num="3.14.2"/>
+        <vers num="3.14.3"/>
+        <vers num="3.14.4"/>
+        <vers num="3.14.5"/>
+        <vers num="3.15"/>
+        <vers num="3.15.1"/>
+        <vers num="3.15.2"/>
+        <vers num="3.15.3"/>
+        <vers num="3.2"/>
+        <vers num="3.2.1"/>
+        <vers num="3.3"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.4"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.2"/>
+        <vers num="3.5"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.7"/>
+        <vers num="3.8"/>
+        <vers num="3.9"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers prev="1" num="2.24" edition="beta1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers prev="1" num="24.2"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1492" published="2014-03-25" name="CVE-2014-1492" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://hg.mozilla.org/projects/nss/rev/709d4e597979" source="CONFIRM" patch="1">https://hg.mozilla.org/projects/nss/rev/709d4e597979</ref>
+      <ref url="https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes" source="CONFIRM">https://developer.mozilla.org/en-US/docs/NSS/NSS_3.16_release_notes</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1079851" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1079851</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=903885" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=903885</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2159-1" source="UBUNTU">USN-2159-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="network_security_services">
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.3.1"/>
+        <vers num="3.12.3.2"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.14"/>
+        <vers num="3.14.1"/>
+        <vers num="3.14.2"/>
+        <vers num="3.14.3"/>
+        <vers num="3.14.4"/>
+        <vers num="3.14.5"/>
+        <vers num="3.15"/>
+        <vers num="3.15.1"/>
+        <vers num="3.15.2"/>
+        <vers num="3.15.3"/>
+        <vers num="3.15.3.1"/>
+        <vers num="3.15.4"/>
+        <vers prev="1" num="3.15.5"/>
+        <vers num="3.2"/>
+        <vers num="3.2.1"/>
+        <vers num="3.3"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.4"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.2"/>
+        <vers num="3.5"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.7"/>
+        <vers num="3.8"/>
+        <vers num="3.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1493" published="2014-03-19" name="CVE-2014-1493" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=977538" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=977538</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=967341" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=967341</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=965982" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=965982</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=963974" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=963974</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=960145" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=960145</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=958867" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=958867</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=896268" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=896268</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2151-1" source="UBUNTU">USN-2151-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-15.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-15.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2881" source="DEBIAN">DSA-2881</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0316.html" source="REDHAT">RHSA-2014:0316</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0310.html" source="REDHAT">RHSA-2014:0310</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers prev="1" num="24.3"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1494" published="2014-03-19" name="CVE-2014-1494" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=964462" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=964462</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=949843" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=949843</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=938626" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=938626</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=938615" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=938615</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=933219" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=933219</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=932496" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=932496</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=927579" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=927579</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=909586" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=909586</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=627295" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=627295</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-15.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-15.html</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1496" published="2014-03-19" name="CVE-2014-1496" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=925747" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=925747</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-16.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-16.html</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers prev="1" num="24.3"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1497" published="2014-03-19" name="CVE-2014-1497" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=966311" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=966311</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2151-1" source="UBUNTU">USN-2151-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-17.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-17.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2881" source="DEBIAN">DSA-2881</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0316.html" source="REDHAT">RHSA-2014:0316</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0310.html" source="REDHAT">RHSA-2014:0310</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers prev="1" num="24.3"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1498" published="2014-03-19" name="CVE-2014-1498" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=935618" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=935618</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-18.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-18.html</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1499" published="2014-03-19" name="CVE-2014-1499" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=961512" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=961512</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-19.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-19.html</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1500" published="2014-03-19" name="CVE-2014-1500" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=956524" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=956524</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-20.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-20.html</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1501" published="2014-03-19" name="CVE-2014-1501" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=960135" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=960135</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-21.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-21.html</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1502" published="2014-03-19" name="CVE-2014-1502" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=972622" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=972622</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-22.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-22.html</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1504" published="2014-03-19" name="CVE-2014-1504" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:P/A:N)" CVSS_score="2.6" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=911547" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=911547</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-23.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-23.html</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1505" published="2014-03-19" name="CVE-2014-1505" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a different domain, via a timing attack involving feDisplacementMap elements, a related issue to CVE-2013-1693.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=941887" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=941887</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2151-1" source="UBUNTU">USN-2151-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-28.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-28.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2881" source="DEBIAN">DSA-2881</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0316.html" source="REDHAT">RHSA-2014:0316</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0310.html" source="REDHAT">RHSA-2014:0310</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers prev="1" num="24.3"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1506" published="2014-03-19" name="CVE-2014-1506" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:P)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=944374" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=944374</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-24.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-24.html</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html" source="BUGTRAQ">20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1507" published="2014-03-19" name="CVE-2014-1507" modified="2014-03-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=940684" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=940684</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-25.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-25.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefoxos">
+        <vers prev="1" num="1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1508" published="2014-03-19" name="CVE-2014-1508" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=963198" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=963198</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2151-1" source="UBUNTU">USN-2151-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-26.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-26.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2881" source="DEBIAN">DSA-2881</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0316.html" source="REDHAT">RHSA-2014:0316</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0310.html" source="REDHAT">RHSA-2014:0310</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers prev="1" num="24.3"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1509" published="2014-03-19" name="CVE-2014-1509" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:C/I:C/A:C)" CVSS_score="7.6" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="4.9" CVSS_base_score="7.6">
+    <desc>
+      <descript source="cve">Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=966021" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=966021</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2151-1" source="UBUNTU">USN-2151-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-27.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-27.html</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0316.html" source="REDHAT">RHSA-2014:0316</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0310.html" source="REDHAT">RHSA-2014:0310</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers prev="1" num="24.3"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1510" published="2014-03-19" name="CVE-2014-1510" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=982906" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=982906</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2151-1" source="UBUNTU">USN-2151-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-29.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-29.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2881" source="DEBIAN">DSA-2881</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0316.html" source="REDHAT">RHSA-2014:0316</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0310.html" source="REDHAT">RHSA-2014:0310</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers prev="1" num="24.3"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1511" published="2014-03-19" name="CVE-2014-1511" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=982909" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=982909</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2151-1" source="UBUNTU">USN-2151-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-29.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-29.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2881" source="DEBIAN">DSA-2881</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0316.html" source="REDHAT">RHSA-2014:0316</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0310.html" source="REDHAT">RHSA-2014:0310</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers prev="1" num="24.3"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1512" published="2014-03-19" name="CVE-2014-1512" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=982957" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=982957</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2151-1" source="UBUNTU">USN-2151-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-30.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-30.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2881" source="DEBIAN">DSA-2881</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0316.html" source="REDHAT">RHSA-2014:0316</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0310.html" source="REDHAT">RHSA-2014:0310</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0145.html" source="BUGTRAQ">20140326 VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers prev="1" num="24.3"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1513" published="2014-03-19" name="CVE-2014-1513" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=982974" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=982974</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2151-1" source="UBUNTU">USN-2151-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-31.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-31.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2881" source="DEBIAN">DSA-2881</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0316.html" source="REDHAT">RHSA-2014:0316</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0310.html" source="REDHAT">RHSA-2014:0310</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers prev="1" num="24.3"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1514" published="2014-03-19" name="CVE-2014-1514" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=983344" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=983344</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2151-1" source="UBUNTU">USN-2151-1</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-32.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-32.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2881" source="DEBIAN">DSA-2881</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0316.html" source="REDHAT">RHSA-2014:0316</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0310.html" source="REDHAT">RHSA-2014:0310</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html" source="SUSE">openSUSE-SU-2014:0448</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0419</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html" source="SUSE">SUSE-SU-2014:0418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers prev="1" num="27.0.1"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta1"/>
+        <vers prev="1" num="2.25" edition="beta2"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers prev="1" num="24.3"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1515" published="2014-03-25" name="CVE-2014-1515" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="1.9" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.4" CVSS_base_score="1.9">
+    <desc>
+      <descript source="cve">Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://www.mozilla.org/security/announce/2014/mfsa2014-33.html" source="CONFIRM" adv="1">https://www.mozilla.org/security/announce/2014/mfsa2014-33.html</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=945429" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=945429</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html" source="BUGTRAQ">20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers prev="1" num="28.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1516" published="2014-03-29" name="CVE-2014-1516" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.slideshare.net/ibmsecurity/overtaking-firefox-profiles-vulnerabilities-in-firefox-for-android" source="MISC">http://www.slideshare.net/ibmsecurity/overtaking-firefox-profiles-vulnerabilities-in-firefox-for-android</ref>
+      <ref url="http://securityintelligence.com/vulnerabilities-firefox-android-overtaking-firefox-profiles/" source="MISC">http://securityintelligence.com/vulnerabilities-firefox-android-overtaking-firefox-profiles/</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html" source="BUGTRAQ">20140326 Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers prev="1" num="28.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1517" published="2014-04-19" name="CVE-2014-1517" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=713926" source="CONFIRM" patch="1">https://bugzilla.mozilla.org/show_bug.cgi?id=713926</ref>
+      <ref url="http://git.mozilla.org/?p=bugzilla/bugzilla.git;a=commit;h=0e390970ba51b14a5dc780be7c6f0d6d7baa67e3" source="CONFIRM" patch="1">http://git.mozilla.org/?p=bugzilla/bugzilla.git;a=commit;h=0e390970ba51b14a5dc780be7c6f0d6d7baa67e3</ref>
+      <ref url="http://www.bugzilla.org/security/4.0.11/" source="CONFIRM" adv="1">http://www.bugzilla.org/security/4.0.11/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="bugzilla">
+        <vers num="2.0"/>
+        <vers num="2.10"/>
+        <vers num="2.12"/>
+        <vers num="2.14"/>
+        <vers num="2.14.1"/>
+        <vers num="2.14.2"/>
+        <vers num="2.14.3"/>
+        <vers num="2.14.4"/>
+        <vers num="2.14.5"/>
+        <vers num="2.16" edition="rc1"/>
+        <vers num="2.16" edition="rc2"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.10"/>
+        <vers num="2.16.11"/>
+        <vers num="2.16.2"/>
+        <vers num="2.16.3"/>
+        <vers num="2.16.4"/>
+        <vers num="2.16.5"/>
+        <vers num="2.16.6"/>
+        <vers num="2.16.7"/>
+        <vers num="2.16.8"/>
+        <vers num="2.16.9"/>
+        <vers num="2.17"/>
+        <vers num="2.17.1"/>
+        <vers num="2.17.2"/>
+        <vers num="2.17.3"/>
+        <vers num="2.17.4"/>
+        <vers num="2.17.5"/>
+        <vers num="2.17.6"/>
+        <vers num="2.17.7"/>
+        <vers num="2.18" edition="rc1"/>
+        <vers num="2.18" edition="rc2"/>
+        <vers num="2.18" edition="rc3"/>
+        <vers num="2.18.1"/>
+        <vers num="2.18.2"/>
+        <vers num="2.18.3"/>
+        <vers num="2.18.4"/>
+        <vers num="2.18.5"/>
+        <vers num="2.18.6"/>
+        <vers num="2.18.6+"/>
+        <vers num="2.18.7"/>
+        <vers num="2.18.8"/>
+        <vers num="2.18.9"/>
+        <vers num="2.19"/>
+        <vers num="2.19.1"/>
+        <vers num="2.19.2"/>
+        <vers num="2.19.3"/>
+        <vers num="2.2"/>
+        <vers num="2.20" edition="rc1"/>
+        <vers num="2.20" edition="rc2"/>
+        <vers num="2.20.1"/>
+        <vers num="2.20.2"/>
+        <vers num="2.20.3"/>
+        <vers num="2.20.4"/>
+        <vers num="2.20.5"/>
+        <vers num="2.20.6"/>
+        <vers num="2.20.7"/>
+        <vers num="2.21"/>
+        <vers num="2.21.1"/>
+        <vers num="2.21.2" edition="rc1"/>
+        <vers num="2.22" edition="rc1"/>
+        <vers num="2.22.1"/>
+        <vers num="2.22.2"/>
+        <vers num="2.22.3"/>
+        <vers num="2.22.4"/>
+        <vers num="2.22.5"/>
+        <vers num="2.22.6"/>
+        <vers num="2.22.7"/>
+        <vers num="2.23"/>
+        <vers num="2.23.1"/>
+        <vers num="2.23.2"/>
+        <vers num="2.23.3"/>
+        <vers num="2.23.4"/>
+        <vers num="2.4"/>
+        <vers num="2.6"/>
+        <vers num="2.8"/>
+        <vers num="2.9"/>
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.2" edition="rc1"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.6" edition="rc1"/>
+        <vers num="3.6.0"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="4.0" edition="rc1"/>
+        <vers num="4.0" edition="rc2"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.10"/>
+        <vers num="4.0.11"/>
+        <vers num="4.0.12"/>
+        <vers num="4.0.13"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.5"/>
+        <vers num="4.0.6"/>
+        <vers num="4.0.7"/>
+        <vers num="4.0.8"/>
+        <vers num="4.0.9"/>
+        <vers num="4.1"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="4.2" edition="rc1"/>
+        <vers num="4.2" edition="rc2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="4.2.5"/>
+        <vers num="4.2.6"/>
+        <vers num="4.2.7"/>
+        <vers num="4.2.8"/>
+        <vers num="4.2.9"/>
+        <vers num="4.3"/>
+        <vers num="4.3.1"/>
+        <vers num="4.3.2"/>
+        <vers num="4.3.3"/>
+        <vers num="4.4" edition="-"/>
+        <vers num="4.4" edition="rc1"/>
+        <vers num="4.4" edition="rc2"/>
+        <vers num="4.4.1"/>
+        <vers num="4.4.2"/>
+        <vers num="4.5"/>
+        <vers num="4.5.1"/>
+        <vers num="4.5.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1518" published="2014-04-30" name="CVE-2014-1518" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=993546" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=993546</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=992968" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=992968</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=991471" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=991471</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=986843" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=986843</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=986678" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=986678</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=980537" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=980537</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=966630" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=966630</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=952022" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=952022</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=944353" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=944353</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-34.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-34.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers num="24.4"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers num="2.25" edition="-"/>
+        <vers num="2.25" edition="beta1"/>
+        <vers num="2.25" edition="beta2"/>
+        <vers num="2.25" edition="beta3"/>
+        <vers prev="1" num="2.26" edition="rc1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers prev="1" num="24.4"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1519" published="2014-04-30" name="CVE-2014-1519" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=996883" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=996883</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=995607" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=995607</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=990794" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=990794</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=986864" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=986864</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=977955" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=977955</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=953104" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=953104</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=946658" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=946658</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=919592" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=919592</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-34.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-34.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers num="2.25" edition="-"/>
+        <vers num="2.25" edition="beta1"/>
+        <vers num="2.25" edition="beta2"/>
+        <vers num="2.25" edition="beta3"/>
+        <vers prev="1" num="2.26" edition="rc1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1520" published="2014-04-30" name="CVE-2014-1520" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=961676" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=961676</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-35.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-35.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers num="24.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1522" published="2014-04-30" name="CVE-2014-1522" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via crafted content.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=995289" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=995289</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-36.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-36.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers num="2.25" edition="-"/>
+        <vers num="2.25" edition="beta1"/>
+        <vers num="2.25" edition="beta2"/>
+        <vers num="2.25" edition="beta3"/>
+        <vers prev="1" num="2.26" edition="rc1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1523" published="2014-04-30" name="CVE-2014-1523" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=969226" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=969226</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-37.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-37.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers num="24.4"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers num="2.25" edition="-"/>
+        <vers num="2.25" edition="beta1"/>
+        <vers num="2.25" edition="beta2"/>
+        <vers num="2.25" edition="beta3"/>
+        <vers prev="1" num="2.26" edition="rc1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers prev="1" num="24.4"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1524" published="2014-04-30" name="CVE-2014-1524" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=989183" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=989183</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-38.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-38.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers num="24.4"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers num="2.25" edition="-"/>
+        <vers num="2.25" edition="beta1"/>
+        <vers num="2.25" edition="beta2"/>
+        <vers num="2.25" edition="beta3"/>
+        <vers prev="1" num="2.26" edition="rc1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers prev="1" num="24.4"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1525" published="2014-04-30" name="CVE-2014-1525" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=989210" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=989210</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-39.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-39.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers num="2.25" edition="-"/>
+        <vers num="2.25" edition="beta1"/>
+        <vers num="2.25" edition="beta2"/>
+        <vers num="2.25" edition="beta3"/>
+        <vers prev="1" num="2.26" edition="rc1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1526" published="2014-04-30" name="CVE-2014-1526" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=988106" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=988106</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-47.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-47.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers num="2.25" edition="-"/>
+        <vers num="2.25" edition="beta1"/>
+        <vers num="2.25" edition="beta2"/>
+        <vers num="2.25" edition="beta3"/>
+        <vers prev="1" num="2.26" edition="rc1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1527" published="2014-04-30" name="CVE-2014-1527" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=960146" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=960146</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-40.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-40.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1528" published="2014-04-30" name="CVE-2014-1528" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=963962" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=963962</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-41.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-41.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="28.0"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.25" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1529" published="2014-04-30" name="CVE-2014-1529" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=987003" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=987003</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-42.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-42.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers num="24.4"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers num="2.25" edition="-"/>
+        <vers num="2.25" edition="beta1"/>
+        <vers num="2.25" edition="beta2"/>
+        <vers num="2.25" edition="beta3"/>
+        <vers prev="1" num="2.26" edition="rc1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers prev="1" num="24.4"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1530" published="2014-04-30" name="CVE-2014-1530" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=895557" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=895557</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-43.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-43.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers num="24.4"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers num="2.25" edition="-"/>
+        <vers num="2.25" edition="beta1"/>
+        <vers num="2.25" edition="beta2"/>
+        <vers num="2.25" edition="beta3"/>
+        <vers prev="1" num="2.26" edition="rc1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers prev="1" num="24.4"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1531" published="2014-04-30" name="CVE-2014-1531" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=987140" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=987140</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-44.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-44.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers num="24.4"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers num="2.25" edition="-"/>
+        <vers num="2.25" edition="beta1"/>
+        <vers num="2.25" edition="beta2"/>
+        <vers num="2.25" edition="beta3"/>
+        <vers prev="1" num="2.26" edition="rc1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers prev="1" num="24.4"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1532" published="2014-04-30" name="CVE-2014-1532" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=966006" source="CONFIRM">https://bugzilla.mozilla.org/show_bug.cgi?id=966006</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-46.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-46.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="firefox">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.8"/>
+        <vers num="0.9" edition="rc"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="0.9.3"/>
+        <vers num="1.0" edition="preview_release"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.10"/>
+        <vers num="10.0.11"/>
+        <vers num="10.0.12"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="10.0.5"/>
+        <vers num="10.0.6"/>
+        <vers num="10.0.7"/>
+        <vers num="10.0.8"/>
+        <vers num="10.0.9"/>
+        <vers num="11.0"/>
+        <vers num="12.0" edition="beta6"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="14.0.1"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.11"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="17.0.9"/>
+        <vers num="18.0"/>
+        <vers num="18.0.1"/>
+        <vers num="18.0.2"/>
+        <vers num="19.0"/>
+        <vers num="19.0.1"/>
+        <vers num="19.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="20.0"/>
+        <vers num="20.0.1"/>
+        <vers num="21.0"/>
+        <vers num="23.0"/>
+        <vers num="23.0.1"/>
+        <vers num="24.0"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="25.0"/>
+        <vers num="25.0.1"/>
+        <vers num="26.0"/>
+        <vers num="27.0"/>
+        <vers num="27.0.1"/>
+        <vers prev="1" num="28.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.5"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.10"/>
+        <vers num="3.5.11"/>
+        <vers num="3.5.12"/>
+        <vers num="3.5.13"/>
+        <vers num="3.5.14"/>
+        <vers num="3.5.15"/>
+        <vers num="3.5.16"/>
+        <vers num="3.5.17"/>
+        <vers num="3.5.18"/>
+        <vers num="3.5.19"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.5.8"/>
+        <vers num="3.5.9"/>
+        <vers num="3.6"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.12"/>
+        <vers num="3.6.13"/>
+        <vers num="3.6.14"/>
+        <vers num="3.6.15"/>
+        <vers num="3.6.16"/>
+        <vers num="3.6.17"/>
+        <vers num="3.6.18"/>
+        <vers num="3.6.19"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.20"/>
+        <vers num="3.6.21"/>
+        <vers num="3.6.22"/>
+        <vers num="3.6.23"/>
+        <vers num="3.6.24"/>
+        <vers num="3.6.25"/>
+        <vers num="3.6.26"/>
+        <vers num="3.6.27"/>
+        <vers num="3.6.28"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="4.0" edition="beta1"/>
+        <vers num="4.0" edition="beta10"/>
+        <vers num="4.0" edition="beta11"/>
+        <vers num="4.0" edition="beta12"/>
+        <vers num="4.0" edition="beta2"/>
+        <vers num="4.0" edition="beta3"/>
+        <vers num="4.0" edition="beta4"/>
+        <vers num="4.0" edition="beta5"/>
+        <vers num="4.0" edition="beta6"/>
+        <vers num="4.0" edition="beta7"/>
+        <vers num="4.0" edition="beta8"/>
+        <vers num="4.0" edition="beta9"/>
+        <vers num="4.0.1"/>
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+      <prod vendor="mozilla" name="firefox_esr">
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.0.2"/>
+        <vers num="24.1.0"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers num="24.4"/>
+      </prod>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers num="2.19" edition="beta1"/>
+        <vers num="2.19" edition="beta2"/>
+        <vers num="2.2" edition="beta1"/>
+        <vers num="2.2" edition="beta2"/>
+        <vers num="2.2" edition="beta3"/>
+        <vers num="2.20" edition="beta1"/>
+        <vers num="2.20" edition="beta2"/>
+        <vers num="2.20" edition="beta3"/>
+        <vers num="2.21" edition="beta1"/>
+        <vers num="2.21" edition="beta2"/>
+        <vers num="2.22" edition="beta1"/>
+        <vers num="2.22" edition="beta2"/>
+        <vers num="2.22.1"/>
+        <vers num="2.23" edition="beta1"/>
+        <vers num="2.23" edition="beta2"/>
+        <vers num="2.24" edition="beta1"/>
+        <vers num="2.25" edition="-"/>
+        <vers num="2.25" edition="beta1"/>
+        <vers num="2.25" edition="beta2"/>
+        <vers num="2.25" edition="beta3"/>
+        <vers prev="1" num="2.26" edition="rc1"/>
+        <vers num="2.3" edition="beta1"/>
+        <vers num="2.3" edition="beta2"/>
+        <vers num="2.3" edition="beta3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.4" edition="beta1"/>
+        <vers num="2.4" edition="beta2"/>
+        <vers num="2.4" edition="beta3"/>
+        <vers num="2.4.1"/>
+        <vers num="2.5" edition="beta1"/>
+        <vers num="2.5" edition="beta2"/>
+        <vers num="2.5" edition="beta3"/>
+        <vers num="2.5" edition="beta4"/>
+        <vers num="2.6" edition="beta1"/>
+        <vers num="2.6" edition="beta2"/>
+        <vers num="2.6" edition="beta3"/>
+        <vers num="2.6" edition="beta4"/>
+        <vers num="2.6.1"/>
+        <vers num="2.7" edition="beta1"/>
+        <vers num="2.7" edition="beta2"/>
+        <vers num="2.7" edition="beta3"/>
+        <vers num="2.7" edition="beta4"/>
+        <vers num="2.7" edition="beta5"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.8" edition="beta1"/>
+        <vers num="2.8" edition="beta2"/>
+        <vers num="2.8" edition="beta3"/>
+        <vers num="2.8" edition="beta4"/>
+        <vers num="2.8" edition="beta5"/>
+        <vers num="2.8" edition="beta6"/>
+        <vers num="2.9" edition="beta1"/>
+        <vers num="2.9" edition="beta2"/>
+        <vers num="2.9" edition="beta3"/>
+        <vers num="2.9" edition="beta4"/>
+        <vers num="2.9.1"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.5"/>
+        <vers num="0.6"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.9"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5" edition="beta"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5.0.1"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.11"/>
+        <vers num="1.5.0.12"/>
+        <vers num="1.5.0.13"/>
+        <vers num="1.5.0.14"/>
+        <vers num="1.5.0.2"/>
+        <vers num="1.5.0.3"/>
+        <vers num="1.5.0.4"/>
+        <vers num="1.5.0.5"/>
+        <vers num="1.5.0.6"/>
+        <vers num="1.5.0.7"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.3"/>
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.0.4"/>
+        <vers num="11.0"/>
+        <vers num="11.0.1"/>
+        <vers num="12.0"/>
+        <vers num="12.0.1"/>
+        <vers num="13.0"/>
+        <vers num="13.0.1"/>
+        <vers num="14.0"/>
+        <vers num="15.0"/>
+        <vers num="15.0.1"/>
+        <vers num="16.0"/>
+        <vers num="16.0.1"/>
+        <vers num="16.0.2"/>
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+        <vers num="2.0"/>
+        <vers num="2.0.0.0"/>
+        <vers num="2.0.0.1"/>
+        <vers num="2.0.0.11"/>
+        <vers num="2.0.0.12"/>
+        <vers num="2.0.0.13"/>
+        <vers num="2.0.0.14"/>
+        <vers num="2.0.0.15"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.17"/>
+        <vers num="2.0.0.18"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.2"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.21"/>
+        <vers num="2.0.0.22"/>
+        <vers num="2.0.0.23"/>
+        <vers num="2.0.0.3"/>
+        <vers num="2.0.0.4"/>
+        <vers num="2.0.0.5"/>
+        <vers num="2.0.0.6"/>
+        <vers num="2.0.0.7"/>
+        <vers num="2.0.0.8"/>
+        <vers num="2.0.0.9"/>
+        <vers num="24.0"/>
+        <vers num="24.0.1"/>
+        <vers num="24.1"/>
+        <vers num="24.1.1"/>
+        <vers num="24.2"/>
+        <vers num="24.3"/>
+        <vers prev="1" num="24.4"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="5.0"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="8.0"/>
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1597" published="2014-02-27" name="CVE-2014-1597" modified="2014-02-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91269" source="XF">idoit-cve20141597-sql-injection(91269)</ref>
+      <ref url="http://www.securityfocus.com/bid/65557" source="BID">65557</ref>
+      <ref url="http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=141" source="CONFIRM">http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=141</ref>
+      <ref url="http://www.csnc.ch/misc/files/advisories/CVE-2014-1597_i-doit_SQL_Injection.txt" source="MISC">http://www.csnc.ch/misc/files/advisories/CVE-2014-1597_i-doit_SQL_Injection.txt</ref>
+      <ref url="http://secunia.com/advisories/56931" source="SECUNIA" adv="1">56931</ref>
+      <ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0154.html" source="FULLDISC">20140217 SQL Injection i-doit Pro (CVE-2014-1597)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="i-doit" name="i-doit">
+        <vers num="-" edition=":~~open~~~"/>
+        <vers num="1.0" edition=":~~pro~~~"/>
+        <vers num="1.0.2" edition=":~~pro~~~"/>
+        <vers num="1.1.1" edition=":~~pro~~~"/>
+        <vers num="1.1.2" edition=":~~pro~~~"/>
+        <vers num="1.2.1" edition=":~~pro~~~"/>
+        <vers num="1.2.2" edition=":~~pro~~~"/>
+        <vers num="1.2.3" edition=":~~pro~~~"/>
+        <vers prev="1" num="1.2.4" edition=":~~pro~~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1599" published="2014-03-09" name="CVE-2014-1599" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.3.4 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) dns, (2) dhcp, (3) nat, (4) route, or (5) lan in network/; or (6) wifi/config.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531349/100/0/threaded" source="BUGTRAQ">20140305 CVE-2014-1599 - 39 Type-1 XSS in SFR DSL/Fiber Box</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sfr" name="sfr_box_router">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="sfr" name="sfr_box_router_firmware">
+        <vers num="nb6-main-r3.3.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1604" published="2014-01-27" name="CVE-2014-1604" modified="2014-01-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7c" source="CONFIRM">https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7c</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90593" source="XF">rply-cve20141604-insecure-permissions(90593)</ref>
+      <ref url="http://www.osvdb.org/102202" source="OSVDB">102202</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/18/4" source="MLIST">[oss-security] 20140117 Re: Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/17/8" source="MLIST">[oss-security] 20140114 Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp</ref>
+      <ref url="http://secunia.com/advisories/56429" source="SECUNIA" adv="1">56429</ref>
+      <ref url="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735263" source="CONFIRM">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735263</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="python" name="rply">
+        <vers prev="1" num="0.7.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1607" published="2014-01-26" name="CVE-2014-1607" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">** DISPUTED ** Cross-site scripting (XSS) vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific.  If so, then this CVE will be REJECTed in the future.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://groups.drupal.org/node/402023" source="MISC">https://groups.drupal.org/node/402023</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/530876/100/0/threaded" source="BUGTRAQ">20140123 [CVE-2014-1607.] Cross Site Scripting(XSS) in Drupal Event calendar module</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="drupal" name="drupal">
+        <vers num="7.14"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1608" published="2014-03-18" name="CVE-2014-1608" modified="2014-03-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.ocert.org/advisories/ocert-2014-001.html" source="MISC">http://www.ocert.org/advisories/ocert-2014-001.html</ref>
+      <ref url="https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102" source="CONFIRM" patch="1">https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1063111" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1063111</ref>
+      <ref url="http://www.securityfocus.com/bid/65445" source="BID">65445</ref>
+      <ref url="http://www.mantisbt.org/bugs/view.php?id=16879" source="CONFIRM">http://www.mantisbt.org/bugs/view.php?id=16879</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mantisbt" name="mantisbt">
+        <vers num="1.2.0" edition="a1"/>
+        <vers num="1.2.0" edition="a2"/>
+        <vers num="1.2.0" edition="a3"/>
+        <vers num="1.2.0" edition="rc1"/>
+        <vers num="1.2.0" edition="rc2"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.10"/>
+        <vers num="1.2.11"/>
+        <vers num="1.2.13"/>
+        <vers num="1.2.14"/>
+        <vers prev="1" num="1.2.15"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5"/>
+        <vers num="1.2.6"/>
+        <vers num="1.2.7"/>
+        <vers num="1.2.8"/>
+        <vers num="1.2.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1609" published="2014-03-20" name="CVE-2014-1609" modified="2014-03-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.ocert.org/advisories/ocert-2014-001.html" source="MISC">http://www.ocert.org/advisories/ocert-2014-001.html</ref>
+      <ref url="https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f" source="CONFIRM" patch="1">https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1063111" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1063111</ref>
+      <ref url="http://www.securityfocus.com/bid/65461" source="BID">65461</ref>
+      <ref url="http://www.mantisbt.org/bugs/view.php?id=16880" source="CONFIRM">http://www.mantisbt.org/bugs/view.php?id=16880</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mantisbt" name="mantisbt">
+        <vers num="1.2.0" edition="a1"/>
+        <vers num="1.2.0" edition="a2"/>
+        <vers num="1.2.0" edition="a3"/>
+        <vers num="1.2.0" edition="rc1"/>
+        <vers num="1.2.0" edition="rc2"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.10"/>
+        <vers num="1.2.11"/>
+        <vers num="1.2.13"/>
+        <vers num="1.2.14"/>
+        <vers prev="1" num="1.2.15"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5"/>
+        <vers num="1.2.6"/>
+        <vers num="1.2.7"/>
+        <vers num="1.2.8"/>
+        <vers num="1.2.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1610" published="2014-01-30" name="CVE-2014-1610" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="6.0" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.8" CVSS_base_score="6.0">
+    <desc>
+      <descript source="cve">MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://gerrit.wikimedia.org/r/#/c/110215/" source="MISC">https://gerrit.wikimedia.org/r/#/c/110215/</ref>
+      <ref url="https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php" source="MISC">https://gerrit.wikimedia.org/r/#/c/110069/2/includes/media/Bitmap.php</ref>
+      <ref url="https://gerrit.wikimedia.org/r/#/c/110069/" source="MISC" adv="1">https://gerrit.wikimedia.org/r/#/c/110069/</ref>
+      <ref url="https://bugzilla.wikimedia.org/show_bug.cgi?id=60339" source="CONFIRM">https://bugzilla.wikimedia.org/show_bug.cgi?id=60339</ref>
+      <ref url="https://bugzilla.wikimedia.org/attachment.cgi?id=14384&amp;action=diff" source="MISC">https://bugzilla.wikimedia.org/attachment.cgi?id=14384&amp;action=diff</ref>
+      <ref url="https://bugzilla.wikimedia.org/attachment.cgi?id=14361&amp;action=diff" source="MISC">https://bugzilla.wikimedia.org/attachment.cgi?id=14361&amp;action=diff</ref>
+      <ref url="http://www.securitytracker.com/id/1029707" source="SECTRACK">1029707</ref>
+      <ref url="http://www.securityfocus.com/bid/65223" source="BID">65223</ref>
+      <ref url="http://www.osvdb.org/102631" source="OSVDB">102631</ref>
+      <ref url="http://www.exploit-db.com/exploits/31329/" source="EXPLOIT-DB">31329</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2891" source="DEBIAN">DSA-2891</ref>
+      <ref url="http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html" source="MISC">http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html</ref>
+      <ref url="http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html" source="MISC">http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html</ref>
+      <ref url="http://secunia.com/advisories/57472" source="SECUNIA">57472</ref>
+      <ref url="http://secunia.com/advisories/56695" source="SECUNIA" adv="1">56695</ref>
+      <ref url="http://osvdb.org/102630" source="OSVDB">102630</ref>
+      <ref url="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html" source="MLIST" adv="1">[MediaWiki-announce] 20140128 MediaWiki Security Releases: 1.22.2, 1.21.5 and 1.19.11</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html" source="FEDORA">FEDORA-2014-1745</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html" source="FEDORA">FEDORA-2014-1802</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mediawiki" name="mediawiki">
+        <vers num="1.19.0"/>
+        <vers num="1.19.1"/>
+        <vers num="1.19.10"/>
+        <vers num="1.19.2"/>
+        <vers num="1.19.3"/>
+        <vers num="1.19.4"/>
+        <vers num="1.19.5"/>
+        <vers num="1.19.6"/>
+        <vers num="1.19.7"/>
+        <vers num="1.19.8"/>
+        <vers num="1.19.9"/>
+        <vers num="1.21.1"/>
+        <vers num="1.21.2"/>
+        <vers num="1.21.3"/>
+        <vers num="1.21.4"/>
+        <vers num="1.22.0"/>
+        <vers num="1.22.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1611" published="2014-01-30" name="CVE-2014-1611" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://drupal.org/node/2173437" source="CONFIRM" patch="1">https://drupal.org/node/2173437</ref>
+      <ref url="https://drupal.org/node/2173321" source="MISC" patch="1" adv="1">https://drupal.org/node/2173321</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90526" source="XF">anonymousposting-contactname-xss(90526)</ref>
+      <ref url="http://secunia.com/advisories/56476" source="SECUNIA" adv="1">56476</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Jan/77" source="FULLDISC">20140115 [Security-news] SA-CONTRIB-2014-002 - Anonymous Posting - Cross Site Scripting (XSS)</ref>
+      <ref url="http://packetstormsecurity.com/files/124803/Drupal-Anonymous-Posting-7.x-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/124803/Drupal-Anonymous-Posting-7.x-Cross-Site-Scripting.html</ref>
+      <ref url="http://osvdb.org/102126" source="OSVDB">102126</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="anonymous_posting_project" name="anonymous_posting">
+        <vers num="7.x-1.2"/>
+        <vers num="7.x-1.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1612" published="2014-01-30" name="CVE-2014-1612" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/252294" source="CERT-VN">VU#252294</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90656" source="XF">mediatrixwebmanagement-cve20141612-xss(90656)</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/530871/100/0/threaded" source="BUGTRAQ">20140123 Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page</ref>
+      <ref url="http://secunia.com/advisories/56638" source="SECUNIA">56638</ref>
+      <ref url="http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html</ref>
+      <ref url="http://osvdb.org/102415" source="OSVDB">102415</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="media5" name="mediatrix_voip_gateway_4402_firmware">
+        <vers num="dgw_1.1.13.186"/>
+      </prod>
+      <prod vendor="media5" name="mediatrix_voip_gateway">
+        <vers num="4402"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1615" published="2014-04-22" name="CVE-2014-1615" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.secureworks.com/advisories/SWRX-2014-007/SWRX-2014-007.pdf" source="MISC">http://www.secureworks.com/advisories/SWRX-2014-007/SWRX-2014-007.pdf</ref>
+      <ref url="http://secunia.com/advisories/57645" source="SECUNIA" adv="1">57645</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="carbonblack" name="carbon_black">
+        <vers num="4.0.3"/>
+        <vers prev="1" num="4.1.0" edition="beta1"/>
+        <vers prev="1" num="4.1.0" edition="beta2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1618" published="2014-01-21" name="CVE-2014-1618" modified="2014-01-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90214" source="XF">uaepd-multiple-sql-injection(90214)</ref>
+      <ref url="http://www.securityfocus.com/bid/64734" source="BID">64734</ref>
+      <ref url="http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabilty" source="MISC">http://www.iphobos.com/blog/2014/01/04/uaepd-script-multiple-sql-injection-vulnerabilty</ref>
+      <ref url="http://secunia.com/advisories/56351" source="SECUNIA" adv="1">56351</ref>
+      <ref url="http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txt" source="MISC">http://packetstormsecurity.com/files/124723/uaepdshopping-sql.txt</ref>
+      <ref url="http://osvdb.org/101900" source="OSVDB">101900</ref>
+      <ref url="http://osvdb.org/101899" source="OSVDB">101899</ref>
+      <ref url="http://osvdb.org/101859" source="OSVDB">101859</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="uaepd" name="shopping_cart_script">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1619" published="2014-01-21" name="CVE-2014-1619" modified="2014-01-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90153" source="XF">cubiccms-agent-login-sql-injection(90153)</ref>
+      <ref url="http://www.cubicfactory.com/es/cubic-cms/changelog/id/260" source="CONFIRM">http://www.cubicfactory.com/es/cubic-cms/changelog/id/260</ref>
+      <ref url="http://packetstormsecurity.com/files/124652" source="MISC">http://packetstormsecurity.com/files/124652</ref>
+      <ref url="http://osvdb.org/101721" source="OSVDB">101721</ref>
+      <ref url="http://osvdb.org/101719" source="OSVDB">101719</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cubicfactory" name="cubic_cms">
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1620" published="2014-01-21" name="CVE-2014-1620" modified="2014-01-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX Guest Book (HGB) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name1, (2) email, or (3) cmt parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90156" source="XF">hiox-guestbook-add-xss(90156)</ref>
+      <ref url="http://packetstormsecurity.com/files/124681/Hiox-Guest-Book-5.0-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/124681/Hiox-Guest-Book-5.0-Cross-Site-Scripting.html</ref>
+      <ref url="http://osvdb.org/101844" source="OSVDB">101844</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="hiox" name="hiox_guest_book">
+        <vers num="5.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1624" published="2014-01-27" name="CVE-2014-1624" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="3.3" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="3.4" CVSS_base_score="3.3">
+    <desc>
+      <descript source="cve">Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90618" source="XF">pythonxdg-cve20141624-symlink(90618)</ref>
+      <ref url="http://www.securityfocus.com/bid/65042" source="BID">65042</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/21/4" source="MLIST">[oss-security] 20140121 Re: Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/21/3" source="MLIST">[oss-security] 20140121 Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp</ref>
+      <ref url="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247" source="MISC">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="python" name="pyxdg">
+        <vers num="0.25"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1626" published="2014-01-25" name="CVE-2014-1626" modified="2014-01-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes" source="CONFIRM">https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90620" source="XF">marcfile-xml-info-disc(90620)</ref>
+      <ref url="http://www.securityfocus.com/bid/65057" source="BID">65057</ref>
+      <ref url="http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html" source="CONFIRM">http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html</ref>
+      <ref url="http://secunia.com/advisories/55404" source="SECUNIA" adv="1">55404</ref>
+      <ref url="http://osvdb.org/102367" source="OSVDB">102367</ref>
+      <ref url="http://lists.katipo.co.nz/pipermail/koha/2014-January/038430.html" source="MLIST">[Koha] 20140122 SECURITY release: MARC::File::XML 1.0.2</ref>
+      <ref url="http://libmail.georgialibraries.org/pipermail/open-ils-general/2014-January/009442.html" source="MLIST">[OPEN-ILS-GENERAL] 20140121 SECURITY release: MARC::File::XML 1.0.2</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="galen_charlton" name="marc-xml">
+        <vers num="1.0"/>
+        <vers prev="1" num="1.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1636" published="2014-01-22" name="CVE-2014-1636" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90175" source="XF">commandschool-id-sql-injection(90175)</ref>
+      <ref url="http://www.securityfocus.com/bid/64707" source="BID">64707</ref>
+      <ref url="http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html" source="MISC">http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html</ref>
+      <ref url="http://osvdb.org/101885" source="OSVDB">101885</ref>
+      <ref url="http://osvdb.org/101884" source="OSVDB">101884</ref>
+      <ref url="http://osvdb.org/101883" source="OSVDB">101883</ref>
+      <ref url="http://osvdb.org/101882" source="OSVDB">101882</ref>
+      <ref url="http://osvdb.org/101881" source="OSVDB">101881</ref>
+      <ref url="http://osvdb.org/101880" source="OSVDB">101880</ref>
+      <ref url="http://osvdb.org/101879" source="OSVDB">101879</ref>
+      <ref url="http://osvdb.org/101878" source="OSVDB">101878</ref>
+      <ref url="http://osvdb.org/101877" source="OSVDB">101877</ref>
+      <ref url="http://osvdb.org/101876" source="OSVDB">101876</ref>
+      <ref url="http://osvdb.org/101875" source="OSVDB">101875</ref>
+      <ref url="http://osvdb.org/101874" source="OSVDB">101874</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="doug_poulin" name="ommand_school_student_management_system">
+        <vers num="1.06.01"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1637" published="2014-01-22" name="CVE-2014-1637" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/64707" source="BID">64707</ref>
+      <ref url="http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html" source="MISC">http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html</ref>
+      <ref url="http://osvdb.org/101888" source="OSVDB">101888</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="doug_poulin" name="ommand_school_student_management_system">
+        <vers num="1.06.01"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1638" published="2014-01-27" name="CVE-2014-1638" modified="2014-01-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="3.3" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="3.4" CVSS_base_score="3.3">
+    <desc>
+      <descript source="cve">(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90669" source="XF">localepurge-cve20141638-symlink(90669)</ref>
+      <ref url="http://www.securityfocus.com/bid/65098" source="BID">65098</ref>
+      <ref url="http://www.osvdb.org/102381" source="OSVDB">102381</ref>
+      <ref url="http://www.osvdb.org/102379" source="OSVDB">102379</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/22/4" source="MLIST">[oss-security] 20140122 Re: Getting tempfile/mktemp wrong</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/22/3" source="MLIST">[oss-security] 20140122 Getting tempfile/mktemp wrong</ref>
+      <ref url="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736359" source="CONFIRM" adv="1">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736359</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="debian" name="localepurge">
+        <vers prev="1" num="0.7.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1639" published="2014-01-27" name="CVE-2014-1639" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="3.3" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="3.4" CVSS_base_score="3.3">
+    <desc>
+      <descript source="cve">syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90662" source="XF">syncevolution-cve20141639-symlink(90662)</ref>
+      <ref url="http://www.securityfocus.com/bid/65098" source="BID">65098</ref>
+      <ref url="http://www.osvdb.org/102380" source="OSVDB">102380</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/22/4" source="MLIST">[oss-security] 20140122 Re: Getting tempfile/mktemp wrong</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/22/3" source="MLIST">[oss-security] 20140122 Getting tempfile/mktemp wrong</ref>
+      <ref url="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736357" source="CONFIRM" adv="1">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736357</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="debian" name="syncevolution">
+        <vers prev="1" num="1.3.99.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1640" published="2014-01-27" name="CVE-2014-1640" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="3.3" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="3.4" CVSS_base_score="3.3">
+    <desc>
+      <descript source="cve">axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90663" source="XF">axiom-cve20141640-symlink(90663)</ref>
+      <ref url="http://www.osvdb.org/102383" source="OSVDB">102383</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/22/4" source="MLIST">[oss-security] 20140122 Re: Getting tempfile/mktemp wrong</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/22/3" source="MLIST">[oss-security] 20140122 Getting tempfile/mktemp wrong</ref>
+      <ref url="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736358" source="MISC">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736358</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="debian" name="axiom">
+        <vers num="20100701-1.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1642" published="2014-01-26" name="CVE-2014-1642" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="4.4" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.4" CVSS_base_score="4.4">
+    <desc>
+      <descript source="cve">The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90649" source="XF">xen-irq-cve20141642-code-exec(90649)</ref>
+      <ref url="http://xenbits.xen.org/xsa/advisory-83.html" source="CONFIRM" adv="1">http://xenbits.xen.org/xsa/advisory-83.html</ref>
+      <ref url="http://www.securitytracker.com/id/1029679" source="SECTRACK">1029679</ref>
+      <ref url="http://www.securityfocus.com/bid/65097" source="BID">65097</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/23/4" source="MLIST">[oss-security] 20140123 Xen Security Advisory 83 (CVE-2014-1642) - Out-of-memory  condition yielding memory corruption during IRQ setup</ref>
+      <ref url="http://secunia.com/advisories/56557" source="SECUNIA" adv="1">56557</ref>
+      <ref url="http://osvdb.org/102406" source="OSVDB">102406</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" source="SUSE">SUSE-SU-2014:0373</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html" source="FEDORA">FEDORA-2014-1552</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.3.0"/>
+        <vers num="4.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1643" published="2014-02-06" name="CVE-2014-1643" modified="2014-02-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The Web Email Protection component in Symantec Encryption Management Server (aka PGP Universal Server) before 3.3.2 allows remote authenticated users to read the stored outbound e-mail messages of arbitrary users via a modified URL.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140205_00" source="CONFIRM" adv="1">http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140205_00</ref>
+      <ref url="http://www.securityfocus.com/bid/65300" source="BID">65300</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="symantec" name="encryption_management_server">
+        <vers num="3.3.0" edition="mp1"/>
+        <vers num="3.3.0" edition="mp2"/>
+        <vers prev="1" num="3.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1644" published="2014-03-28" name="CVE-2014-1644" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140327_00" source="CONFIRM" patch="1" adv="1">http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140327_00</ref>
+      <ref url="https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt" source="MISC">https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt</ref>
+      <ref url="http://www.securityfocus.com/bid/66399" source="BID">66399</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html" source="BUGTRAQ">20140328 SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="symantec" name="liveupdate_administrator">
+        <vers num="2.1.0"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.2.9"/>
+        <vers num="2.3.0"/>
+        <vers num="2.3.1"/>
+        <vers prev="1" num="2.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1645" published="2014-03-28" name="CVE-2014-1645" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140327_00" source="CONFIRM" patch="1" adv="1">http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140327_00</ref>
+      <ref url="https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt" source="MISC">https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt</ref>
+      <ref url="http://www.securityfocus.com/bid/66400" source="BID">66400</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html" source="BUGTRAQ">20140328 SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="symantec" name="liveupdate_administrator">
+        <vers num="2.1.0"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.2.9"/>
+        <vers num="2.3.0"/>
+        <vers num="2.3.1"/>
+        <vers prev="1" num="2.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1646" published="2014-04-23" name="CVE-2014-1646" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:N/A:P)" CVSS_score="2.6" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140423_00" source="CONFIRM" adv="1">http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140423_00</ref>
+      <ref url="http://www.securityfocus.com/bid/67016" source="BID">67016</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="symantec" name="encryption_desktop">
+        <vers num="10.3.0" edition=":~~professional~~~"/>
+        <vers num="10.3.1" edition=":~~professional~~~"/>
+        <vers num="10.3.2" edition="-:~~professional~~~"/>
+      </prod>
+      <prod vendor="symantec" name="pgp_desktop">
+        <vers num="10.0.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.1.0"/>
+        <vers num="10.1.1"/>
+        <vers num="10.1.2"/>
+        <vers num="10.2.0"/>
+        <vers num="10.2.1"/>
+        <vers num="10.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1647" published="2014-04-23" name="CVE-2014-1647" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:N/A:P)" CVSS_score="2.6" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140423_00" source="CONFIRM" adv="1">http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140423_00</ref>
+      <ref url="http://www.securityfocus.com/bid/67020" source="BID">67020</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="symantec" name="encryption_desktop">
+        <vers num="10.3.0" edition=":~~professional~~~"/>
+        <vers num="10.3.1" edition=":~~professional~~~"/>
+        <vers num="10.3.2" edition="-:~~professional~~~"/>
+      </prod>
+      <prod vendor="symantec" name="pgp_desktop">
+        <vers num="10.0.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.1.0"/>
+        <vers num="10.1.1"/>
+        <vers num="10.1.2"/>
+        <vers num="10.2.0"/>
+        <vers num="10.2.1"/>
+        <vers num="10.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1648" published="2014-04-23" name="CVE-2014-1648" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140422_00" source="CONFIRM" adv="1">http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=&amp;suid=20140422_00</ref>
+      <ref url="http://www.securityfocus.com/bid/66966" source="BID">66966</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/256" source="FULLDISC">20140422 (CVE-2014-1648) Symantec Messaging Gateway Management Console Cross Site Scripting Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="symantec" name="messaging_gateway">
+        <vers num="10.0"/>
+        <vers num="10.0.1"/>
+        <vers num="10.0.2"/>
+        <vers num="10.0.3"/>
+        <vers num="10.5.0"/>
+        <vers num="10.5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1663" published="2014-02-06" name="CVE-2014-1663" modified="2014-02-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/65348" source="BID">65348</ref>
+      <ref url="http://support.citrix.com/article/CTX140044" source="CONFIRM" adv="1">http://support.citrix.com/article/CTX140044</ref>
+      <ref url="http://secunia.com/advisories/56438" source="SECUNIA" adv="1">56438</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="citrix" name="xenmobile_device_manager">
+        <vers num="8.5"/>
+        <vers num="8.6"/>
+      </prod>
+      <prod vendor="citrix" name="xenmobile_device_manager_mdm">
+        <vers num="8.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1664" published="2014-01-26" name="CVE-2014-1664" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90695" source="XF">gotomeeting-cve20141664-info-disc(90695)</ref>
+      <ref url="http://www.securityfocus.com/bid/65123" source="BID">65123</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/530879/100/0/threaded" source="BUGTRAQ">20140124 [CVE-2014-1664] GoToMeeting Information Disclosure via Logging Output (Android)</ref>
+      <ref url="http://osvdb.org/102559" source="OSVDB">102559</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="citrix" name="gotomeeting">
+        <vers num="5.0.799.1238" edition="-:~-~-~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1666" published="2014-01-26" name="CVE-2014-1666" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="8.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="6.5" CVSS_base_score="8.3">
+    <desc>
+      <descript source="cve">The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch" source="MISC" patch="1" adv="1">http://xenbits.xen.org/xsa/xsa87-unstable-4.3.patch</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90675" source="XF">xen-cve20141666-priv-esc(90675)</ref>
+      <ref url="http://xenbits.xen.org/xsa/advisory-87.html" source="CONFIRM">http://xenbits.xen.org/xsa/advisory-87.html</ref>
+      <ref url="http://www.securitytracker.com/id/1029684" source="SECTRACK">1029684</ref>
+      <ref url="http://www.securityfocus.com/bid/65125" source="BID">65125</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/24/6" source="MLIST">[oss-security] 20140123 Xen Security Advisory 87 (CVE-2014-1666) - PHYSDEVOP_{prepare,release}_msix  exposed to unprivileged guests</ref>
+      <ref url="http://secunia.com/advisories/56650" source="SECUNIA" adv="1">56650</ref>
+      <ref url="http://osvdb.org/102536" source="OSVDB">102536</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" source="SUSE">SUSE-SU-2014:0373</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" source="SUSE">SUSE-SU-2014:0372</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127607.html" source="FEDORA">FEDORA-2014-1552</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="4.1.5"/>
+        <vers num="4.1.6.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.3.0"/>
+        <vers num="4.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1670" published="2014-01-25" name="CVE-2014-1670" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://play.google.com/store/apps/details?id=com.microsoft.bing" source="MISC">https://play.google.com/store/apps/details?id=com.microsoft.bing</ref>
+      <ref url="http://www.youtube.com/watch?v=_j1RKtTxZ3k" source="MISC">http://www.youtube.com/watch?v=_j1RKtTxZ3k</ref>
+      <ref url="http://www.securityfocus.com/bid/65128" source="BID">65128</ref>
+      <ref url="http://osvdb.org/102575" source="OSVDB">102575</ref>
+      <ref url="http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/" source="MISC">http://blog.trustlook.com/2014/01/23/trustlook-reported-microsofts-first-ever-android-vulnerability/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="bing">
+        <vers prev="1" num="4.2.0" edition="-:~-~-~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1671" published="2014-01-25" name="CVE-2014-1671" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90592" source="XF">kace-multiple-sql-injection(90592)</ref>
+      <ref url="http://www.securityfocus.com/bid/65029" source="BID">65029</ref>
+      <ref url="http://www.baesystemsdetica.com.au/Research/Advisories/Dell-KACE-K1000-SQL-Injection-%28DS-2014-001%29" source="MISC">http://www.baesystemsdetica.com.au/Research/Advisories/Dell-KACE-K1000-SQL-Injection-(DS-2014-001)</ref>
+      <ref url="http://secunia.com/advisories/56396" source="SECUNIA" adv="1">56396</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="dell" name="kace_k1000_systems_management_appliance_software">
+        <vers num="5.4.76847"/>
+      </prod>
+      <prod vendor="dell" name="kace_k1000_systems_management_virtual_appliance">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="dell" name="kace_k1000_systems_management_appliance">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="dell" name="kace_k1100s_systems_management_appliance">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="dell" name="kace_k1200s_systems_management_appliance">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1672" published="2014-01-25" name="CVE-2014-1672" modified="2014-01-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="4.9" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, which allows attackers to bypass intended access restrictions.</descript>
+    </desc>
+    <sols>
+      <sol source="nvd">Per: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98087
+
+"This issue affects only R75.47 Security Gateway and R75.47 Management Server."</sol>
+    </sols>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98087" source="CONFIRM" adv="1">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98087</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="checkpoint" name="management_server">
+        <vers num="r75.47"/>
+      </prod>
+      <prod vendor="checkpoint" name="security_gateway">
+        <vers num="r75.47"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1673" published="2014-01-25" name="CVE-2014-1673" modified="2014-01-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98263" source="CONFIRM" adv="1">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98263</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90746" source="XF">check-point-cve20141673-unauth-access(90746)</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Jan/185" source="FULLDISC">20140127 [CVE-2014-1673] Check Point Session Authentication Agent vulnerability</ref>
+      <ref url="http://packetstormsecurity.com/files/124967" source="MISC">http://packetstormsecurity.com/files/124967</ref>
+      <ref url="http://osvdb.org/102418" source="OSVDB">102418</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="checkpoint" name="session_authentication_agent">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1680" published="2014-02-14" name="CVE-2014-1680" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/426.html
+
+"CWE-426: Untrusted Search Path"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90966" source="XF">bandzip-dll-cve20141680-code-exec(90966)</ref>
+      <ref url="http://www.bandisoft.com/bandizip/history" source="MISC">http://www.bandisoft.com/bandizip/history</ref>
+      <ref url="http://packetstormsecurity.com/files/125059" source="MISC">http://packetstormsecurity.com/files/125059</ref>
+      <ref url="http://osvdb.org/102979" source="OSVDB">102979</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="bandisoft" name="bandizip">
+        <vers num="3.00"/>
+        <vers num="3.01"/>
+        <vers num="3.02"/>
+        <vers num="3.03"/>
+        <vers num="3.04"/>
+        <vers num="3.05"/>
+        <vers num="3.06"/>
+        <vers num="3.07"/>
+        <vers num="3.08"/>
+        <vers prev="1" num="3.09"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1681" published="2014-01-28" name="CVE-2014-1681" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://osvdb.org/102633" source="OSVDB">102633</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/01/stable-channel-update_27.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers num="32.0.1700.0"/>
+        <vers num="32.0.1700.10"/>
+        <vers num="32.0.1700.100"/>
+        <vers prev="1" num="32.0.1700.101"/>
+        <vers num="32.0.1700.11"/>
+        <vers num="32.0.1700.12"/>
+        <vers num="32.0.1700.13"/>
+        <vers num="32.0.1700.14"/>
+        <vers num="32.0.1700.15"/>
+        <vers num="32.0.1700.16"/>
+        <vers num="32.0.1700.17"/>
+        <vers num="32.0.1700.18"/>
+        <vers num="32.0.1700.19"/>
+        <vers num="32.0.1700.2"/>
+        <vers num="32.0.1700.21"/>
+        <vers num="32.0.1700.22"/>
+        <vers num="32.0.1700.23"/>
+        <vers num="32.0.1700.24"/>
+        <vers num="32.0.1700.26"/>
+        <vers num="32.0.1700.27"/>
+        <vers num="32.0.1700.28"/>
+        <vers num="32.0.1700.29"/>
+        <vers num="32.0.1700.3"/>
+        <vers num="32.0.1700.30"/>
+        <vers num="32.0.1700.31"/>
+        <vers num="32.0.1700.32"/>
+        <vers num="32.0.1700.33"/>
+        <vers num="32.0.1700.34"/>
+        <vers num="32.0.1700.35"/>
+        <vers num="32.0.1700.38"/>
+        <vers num="32.0.1700.39"/>
+        <vers num="32.0.1700.4"/>
+        <vers num="32.0.1700.41"/>
+        <vers num="32.0.1700.5"/>
+        <vers num="32.0.1700.50"/>
+        <vers num="32.0.1700.51"/>
+        <vers num="32.0.1700.52"/>
+        <vers num="32.0.1700.53"/>
+        <vers num="32.0.1700.54"/>
+        <vers num="32.0.1700.55"/>
+        <vers num="32.0.1700.56"/>
+        <vers num="32.0.1700.57"/>
+        <vers num="32.0.1700.58"/>
+        <vers num="32.0.1700.59"/>
+        <vers num="32.0.1700.6"/>
+        <vers num="32.0.1700.62"/>
+        <vers num="32.0.1700.63"/>
+        <vers num="32.0.1700.64"/>
+        <vers num="32.0.1700.65"/>
+        <vers num="32.0.1700.66"/>
+        <vers num="32.0.1700.67"/>
+        <vers num="32.0.1700.68"/>
+        <vers num="32.0.1700.69"/>
+        <vers num="32.0.1700.7"/>
+        <vers num="32.0.1700.70"/>
+        <vers num="32.0.1700.71"/>
+        <vers num="32.0.1700.72"/>
+        <vers num="32.0.1700.74"/>
+        <vers num="32.0.1700.75"/>
+        <vers num="32.0.1700.76"/>
+        <vers num="32.0.1700.77"/>
+        <vers num="32.0.1700.8"/>
+        <vers num="32.0.1700.9"/>
+        <vers num="32.0.1700.94"/>
+        <vers num="32.0.1700.95"/>
+        <vers num="32.0.1700.96"/>
+        <vers num="32.0.1700.97"/>
+        <vers num="32.0.1700.98"/>
+        <vers num="32.0.1700.99"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1683" published="2014-01-29" name="CVE-2014-1683" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php, when the pid parameter is 4.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90670" source="XF">skybluecanvas-index-command-exec(90670)</ref>
+      <ref url="http://www.securityfocus.com/bid/65129" source="BID">65129</ref>
+      <ref url="http://www.exploit-db.com/exploits/31432" source="EXPLOIT-DB">31432</ref>
+      <ref url="http://www.exploit-db.com/exploits/31183" source="EXPLOIT-DB">31183</ref>
+      <ref url="http://secunia.com/advisories/56646" source="SECUNIA">56646</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Jan/159" source="FULLDISC">20140123 Remote Command Injection Vulnerability in SkyBlueCanvas CMS</ref>
+      <ref url="http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html" source="MISC">http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="skybluecanvas" name="skybluecanvas">
+        <vers prev="1" num="1.1_r248-03"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1684" published="2014-03-03" name="CVE-2014-1684" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404" source="CONFIRM" patch="1">http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404</ref>
+      <ref url="https://trac.videolan.org/vlc/ticket/10482" source="CONFIRM">https://trac.videolan.org/vlc/ticket/10482</ref>
+      <ref url="http://www.elsherei.com/?p=269" source="MISC">http://www.elsherei.com/?p=269</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="videolan" name="vlc_media_player">
+        <vers num="1.0.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.10"/>
+        <vers num="1.1.10.1"/>
+        <vers num="1.1.11"/>
+        <vers num="1.1.12"/>
+        <vers num="1.1.13"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.3"/>
+        <vers num="1.1.4"/>
+        <vers num="1.1.4.1"/>
+        <vers num="1.1.5"/>
+        <vers num="1.1.6"/>
+        <vers num="1.1.6.1"/>
+        <vers num="1.1.7"/>
+        <vers num="1.1.8"/>
+        <vers num="1.1.9"/>
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers prev="1" num="2.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1690" published="2014-02-28" name="CVE-2014-1690" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:N/A:N)" CVSS_score="2.6" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94b90d265659886" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94b90d265659886</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2690d97ade05c5325cbf7c72b94b90d265659886" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2690d97ade05c5325cbf7c72b94b90d265659886</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1058748" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1058748</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2158-1" source="UBUNTU">USN-2158-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2140-1" source="UBUNTU">USN-2140-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2137-1" source="UBUNTU">USN-2137-1</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/28/3" source="MLIST">[oss-security] 20140128 Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers prev="1" num="3.12.7"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1691" published="2014-04-01" name="CVE-2014-1691" modified="2014-04-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3" source="CONFIRM" patch="1">https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/156" source="MLIST" patch="1">[oss-security] 20140128  Re: Remote code execution in horde &lt; 5.1.1</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/153" source="MLIST" patch="1">[oss-security] 20140128  Remote code execution in horde &lt; 5.1.1</ref>
+      <ref url="https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215" source="CONFIRM">https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2853" source="DEBIAN">DSA-2853</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/169" source="MLIST">[oss-security] 20140129  Re: Remote code execution in horde &lt; 5.1.1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="horde" name="horde_application_framework">
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.0.3"/>
+        <vers num="5.0.4"/>
+        <vers prev="1" num="5.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1692" published="2014-01-29" name="CVE-2014-1692" modified="2014-02-06" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90819" source="XF">openssh-cve20141692-code-exec(90819)</ref>
+      <ref url="http://www.securityfocus.com/bid/65230" source="BID">65230</ref>
+      <ref url="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10" source="MISC">http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10</ref>
+      <ref url="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9;r2=1.10;f=h" source="MISC">http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9;r2=1.10;f=h</ref>
+      <ref url="http://osvdb.org/102611" source="OSVDB">102611</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/01/29/2" source="MLIST">[oss-security] 20140128 OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/01/29/10" source="MLIST">[oss-security] 20140129 Re: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openbsd" name="openssh">
+        <vers num="1.2"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.27"/>
+        <vers num="1.2.3"/>
+        <vers num="1.3"/>
+        <vers num="1.5"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="2"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.2"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.9"/>
+        <vers num="2.9.9"/>
+        <vers num="2.9.9p2"/>
+        <vers num="2.9p1"/>
+        <vers num="2.9p2"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.1p1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.2p1"/>
+        <vers num="3.0p1"/>
+        <vers num="3.1"/>
+        <vers num="3.1p1"/>
+        <vers num="3.2"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.2p1"/>
+        <vers num="3.2.3p1"/>
+        <vers num="3.3"/>
+        <vers num="3.3p1"/>
+        <vers num="3.4"/>
+        <vers num="3.4p1"/>
+        <vers num="3.5"/>
+        <vers num="3.5p1"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.1p1"/>
+        <vers num="3.6.1p2"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.1p1"/>
+        <vers num="3.7.1p2"/>
+        <vers num="3.8"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.1p1"/>
+        <vers num="3.9"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.1p1"/>
+        <vers num="4.0"/>
+        <vers num="4.0p1"/>
+        <vers num="4.1"/>
+        <vers num="4.1p1"/>
+        <vers num="4.2"/>
+        <vers num="4.2p1"/>
+        <vers num="4.3"/>
+        <vers num="4.3p1"/>
+        <vers num="4.3p2"/>
+        <vers num="4.4"/>
+        <vers num="4.4p1"/>
+        <vers num="4.5"/>
+        <vers num="4.6"/>
+        <vers num="4.7"/>
+        <vers num="4.8"/>
+        <vers num="4.9"/>
+        <vers num="5.0"/>
+        <vers num="5.1"/>
+        <vers num="5.2"/>
+        <vers num="5.3"/>
+        <vers num="5.4"/>
+        <vers num="5.5"/>
+        <vers num="5.6"/>
+        <vers num="5.7"/>
+        <vers num="5.8"/>
+        <vers num="5.8p2"/>
+        <vers num="5.9"/>
+        <vers num="6.0"/>
+        <vers num="6.1"/>
+        <vers num="6.2"/>
+        <vers num="6.3"/>
+        <vers prev="1" num="6.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1694" published="2014-02-04" name="CVE-2014-1694" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface" source="CONFIRM" patch="1" adv="1">https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface</ref>
+      <ref url="https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77" source="CONFIRM" patch="1">https://github.com/OTRS/otrs/commit/ca2c3390fd60d9a3f810ed2c22cbc2c193457b77</ref>
+      <ref url="https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312" source="CONFIRM" patch="1">https://github.com/OTRS/otrs/commit/92f417277f43832f1a0462f2485fe1fd3fd52312</ref>
+      <ref url="https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7" source="CONFIRM" patch="1">https://github.com/OTRS/otrs/commit/6f324aaf8647729d509eebf063a0181f9f9196f7</ref>
+      <ref url="https://www.otrs.com/release-notes-otrs-help-desk-3-3-4" source="CONFIRM">https://www.otrs.com/release-notes-otrs-help-desk-3-3-4</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/29/7" source="MLIST">[oss-security] 20140129 CVE Request: otrs: CSRF issue in customer web interface</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/29/15" source="MLIST">[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2867" source="DEBIAN">DSA-2867</ref>
+      <ref url="http://secunia.com/advisories/56655" source="SECUNIA" adv="1">56655</ref>
+      <ref url="http://secunia.com/advisories/56644" source="SECUNIA" adv="1">56644</ref>
+      <ref url="http://osvdb.org/102632" source="OSVDB">102632</ref>
+      <ref url="http://bugs.otrs.org/show_bug.cgi?id=10099" source="CONFIRM">http://bugs.otrs.org/show_bug.cgi?id=10099</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="otrs" name="otrs">
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.18"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.2.0" edition="beta1"/>
+        <vers num="3.2.0" edition="beta2"/>
+        <vers num="3.2.0" edition="beta3"/>
+        <vers num="3.2.0" edition="beta4"/>
+        <vers num="3.2.0" edition="beta5"/>
+        <vers num="3.2.0" edition="rc1"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3.0" edition="beta1"/>
+        <vers num="3.3.0" edition="beta2"/>
+        <vers num="3.3.0" edition="beta3"/>
+        <vers num="3.3.0" edition="beta4"/>
+        <vers num="3.3.0" edition="beta5"/>
+        <vers num="3.3.0" edition="rc1"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1695" published="2014-02-28" name="CVE-2014-1695" modified="2014-03-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://www.otrs.com/security-advisory-2014-03-xss-issue" source="CONFIRM" adv="1">https://www.otrs.com/security-advisory-2014-03-xss-issue</ref>
+      <ref url="http://www.securityfocus.com/bid/65844" source="BID">65844</ref>
+      <ref url="http://secunia.com/advisories/57018" source="SECUNIA" adv="1">57018</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00030.html" source="SUSE">openSUSE-SU-2014:0360</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="otrs" name="otrs">
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.18"/>
+        <vers num="3.1.19"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.2.0" edition="beta1"/>
+        <vers num="3.2.0" edition="beta2"/>
+        <vers num="3.2.0" edition="beta3"/>
+        <vers num="3.2.0" edition="beta4"/>
+        <vers num="3.2.0" edition="beta5"/>
+        <vers num="3.2.0" edition="rc1"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3.0" edition="beta1"/>
+        <vers num="3.3.0" edition="beta2"/>
+        <vers num="3.3.0" edition="beta3"/>
+        <vers num="3.3.0" edition="beta4"/>
+        <vers num="3.3.0" edition="beta5"/>
+        <vers num="3.3.0" edition="rc1"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1696" published="2014-02-06" name="CVE-2014-1696" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash algorithm for passwords, which makes it easier for remote attackers to obtain access via a brute-force attack.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90934" source="XF">simatic-wincc-cve20141696-priv-esc(90934)</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf</ref>
+      <ref url="http://osvdb.org/102809" source="OSVDB">102809</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_wincc_open_architecture">
+        <vers prev="1" num="3.12"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1697" published="2014-02-06" name="CVE-2014-1697" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to execute arbitrary code via crafted packets to TCP port 4999.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90933" source="XF">simatic-wincc-cve20141697-code-exec(90933)</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf</ref>
+      <ref url="http://www.securityfocus.com/bid/65351" source="BID">65351</ref>
+      <ref url="http://secunia.com/advisories/56651" source="SECUNIA">56651</ref>
+      <ref url="http://osvdb.org/102810" source="OSVDB">102810</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_wincc_open_architecture">
+        <vers prev="1" num="3.12"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1698" published="2014-02-06" name="CVE-2014-1698" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90935" source="XF">simatic-wincc-cve20141698-dir-trav(90935)</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf</ref>
+      <ref url="http://www.securityfocus.com/bid/65349" source="BID">65349</ref>
+      <ref url="http://secunia.com/advisories/56651" source="SECUNIA">56651</ref>
+      <ref url="http://osvdb.org/102811" source="OSVDB">102811</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_wincc_open_architecture">
+        <vers prev="1" num="3.12"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1699" published="2014-02-06" name="CVE-2014-1699" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-035-01</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90936" source="XF">simatic-wincc-cve20141699-dos(90936)</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf</ref>
+      <ref url="http://www.securityfocus.com/bid/65347" source="BID">65347</ref>
+      <ref url="http://secunia.com/advisories/56651" source="SECUNIA">56651</ref>
+      <ref url="http://osvdb.org/102812" source="OSVDB">102812</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_wincc_open_architecture">
+        <vers prev="1" num="3.12"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1700" published="2014-03-16" name="CVE-2014-1700" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/blink?revision=168171&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=168171&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=344881" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=344881</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2883" source="DEBIAN">DSA-2883</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers num="33.0.1750.0"/>
+        <vers num="33.0.1750.1"/>
+        <vers num="33.0.1750.10"/>
+        <vers num="33.0.1750.104"/>
+        <vers num="33.0.1750.106"/>
+        <vers num="33.0.1750.107"/>
+        <vers num="33.0.1750.108"/>
+        <vers num="33.0.1750.109"/>
+        <vers num="33.0.1750.11"/>
+        <vers num="33.0.1750.110"/>
+        <vers num="33.0.1750.111"/>
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.113"/>
+        <vers num="33.0.1750.115"/>
+        <vers num="33.0.1750.116"/>
+        <vers num="33.0.1750.117"/>
+        <vers num="33.0.1750.12"/>
+        <vers num="33.0.1750.124"/>
+        <vers num="33.0.1750.125"/>
+        <vers num="33.0.1750.126"/>
+        <vers num="33.0.1750.13"/>
+        <vers num="33.0.1750.132"/>
+        <vers num="33.0.1750.133"/>
+        <vers num="33.0.1750.135"/>
+        <vers num="33.0.1750.136"/>
+        <vers num="33.0.1750.14"/>
+        <vers num="33.0.1750.144"/>
+        <vers prev="1" num="33.0.1750.146"/>
+        <vers num="33.0.1750.15"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.18"/>
+        <vers num="33.0.1750.19"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.20"/>
+        <vers num="33.0.1750.21"/>
+        <vers num="33.0.1750.22"/>
+        <vers num="33.0.1750.23"/>
+        <vers num="33.0.1750.24"/>
+        <vers num="33.0.1750.25"/>
+        <vers num="33.0.1750.26"/>
+        <vers num="33.0.1750.27"/>
+        <vers num="33.0.1750.28"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.3"/>
+        <vers num="33.0.1750.30"/>
+        <vers num="33.0.1750.31"/>
+        <vers num="33.0.1750.34"/>
+        <vers num="33.0.1750.35"/>
+        <vers num="33.0.1750.36"/>
+        <vers num="33.0.1750.37"/>
+        <vers num="33.0.1750.38"/>
+        <vers num="33.0.1750.39"/>
+        <vers num="33.0.1750.4"/>
+        <vers num="33.0.1750.40"/>
+        <vers num="33.0.1750.41"/>
+        <vers num="33.0.1750.42"/>
+        <vers num="33.0.1750.43"/>
+        <vers num="33.0.1750.44"/>
+        <vers num="33.0.1750.45"/>
+        <vers num="33.0.1750.46"/>
+        <vers num="33.0.1750.47"/>
+        <vers num="33.0.1750.48"/>
+        <vers num="33.0.1750.49"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.50"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.52"/>
+        <vers num="33.0.1750.53"/>
+        <vers num="33.0.1750.54"/>
+        <vers num="33.0.1750.55"/>
+        <vers num="33.0.1750.56"/>
+        <vers num="33.0.1750.57"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.59"/>
+        <vers num="33.0.1750.6"/>
+        <vers num="33.0.1750.60"/>
+        <vers num="33.0.1750.61"/>
+        <vers num="33.0.1750.62"/>
+        <vers num="33.0.1750.63"/>
+        <vers num="33.0.1750.64"/>
+        <vers num="33.0.1750.65"/>
+        <vers num="33.0.1750.66"/>
+        <vers num="33.0.1750.67"/>
+        <vers num="33.0.1750.68"/>
+        <vers num="33.0.1750.69"/>
+        <vers num="33.0.1750.7"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.71"/>
+        <vers num="33.0.1750.73"/>
+        <vers num="33.0.1750.74"/>
+        <vers num="33.0.1750.75"/>
+        <vers num="33.0.1750.76"/>
+        <vers num="33.0.1750.77"/>
+        <vers num="33.0.1750.79"/>
+        <vers num="33.0.1750.8"/>
+        <vers num="33.0.1750.80"/>
+        <vers num="33.0.1750.81"/>
+        <vers num="33.0.1750.82"/>
+        <vers num="33.0.1750.83"/>
+        <vers num="33.0.1750.85"/>
+        <vers num="33.0.1750.88"/>
+        <vers num="33.0.1750.89"/>
+        <vers num="33.0.1750.9"/>
+        <vers num="33.0.1750.90"/>
+        <vers num="33.0.1750.91"/>
+        <vers num="33.0.1750.92"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1701" published="2014-03-16" name="CVE-2014-1701" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/blink?revision=166999&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=166999&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=342618" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=342618</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2883" source="DEBIAN">DSA-2883</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers num="33.0.1750.0"/>
+        <vers num="33.0.1750.1"/>
+        <vers num="33.0.1750.10"/>
+        <vers num="33.0.1750.104"/>
+        <vers num="33.0.1750.106"/>
+        <vers num="33.0.1750.107"/>
+        <vers num="33.0.1750.108"/>
+        <vers num="33.0.1750.109"/>
+        <vers num="33.0.1750.11"/>
+        <vers num="33.0.1750.110"/>
+        <vers num="33.0.1750.111"/>
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.113"/>
+        <vers num="33.0.1750.115"/>
+        <vers num="33.0.1750.116"/>
+        <vers num="33.0.1750.117"/>
+        <vers num="33.0.1750.12"/>
+        <vers num="33.0.1750.124"/>
+        <vers num="33.0.1750.125"/>
+        <vers num="33.0.1750.126"/>
+        <vers num="33.0.1750.13"/>
+        <vers num="33.0.1750.132"/>
+        <vers num="33.0.1750.133"/>
+        <vers num="33.0.1750.135"/>
+        <vers num="33.0.1750.136"/>
+        <vers num="33.0.1750.14"/>
+        <vers num="33.0.1750.144"/>
+        <vers prev="1" num="33.0.1750.146"/>
+        <vers num="33.0.1750.15"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.18"/>
+        <vers num="33.0.1750.19"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.20"/>
+        <vers num="33.0.1750.21"/>
+        <vers num="33.0.1750.22"/>
+        <vers num="33.0.1750.23"/>
+        <vers num="33.0.1750.24"/>
+        <vers num="33.0.1750.25"/>
+        <vers num="33.0.1750.26"/>
+        <vers num="33.0.1750.27"/>
+        <vers num="33.0.1750.28"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.3"/>
+        <vers num="33.0.1750.30"/>
+        <vers num="33.0.1750.31"/>
+        <vers num="33.0.1750.34"/>
+        <vers num="33.0.1750.35"/>
+        <vers num="33.0.1750.36"/>
+        <vers num="33.0.1750.37"/>
+        <vers num="33.0.1750.38"/>
+        <vers num="33.0.1750.39"/>
+        <vers num="33.0.1750.4"/>
+        <vers num="33.0.1750.40"/>
+        <vers num="33.0.1750.41"/>
+        <vers num="33.0.1750.42"/>
+        <vers num="33.0.1750.43"/>
+        <vers num="33.0.1750.44"/>
+        <vers num="33.0.1750.45"/>
+        <vers num="33.0.1750.46"/>
+        <vers num="33.0.1750.47"/>
+        <vers num="33.0.1750.48"/>
+        <vers num="33.0.1750.49"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.50"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.52"/>
+        <vers num="33.0.1750.53"/>
+        <vers num="33.0.1750.54"/>
+        <vers num="33.0.1750.55"/>
+        <vers num="33.0.1750.56"/>
+        <vers num="33.0.1750.57"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.59"/>
+        <vers num="33.0.1750.6"/>
+        <vers num="33.0.1750.60"/>
+        <vers num="33.0.1750.61"/>
+        <vers num="33.0.1750.62"/>
+        <vers num="33.0.1750.63"/>
+        <vers num="33.0.1750.64"/>
+        <vers num="33.0.1750.65"/>
+        <vers num="33.0.1750.66"/>
+        <vers num="33.0.1750.67"/>
+        <vers num="33.0.1750.68"/>
+        <vers num="33.0.1750.69"/>
+        <vers num="33.0.1750.7"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.71"/>
+        <vers num="33.0.1750.73"/>
+        <vers num="33.0.1750.74"/>
+        <vers num="33.0.1750.75"/>
+        <vers num="33.0.1750.76"/>
+        <vers num="33.0.1750.77"/>
+        <vers num="33.0.1750.79"/>
+        <vers num="33.0.1750.8"/>
+        <vers num="33.0.1750.80"/>
+        <vers num="33.0.1750.81"/>
+        <vers num="33.0.1750.82"/>
+        <vers num="33.0.1750.83"/>
+        <vers num="33.0.1750.85"/>
+        <vers num="33.0.1750.88"/>
+        <vers num="33.0.1750.89"/>
+        <vers num="33.0.1750.9"/>
+        <vers num="33.0.1750.90"/>
+        <vers num="33.0.1750.91"/>
+        <vers num="33.0.1750.92"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1702" published="2014-03-16" name="CVE-2014-1702" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of scheduled tasks during shutdown of a thread.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/blink?revision=168059&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=168059&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=333058" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=333058</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2883" source="DEBIAN">DSA-2883</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers num="33.0.1750.0"/>
+        <vers num="33.0.1750.1"/>
+        <vers num="33.0.1750.10"/>
+        <vers num="33.0.1750.104"/>
+        <vers num="33.0.1750.106"/>
+        <vers num="33.0.1750.107"/>
+        <vers num="33.0.1750.108"/>
+        <vers num="33.0.1750.109"/>
+        <vers num="33.0.1750.11"/>
+        <vers num="33.0.1750.110"/>
+        <vers num="33.0.1750.111"/>
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.113"/>
+        <vers num="33.0.1750.115"/>
+        <vers num="33.0.1750.116"/>
+        <vers num="33.0.1750.117"/>
+        <vers num="33.0.1750.12"/>
+        <vers num="33.0.1750.124"/>
+        <vers num="33.0.1750.125"/>
+        <vers num="33.0.1750.126"/>
+        <vers num="33.0.1750.13"/>
+        <vers num="33.0.1750.132"/>
+        <vers num="33.0.1750.133"/>
+        <vers num="33.0.1750.135"/>
+        <vers num="33.0.1750.136"/>
+        <vers num="33.0.1750.14"/>
+        <vers num="33.0.1750.144"/>
+        <vers prev="1" num="33.0.1750.146"/>
+        <vers num="33.0.1750.15"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.18"/>
+        <vers num="33.0.1750.19"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.20"/>
+        <vers num="33.0.1750.21"/>
+        <vers num="33.0.1750.22"/>
+        <vers num="33.0.1750.23"/>
+        <vers num="33.0.1750.24"/>
+        <vers num="33.0.1750.25"/>
+        <vers num="33.0.1750.26"/>
+        <vers num="33.0.1750.27"/>
+        <vers num="33.0.1750.28"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.3"/>
+        <vers num="33.0.1750.30"/>
+        <vers num="33.0.1750.31"/>
+        <vers num="33.0.1750.34"/>
+        <vers num="33.0.1750.35"/>
+        <vers num="33.0.1750.36"/>
+        <vers num="33.0.1750.37"/>
+        <vers num="33.0.1750.38"/>
+        <vers num="33.0.1750.39"/>
+        <vers num="33.0.1750.4"/>
+        <vers num="33.0.1750.40"/>
+        <vers num="33.0.1750.41"/>
+        <vers num="33.0.1750.42"/>
+        <vers num="33.0.1750.43"/>
+        <vers num="33.0.1750.44"/>
+        <vers num="33.0.1750.45"/>
+        <vers num="33.0.1750.46"/>
+        <vers num="33.0.1750.47"/>
+        <vers num="33.0.1750.48"/>
+        <vers num="33.0.1750.49"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.50"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.52"/>
+        <vers num="33.0.1750.53"/>
+        <vers num="33.0.1750.54"/>
+        <vers num="33.0.1750.55"/>
+        <vers num="33.0.1750.56"/>
+        <vers num="33.0.1750.57"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.59"/>
+        <vers num="33.0.1750.6"/>
+        <vers num="33.0.1750.60"/>
+        <vers num="33.0.1750.61"/>
+        <vers num="33.0.1750.62"/>
+        <vers num="33.0.1750.63"/>
+        <vers num="33.0.1750.64"/>
+        <vers num="33.0.1750.65"/>
+        <vers num="33.0.1750.66"/>
+        <vers num="33.0.1750.67"/>
+        <vers num="33.0.1750.68"/>
+        <vers num="33.0.1750.69"/>
+        <vers num="33.0.1750.7"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.71"/>
+        <vers num="33.0.1750.73"/>
+        <vers num="33.0.1750.74"/>
+        <vers num="33.0.1750.75"/>
+        <vers num="33.0.1750.76"/>
+        <vers num="33.0.1750.77"/>
+        <vers num="33.0.1750.79"/>
+        <vers num="33.0.1750.8"/>
+        <vers num="33.0.1750.80"/>
+        <vers num="33.0.1750.81"/>
+        <vers num="33.0.1750.82"/>
+        <vers num="33.0.1750.83"/>
+        <vers num="33.0.1750.85"/>
+        <vers num="33.0.1750.88"/>
+        <vers num="33.0.1750.89"/>
+        <vers num="33.0.1750.9"/>
+        <vers num="33.0.1750.90"/>
+        <vers num="33.0.1750.91"/>
+        <vers num="33.0.1750.92"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1703" published="2014-03-16" name="CVE-2014-1703" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=247627&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=247627&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=338354" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=338354</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2883" source="DEBIAN">DSA-2883</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers num="33.0.1750.0"/>
+        <vers num="33.0.1750.1"/>
+        <vers num="33.0.1750.10"/>
+        <vers num="33.0.1750.104"/>
+        <vers num="33.0.1750.106"/>
+        <vers num="33.0.1750.107"/>
+        <vers num="33.0.1750.108"/>
+        <vers num="33.0.1750.109"/>
+        <vers num="33.0.1750.11"/>
+        <vers num="33.0.1750.110"/>
+        <vers num="33.0.1750.111"/>
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.113"/>
+        <vers num="33.0.1750.115"/>
+        <vers num="33.0.1750.116"/>
+        <vers num="33.0.1750.117"/>
+        <vers num="33.0.1750.12"/>
+        <vers num="33.0.1750.124"/>
+        <vers num="33.0.1750.125"/>
+        <vers num="33.0.1750.126"/>
+        <vers num="33.0.1750.13"/>
+        <vers num="33.0.1750.132"/>
+        <vers num="33.0.1750.133"/>
+        <vers num="33.0.1750.135"/>
+        <vers num="33.0.1750.136"/>
+        <vers num="33.0.1750.14"/>
+        <vers num="33.0.1750.144"/>
+        <vers prev="1" num="33.0.1750.146"/>
+        <vers num="33.0.1750.15"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.18"/>
+        <vers num="33.0.1750.19"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.20"/>
+        <vers num="33.0.1750.21"/>
+        <vers num="33.0.1750.22"/>
+        <vers num="33.0.1750.23"/>
+        <vers num="33.0.1750.24"/>
+        <vers num="33.0.1750.25"/>
+        <vers num="33.0.1750.26"/>
+        <vers num="33.0.1750.27"/>
+        <vers num="33.0.1750.28"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.3"/>
+        <vers num="33.0.1750.30"/>
+        <vers num="33.0.1750.31"/>
+        <vers num="33.0.1750.34"/>
+        <vers num="33.0.1750.35"/>
+        <vers num="33.0.1750.36"/>
+        <vers num="33.0.1750.37"/>
+        <vers num="33.0.1750.38"/>
+        <vers num="33.0.1750.39"/>
+        <vers num="33.0.1750.4"/>
+        <vers num="33.0.1750.40"/>
+        <vers num="33.0.1750.41"/>
+        <vers num="33.0.1750.42"/>
+        <vers num="33.0.1750.43"/>
+        <vers num="33.0.1750.44"/>
+        <vers num="33.0.1750.45"/>
+        <vers num="33.0.1750.46"/>
+        <vers num="33.0.1750.47"/>
+        <vers num="33.0.1750.48"/>
+        <vers num="33.0.1750.49"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.50"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.52"/>
+        <vers num="33.0.1750.53"/>
+        <vers num="33.0.1750.54"/>
+        <vers num="33.0.1750.55"/>
+        <vers num="33.0.1750.56"/>
+        <vers num="33.0.1750.57"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.59"/>
+        <vers num="33.0.1750.6"/>
+        <vers num="33.0.1750.60"/>
+        <vers num="33.0.1750.61"/>
+        <vers num="33.0.1750.62"/>
+        <vers num="33.0.1750.63"/>
+        <vers num="33.0.1750.64"/>
+        <vers num="33.0.1750.65"/>
+        <vers num="33.0.1750.66"/>
+        <vers num="33.0.1750.67"/>
+        <vers num="33.0.1750.68"/>
+        <vers num="33.0.1750.69"/>
+        <vers num="33.0.1750.7"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.71"/>
+        <vers num="33.0.1750.73"/>
+        <vers num="33.0.1750.74"/>
+        <vers num="33.0.1750.75"/>
+        <vers num="33.0.1750.76"/>
+        <vers num="33.0.1750.77"/>
+        <vers num="33.0.1750.79"/>
+        <vers num="33.0.1750.8"/>
+        <vers num="33.0.1750.80"/>
+        <vers num="33.0.1750.81"/>
+        <vers num="33.0.1750.82"/>
+        <vers num="33.0.1750.83"/>
+        <vers num="33.0.1750.85"/>
+        <vers num="33.0.1750.88"/>
+        <vers num="33.0.1750.89"/>
+        <vers num="33.0.1750.9"/>
+        <vers num="33.0.1750.90"/>
+        <vers num="33.0.1750.91"/>
+        <vers num="33.0.1750.92"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1704" published="2014-03-16" name="CVE-2014-1704" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/v8/source/detail?r=19668" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=19668</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=19614" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=19614</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=18564" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=18564</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=349079" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=349079</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=345715" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=345715</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=328202" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=328202</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2883" source="DEBIAN">DSA-2883</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers num="33.0.1750.0"/>
+        <vers num="33.0.1750.1"/>
+        <vers num="33.0.1750.10"/>
+        <vers num="33.0.1750.104"/>
+        <vers num="33.0.1750.106"/>
+        <vers num="33.0.1750.107"/>
+        <vers num="33.0.1750.108"/>
+        <vers num="33.0.1750.109"/>
+        <vers num="33.0.1750.11"/>
+        <vers num="33.0.1750.110"/>
+        <vers num="33.0.1750.111"/>
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.113"/>
+        <vers num="33.0.1750.115"/>
+        <vers num="33.0.1750.116"/>
+        <vers num="33.0.1750.117"/>
+        <vers num="33.0.1750.12"/>
+        <vers num="33.0.1750.124"/>
+        <vers num="33.0.1750.125"/>
+        <vers num="33.0.1750.126"/>
+        <vers num="33.0.1750.13"/>
+        <vers num="33.0.1750.132"/>
+        <vers num="33.0.1750.133"/>
+        <vers num="33.0.1750.135"/>
+        <vers num="33.0.1750.136"/>
+        <vers num="33.0.1750.14"/>
+        <vers num="33.0.1750.144"/>
+        <vers prev="1" num="33.0.1750.146"/>
+        <vers num="33.0.1750.15"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.18"/>
+        <vers num="33.0.1750.19"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.20"/>
+        <vers num="33.0.1750.21"/>
+        <vers num="33.0.1750.22"/>
+        <vers num="33.0.1750.23"/>
+        <vers num="33.0.1750.24"/>
+        <vers num="33.0.1750.25"/>
+        <vers num="33.0.1750.26"/>
+        <vers num="33.0.1750.27"/>
+        <vers num="33.0.1750.28"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.3"/>
+        <vers num="33.0.1750.30"/>
+        <vers num="33.0.1750.31"/>
+        <vers num="33.0.1750.34"/>
+        <vers num="33.0.1750.35"/>
+        <vers num="33.0.1750.36"/>
+        <vers num="33.0.1750.37"/>
+        <vers num="33.0.1750.38"/>
+        <vers num="33.0.1750.39"/>
+        <vers num="33.0.1750.4"/>
+        <vers num="33.0.1750.40"/>
+        <vers num="33.0.1750.41"/>
+        <vers num="33.0.1750.42"/>
+        <vers num="33.0.1750.43"/>
+        <vers num="33.0.1750.44"/>
+        <vers num="33.0.1750.45"/>
+        <vers num="33.0.1750.46"/>
+        <vers num="33.0.1750.47"/>
+        <vers num="33.0.1750.48"/>
+        <vers num="33.0.1750.49"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.50"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.52"/>
+        <vers num="33.0.1750.53"/>
+        <vers num="33.0.1750.54"/>
+        <vers num="33.0.1750.55"/>
+        <vers num="33.0.1750.56"/>
+        <vers num="33.0.1750.57"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.59"/>
+        <vers num="33.0.1750.6"/>
+        <vers num="33.0.1750.60"/>
+        <vers num="33.0.1750.61"/>
+        <vers num="33.0.1750.62"/>
+        <vers num="33.0.1750.63"/>
+        <vers num="33.0.1750.64"/>
+        <vers num="33.0.1750.65"/>
+        <vers num="33.0.1750.66"/>
+        <vers num="33.0.1750.67"/>
+        <vers num="33.0.1750.68"/>
+        <vers num="33.0.1750.69"/>
+        <vers num="33.0.1750.7"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.71"/>
+        <vers num="33.0.1750.73"/>
+        <vers num="33.0.1750.74"/>
+        <vers num="33.0.1750.75"/>
+        <vers num="33.0.1750.76"/>
+        <vers num="33.0.1750.77"/>
+        <vers num="33.0.1750.79"/>
+        <vers num="33.0.1750.8"/>
+        <vers num="33.0.1750.80"/>
+        <vers num="33.0.1750.81"/>
+        <vers num="33.0.1750.82"/>
+        <vers num="33.0.1750.83"/>
+        <vers num="33.0.1750.85"/>
+        <vers num="33.0.1750.88"/>
+        <vers num="33.0.1750.89"/>
+        <vers num="33.0.1750.9"/>
+        <vers num="33.0.1750.90"/>
+        <vers num="33.0.1750.91"/>
+        <vers num="33.0.1750.92"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+      <prod vendor="google" name="v8">
+        <vers num="3.23.0"/>
+        <vers num="3.23.1"/>
+        <vers num="3.23.10"/>
+        <vers num="3.23.11"/>
+        <vers num="3.23.12"/>
+        <vers num="3.23.13"/>
+        <vers num="3.23.14"/>
+        <vers num="3.23.15"/>
+        <vers num="3.23.16"/>
+        <vers prev="1" num="3.23.17"/>
+        <vers num="3.23.2"/>
+        <vers num="3.23.3"/>
+        <vers num="3.23.4"/>
+        <vers num="3.23.5"/>
+        <vers num="3.23.6"/>
+        <vers num="3.23.7"/>
+        <vers num="3.23.8"/>
+        <vers num="3.23.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1705" published="2014-03-16" name="CVE-2014-1705" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=351787" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=351787</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2883" source="DEBIAN">DSA-2883</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers num="33.0.1750.0"/>
+        <vers num="33.0.1750.1"/>
+        <vers num="33.0.1750.10"/>
+        <vers num="33.0.1750.104"/>
+        <vers num="33.0.1750.106"/>
+        <vers num="33.0.1750.107"/>
+        <vers num="33.0.1750.108"/>
+        <vers num="33.0.1750.109"/>
+        <vers num="33.0.1750.11"/>
+        <vers num="33.0.1750.110"/>
+        <vers num="33.0.1750.111"/>
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.113"/>
+        <vers num="33.0.1750.115"/>
+        <vers num="33.0.1750.116"/>
+        <vers num="33.0.1750.117"/>
+        <vers num="33.0.1750.12"/>
+        <vers num="33.0.1750.124"/>
+        <vers num="33.0.1750.125"/>
+        <vers num="33.0.1750.126"/>
+        <vers num="33.0.1750.13"/>
+        <vers num="33.0.1750.132"/>
+        <vers num="33.0.1750.133"/>
+        <vers num="33.0.1750.135"/>
+        <vers num="33.0.1750.136"/>
+        <vers num="33.0.1750.14"/>
+        <vers num="33.0.1750.144"/>
+        <vers num="33.0.1750.146"/>
+        <vers num="33.0.1750.149"/>
+        <vers num="33.0.1750.15"/>
+        <vers prev="1" num="33.0.1750.151"/>
+        <vers num="33.0.1750.152"/>
+        <vers prev="1" num="33.0.1750.153"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.18"/>
+        <vers num="33.0.1750.19"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.20"/>
+        <vers num="33.0.1750.21"/>
+        <vers num="33.0.1750.22"/>
+        <vers num="33.0.1750.23"/>
+        <vers num="33.0.1750.24"/>
+        <vers num="33.0.1750.25"/>
+        <vers num="33.0.1750.26"/>
+        <vers num="33.0.1750.27"/>
+        <vers num="33.0.1750.28"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.3"/>
+        <vers num="33.0.1750.30"/>
+        <vers num="33.0.1750.31"/>
+        <vers num="33.0.1750.34"/>
+        <vers num="33.0.1750.35"/>
+        <vers num="33.0.1750.36"/>
+        <vers num="33.0.1750.37"/>
+        <vers num="33.0.1750.38"/>
+        <vers num="33.0.1750.39"/>
+        <vers num="33.0.1750.4"/>
+        <vers num="33.0.1750.40"/>
+        <vers num="33.0.1750.41"/>
+        <vers num="33.0.1750.42"/>
+        <vers num="33.0.1750.43"/>
+        <vers num="33.0.1750.44"/>
+        <vers num="33.0.1750.45"/>
+        <vers num="33.0.1750.46"/>
+        <vers num="33.0.1750.47"/>
+        <vers num="33.0.1750.48"/>
+        <vers num="33.0.1750.49"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.50"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.52"/>
+        <vers num="33.0.1750.53"/>
+        <vers num="33.0.1750.54"/>
+        <vers num="33.0.1750.55"/>
+        <vers num="33.0.1750.56"/>
+        <vers num="33.0.1750.57"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.59"/>
+        <vers num="33.0.1750.6"/>
+        <vers num="33.0.1750.60"/>
+        <vers num="33.0.1750.61"/>
+        <vers num="33.0.1750.62"/>
+        <vers num="33.0.1750.63"/>
+        <vers num="33.0.1750.64"/>
+        <vers num="33.0.1750.65"/>
+        <vers num="33.0.1750.66"/>
+        <vers num="33.0.1750.67"/>
+        <vers num="33.0.1750.68"/>
+        <vers num="33.0.1750.69"/>
+        <vers num="33.0.1750.7"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.71"/>
+        <vers num="33.0.1750.73"/>
+        <vers num="33.0.1750.74"/>
+        <vers num="33.0.1750.75"/>
+        <vers num="33.0.1750.76"/>
+        <vers num="33.0.1750.77"/>
+        <vers num="33.0.1750.79"/>
+        <vers num="33.0.1750.8"/>
+        <vers num="33.0.1750.80"/>
+        <vers num="33.0.1750.81"/>
+        <vers num="33.0.1750.82"/>
+        <vers num="33.0.1750.83"/>
+        <vers num="33.0.1750.85"/>
+        <vers num="33.0.1750.88"/>
+        <vers num="33.0.1750.89"/>
+        <vers num="33.0.1750.9"/>
+        <vers num="33.0.1750.90"/>
+        <vers num="33.0.1750.91"/>
+        <vers num="33.0.1750.92"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1706" published="2014-03-16" name="CVE-2014-1706" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=351796" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=351796</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome_os">
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.124"/>
+        <vers prev="1" num="33.0.1750.149"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1707" published="2014-03-16" name="CVE-2014-1707" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=351811" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=351811</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome_os">
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.124"/>
+        <vers prev="1" num="33.0.1750.149"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1708" published="2014-03-16" name="CVE-2014-1708" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=344051" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=344051</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome_os">
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.124"/>
+        <vers prev="1" num="33.0.1750.149"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1710" published="2014-03-16" name="CVE-2014-1710" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a denial of service (GPU command-buffer memory corruption) or possibly have unspecified other impact via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=256918&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=256918&amp;view=revision</ref>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=256723&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=256723&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=351852" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=351852</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome_os">
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.124"/>
+        <vers prev="1" num="33.0.1750.149"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1711" published="2014-03-16" name="CVE-2014-1711" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=351855" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=351855</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome_os">
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.124"/>
+        <vers prev="1" num="33.0.1750.149"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1713" published="2014-03-16" name="CVE-2014-1713" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/blink?revision=169176&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=169176&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=352374" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=352374</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2883" source="DEBIAN">DSA-2883</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html" source="APPLE">APPLE-SA-2014-04-22-2</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html" source="APPLE">APPLE-SA-2014-04-22-3</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html" source="APPLE">APPLE-SA-2014-04-01-1</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html" source="BUGTRAQ">20140326 VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers num="33.0.1750.0"/>
+        <vers num="33.0.1750.1"/>
+        <vers num="33.0.1750.10"/>
+        <vers num="33.0.1750.104"/>
+        <vers num="33.0.1750.106"/>
+        <vers num="33.0.1750.107"/>
+        <vers num="33.0.1750.108"/>
+        <vers num="33.0.1750.109"/>
+        <vers num="33.0.1750.11"/>
+        <vers num="33.0.1750.110"/>
+        <vers num="33.0.1750.111"/>
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.113"/>
+        <vers num="33.0.1750.115"/>
+        <vers num="33.0.1750.116"/>
+        <vers num="33.0.1750.117"/>
+        <vers num="33.0.1750.12"/>
+        <vers num="33.0.1750.124"/>
+        <vers num="33.0.1750.125"/>
+        <vers num="33.0.1750.126"/>
+        <vers num="33.0.1750.13"/>
+        <vers num="33.0.1750.132"/>
+        <vers num="33.0.1750.133"/>
+        <vers num="33.0.1750.135"/>
+        <vers num="33.0.1750.136"/>
+        <vers num="33.0.1750.14"/>
+        <vers num="33.0.1750.144"/>
+        <vers num="33.0.1750.146"/>
+        <vers num="33.0.1750.149"/>
+        <vers num="33.0.1750.15"/>
+        <vers prev="1" num="33.0.1750.151"/>
+        <vers num="33.0.1750.152"/>
+        <vers prev="1" num="33.0.1750.153"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.18"/>
+        <vers num="33.0.1750.19"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.20"/>
+        <vers num="33.0.1750.21"/>
+        <vers num="33.0.1750.22"/>
+        <vers num="33.0.1750.23"/>
+        <vers num="33.0.1750.24"/>
+        <vers num="33.0.1750.25"/>
+        <vers num="33.0.1750.26"/>
+        <vers num="33.0.1750.27"/>
+        <vers num="33.0.1750.28"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.3"/>
+        <vers num="33.0.1750.30"/>
+        <vers num="33.0.1750.31"/>
+        <vers num="33.0.1750.34"/>
+        <vers num="33.0.1750.35"/>
+        <vers num="33.0.1750.36"/>
+        <vers num="33.0.1750.37"/>
+        <vers num="33.0.1750.38"/>
+        <vers num="33.0.1750.39"/>
+        <vers num="33.0.1750.4"/>
+        <vers num="33.0.1750.40"/>
+        <vers num="33.0.1750.41"/>
+        <vers num="33.0.1750.42"/>
+        <vers num="33.0.1750.43"/>
+        <vers num="33.0.1750.44"/>
+        <vers num="33.0.1750.45"/>
+        <vers num="33.0.1750.46"/>
+        <vers num="33.0.1750.47"/>
+        <vers num="33.0.1750.48"/>
+        <vers num="33.0.1750.49"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.50"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.52"/>
+        <vers num="33.0.1750.53"/>
+        <vers num="33.0.1750.54"/>
+        <vers num="33.0.1750.55"/>
+        <vers num="33.0.1750.56"/>
+        <vers num="33.0.1750.57"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.59"/>
+        <vers num="33.0.1750.6"/>
+        <vers num="33.0.1750.60"/>
+        <vers num="33.0.1750.61"/>
+        <vers num="33.0.1750.62"/>
+        <vers num="33.0.1750.63"/>
+        <vers num="33.0.1750.64"/>
+        <vers num="33.0.1750.65"/>
+        <vers num="33.0.1750.66"/>
+        <vers num="33.0.1750.67"/>
+        <vers num="33.0.1750.68"/>
+        <vers num="33.0.1750.69"/>
+        <vers num="33.0.1750.7"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.71"/>
+        <vers num="33.0.1750.73"/>
+        <vers num="33.0.1750.74"/>
+        <vers num="33.0.1750.75"/>
+        <vers num="33.0.1750.76"/>
+        <vers num="33.0.1750.77"/>
+        <vers num="33.0.1750.79"/>
+        <vers num="33.0.1750.8"/>
+        <vers num="33.0.1750.80"/>
+        <vers num="33.0.1750.81"/>
+        <vers num="33.0.1750.82"/>
+        <vers num="33.0.1750.83"/>
+        <vers num="33.0.1750.85"/>
+        <vers num="33.0.1750.88"/>
+        <vers num="33.0.1750.89"/>
+        <vers num="33.0.1750.9"/>
+        <vers num="33.0.1750.90"/>
+        <vers num="33.0.1750.91"/>
+        <vers num="33.0.1750.92"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1714" published="2014-03-16" name="CVE-2014-1714" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=256974&amp;view=revision" source="CONFIRM" adv="1">https://src.chromium.org/viewvc/chrome?revision=256974&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=352395" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=352395</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0143.html" source="BUGTRAQ">20140326 VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers num="33.0.1750.0"/>
+        <vers num="33.0.1750.1"/>
+        <vers num="33.0.1750.10"/>
+        <vers num="33.0.1750.104"/>
+        <vers num="33.0.1750.106"/>
+        <vers num="33.0.1750.107"/>
+        <vers num="33.0.1750.108"/>
+        <vers num="33.0.1750.109"/>
+        <vers num="33.0.1750.11"/>
+        <vers num="33.0.1750.110"/>
+        <vers num="33.0.1750.111"/>
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.113"/>
+        <vers num="33.0.1750.115"/>
+        <vers num="33.0.1750.116"/>
+        <vers num="33.0.1750.117"/>
+        <vers num="33.0.1750.12"/>
+        <vers num="33.0.1750.124"/>
+        <vers num="33.0.1750.125"/>
+        <vers num="33.0.1750.126"/>
+        <vers num="33.0.1750.13"/>
+        <vers num="33.0.1750.132"/>
+        <vers num="33.0.1750.133"/>
+        <vers num="33.0.1750.135"/>
+        <vers num="33.0.1750.136"/>
+        <vers num="33.0.1750.14"/>
+        <vers num="33.0.1750.144"/>
+        <vers num="33.0.1750.146"/>
+        <vers num="33.0.1750.149"/>
+        <vers num="33.0.1750.15"/>
+        <vers prev="1" num="33.0.1750.151"/>
+        <vers num="33.0.1750.152"/>
+        <vers prev="1" num="33.0.1750.153"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.18"/>
+        <vers num="33.0.1750.19"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.20"/>
+        <vers num="33.0.1750.21"/>
+        <vers num="33.0.1750.22"/>
+        <vers num="33.0.1750.23"/>
+        <vers num="33.0.1750.24"/>
+        <vers num="33.0.1750.25"/>
+        <vers num="33.0.1750.26"/>
+        <vers num="33.0.1750.27"/>
+        <vers num="33.0.1750.28"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.3"/>
+        <vers num="33.0.1750.30"/>
+        <vers num="33.0.1750.31"/>
+        <vers num="33.0.1750.34"/>
+        <vers num="33.0.1750.35"/>
+        <vers num="33.0.1750.36"/>
+        <vers num="33.0.1750.37"/>
+        <vers num="33.0.1750.38"/>
+        <vers num="33.0.1750.39"/>
+        <vers num="33.0.1750.4"/>
+        <vers num="33.0.1750.40"/>
+        <vers num="33.0.1750.41"/>
+        <vers num="33.0.1750.42"/>
+        <vers num="33.0.1750.43"/>
+        <vers num="33.0.1750.44"/>
+        <vers num="33.0.1750.45"/>
+        <vers num="33.0.1750.46"/>
+        <vers num="33.0.1750.47"/>
+        <vers num="33.0.1750.48"/>
+        <vers num="33.0.1750.49"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.50"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.52"/>
+        <vers num="33.0.1750.53"/>
+        <vers num="33.0.1750.54"/>
+        <vers num="33.0.1750.55"/>
+        <vers num="33.0.1750.56"/>
+        <vers num="33.0.1750.57"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.59"/>
+        <vers num="33.0.1750.6"/>
+        <vers num="33.0.1750.60"/>
+        <vers num="33.0.1750.61"/>
+        <vers num="33.0.1750.62"/>
+        <vers num="33.0.1750.63"/>
+        <vers num="33.0.1750.64"/>
+        <vers num="33.0.1750.65"/>
+        <vers num="33.0.1750.66"/>
+        <vers num="33.0.1750.67"/>
+        <vers num="33.0.1750.68"/>
+        <vers num="33.0.1750.69"/>
+        <vers num="33.0.1750.7"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.71"/>
+        <vers num="33.0.1750.73"/>
+        <vers num="33.0.1750.74"/>
+        <vers num="33.0.1750.75"/>
+        <vers num="33.0.1750.76"/>
+        <vers num="33.0.1750.77"/>
+        <vers num="33.0.1750.79"/>
+        <vers num="33.0.1750.8"/>
+        <vers num="33.0.1750.80"/>
+        <vers num="33.0.1750.81"/>
+        <vers num="33.0.1750.82"/>
+        <vers num="33.0.1750.83"/>
+        <vers num="33.0.1750.85"/>
+        <vers num="33.0.1750.88"/>
+        <vers num="33.0.1750.89"/>
+        <vers num="33.0.1750.9"/>
+        <vers num="33.0.1750.90"/>
+        <vers num="33.0.1750.91"/>
+        <vers num="33.0.1750.92"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1715" published="2014-03-16" name="CVE-2014-1715" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=352429" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=352429</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2883" source="DEBIAN">DSA-2883</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers num="33.0.1750.0"/>
+        <vers num="33.0.1750.1"/>
+        <vers num="33.0.1750.10"/>
+        <vers num="33.0.1750.104"/>
+        <vers num="33.0.1750.106"/>
+        <vers num="33.0.1750.107"/>
+        <vers num="33.0.1750.108"/>
+        <vers num="33.0.1750.109"/>
+        <vers num="33.0.1750.11"/>
+        <vers num="33.0.1750.110"/>
+        <vers num="33.0.1750.111"/>
+        <vers num="33.0.1750.112"/>
+        <vers num="33.0.1750.113"/>
+        <vers num="33.0.1750.115"/>
+        <vers num="33.0.1750.116"/>
+        <vers num="33.0.1750.117"/>
+        <vers num="33.0.1750.12"/>
+        <vers num="33.0.1750.124"/>
+        <vers num="33.0.1750.125"/>
+        <vers num="33.0.1750.126"/>
+        <vers num="33.0.1750.13"/>
+        <vers num="33.0.1750.132"/>
+        <vers num="33.0.1750.133"/>
+        <vers num="33.0.1750.135"/>
+        <vers num="33.0.1750.136"/>
+        <vers num="33.0.1750.14"/>
+        <vers num="33.0.1750.144"/>
+        <vers num="33.0.1750.146"/>
+        <vers num="33.0.1750.149"/>
+        <vers num="33.0.1750.15"/>
+        <vers prev="1" num="33.0.1750.151"/>
+        <vers num="33.0.1750.152"/>
+        <vers prev="1" num="33.0.1750.153"/>
+        <vers num="33.0.1750.16"/>
+        <vers num="33.0.1750.18"/>
+        <vers num="33.0.1750.19"/>
+        <vers num="33.0.1750.2"/>
+        <vers num="33.0.1750.20"/>
+        <vers num="33.0.1750.21"/>
+        <vers num="33.0.1750.22"/>
+        <vers num="33.0.1750.23"/>
+        <vers num="33.0.1750.24"/>
+        <vers num="33.0.1750.25"/>
+        <vers num="33.0.1750.26"/>
+        <vers num="33.0.1750.27"/>
+        <vers num="33.0.1750.28"/>
+        <vers num="33.0.1750.29"/>
+        <vers num="33.0.1750.3"/>
+        <vers num="33.0.1750.30"/>
+        <vers num="33.0.1750.31"/>
+        <vers num="33.0.1750.34"/>
+        <vers num="33.0.1750.35"/>
+        <vers num="33.0.1750.36"/>
+        <vers num="33.0.1750.37"/>
+        <vers num="33.0.1750.38"/>
+        <vers num="33.0.1750.39"/>
+        <vers num="33.0.1750.4"/>
+        <vers num="33.0.1750.40"/>
+        <vers num="33.0.1750.41"/>
+        <vers num="33.0.1750.42"/>
+        <vers num="33.0.1750.43"/>
+        <vers num="33.0.1750.44"/>
+        <vers num="33.0.1750.45"/>
+        <vers num="33.0.1750.46"/>
+        <vers num="33.0.1750.47"/>
+        <vers num="33.0.1750.48"/>
+        <vers num="33.0.1750.49"/>
+        <vers num="33.0.1750.5"/>
+        <vers num="33.0.1750.50"/>
+        <vers num="33.0.1750.51"/>
+        <vers num="33.0.1750.52"/>
+        <vers num="33.0.1750.53"/>
+        <vers num="33.0.1750.54"/>
+        <vers num="33.0.1750.55"/>
+        <vers num="33.0.1750.56"/>
+        <vers num="33.0.1750.57"/>
+        <vers num="33.0.1750.58"/>
+        <vers num="33.0.1750.59"/>
+        <vers num="33.0.1750.6"/>
+        <vers num="33.0.1750.60"/>
+        <vers num="33.0.1750.61"/>
+        <vers num="33.0.1750.62"/>
+        <vers num="33.0.1750.63"/>
+        <vers num="33.0.1750.64"/>
+        <vers num="33.0.1750.65"/>
+        <vers num="33.0.1750.66"/>
+        <vers num="33.0.1750.67"/>
+        <vers num="33.0.1750.68"/>
+        <vers num="33.0.1750.69"/>
+        <vers num="33.0.1750.7"/>
+        <vers num="33.0.1750.70"/>
+        <vers num="33.0.1750.71"/>
+        <vers num="33.0.1750.73"/>
+        <vers num="33.0.1750.74"/>
+        <vers num="33.0.1750.75"/>
+        <vers num="33.0.1750.76"/>
+        <vers num="33.0.1750.77"/>
+        <vers num="33.0.1750.79"/>
+        <vers num="33.0.1750.8"/>
+        <vers num="33.0.1750.80"/>
+        <vers num="33.0.1750.81"/>
+        <vers num="33.0.1750.82"/>
+        <vers num="33.0.1750.83"/>
+        <vers num="33.0.1750.85"/>
+        <vers num="33.0.1750.88"/>
+        <vers num="33.0.1750.89"/>
+        <vers num="33.0.1750.9"/>
+        <vers num="33.0.1750.90"/>
+        <vers num="33.0.1750.91"/>
+        <vers num="33.0.1750.92"/>
+        <vers num="33.0.1750.93"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1716" published="2014-04-09" name="CVE-2014-1716" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20138" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20138</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=354123" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=354123</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1717" published="2014-04-09" name="CVE-2014-1717" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20020" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20020</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=353004" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=353004</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1718" published="2014-04-09" name="CVE-2014-1718" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=261817&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=261817&amp;view=revision</ref>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=260969&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=260969&amp;view=revision</ref>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=258418&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=258418&amp;view=revision</ref>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=257417&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=257417&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=348332" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=348332</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1719" published="2014-04-09" name="CVE-2014-1719" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=252010&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=252010&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=343661" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=343661</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1720" published="2014-04-09" name="CVE-2014-1720" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/blink?revision=170216&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=170216&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=356095" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=356095</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1721" published="2014-04-09" name="CVE-2014-1721" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/v8/source/detail?r=19834" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=19834</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=350434" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=350434</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1722" published="2014-04-09" name="CVE-2014-1722" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/blink?revision=164405&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=164405&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=330626" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=330626</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1723" published="2014-04-09" name="CVE-2014-1723" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=254091&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=254091&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=337746" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=337746</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1724" published="2014-04-09" name="CVE-2014-1724" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=259109&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=259109&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=327295" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=327295</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1725" published="2014-04-09" name="CVE-2014-1725" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/blink?revision=170264&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=170264&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=357332" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=357332</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1726" published="2014-04-09" name="CVE-2014-1726" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=259353&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=259353&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=346135" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=346135</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1727" published="2014-04-09" name="CVE-2014-1727" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" patch="1" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=255276&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=255276&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=342735" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=342735</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1728" published="2014-04-09" name="CVE-2014-1728" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=360298" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=360298</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=358059" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=358059</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=356517" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=356517</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=356235" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=356235</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=355586" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=355586</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=354297" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=354297</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=353013" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=353013</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=352982" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=352982</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=351815" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=351815</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=350863" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=350863</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=350537" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=350537</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=350533" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=350533</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=348319" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=348319</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=347262" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=347262</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=345820" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=345820</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1729" published="2014-04-09" name="CVE-2014-1729" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20409" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20409</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20345" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20345</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20033" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20033</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=19923" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=19923</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=19584" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=19584</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=19572" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=19572</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=358059" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=358059</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=355586" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=355586</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=352982" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=352982</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=350863" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=350863</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=348319" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=348319</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=347262" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=347262</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=345820" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=345820</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1730" published="2014-04-26" name="CVE-2014-1730" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:N/A:N)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20595" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20595</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20593" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20593</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20388" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20388</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20377" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20377</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20375" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20375</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=354967" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=354967</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.130"/>
+        <vers prev="1" num="34.0.1847.131"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1731" published="2014-04-26" name="CVE-2014-1731" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/blink?revision=171216&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=171216&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=349903" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=349903</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.130"/>
+        <vers prev="1" num="34.0.1847.131"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1732" published="2014-04-26" name="CVE-2014-1732" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=261737&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=261737&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=352851" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=352851</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.130"/>
+        <vers prev="1" num="34.0.1847.131"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1733" published="2014-04-26" name="CVE-2014-1733" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/chrome?revision=260157&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/chrome?revision=260157&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=351103" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=351103</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.130"/>
+        <vers prev="1" num="34.0.1847.131"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1734" published="2014-04-26" name="CVE-2014-1734" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=367314" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=367314</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=357382" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=357382</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=356181" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=356181</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.130"/>
+        <vers prev="1" num="34.0.1847.131"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1735" published="2014-04-26" name="CVE-2014-1735" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://src.chromium.org/viewvc/blink?revision=171127&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=171127&amp;view=revision</ref>
+      <ref url="https://src.chromium.org/viewvc/blink?revision=171077&amp;view=revision" source="CONFIRM">https://src.chromium.org/viewvc/blink?revision=171077&amp;view=revision</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20624" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20624</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20622" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20622</ref>
+      <ref url="https://code.google.com/p/v8/source/detail?r=20501" source="CONFIRM">https://code.google.com/p/v8/source/detail?r=20501</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=360429" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=360429</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=359525" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=359525</ref>
+      <ref url="https://code.google.com/p/chromium/issues/detail?id=359130" source="CONFIRM">https://code.google.com/p/chromium/issues/detail?id=359130</ref>
+      <ref url="http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html" source="CONFIRM" adv="1">http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="chrome">
+        <vers prev="1" num="34.0.1847.130"/>
+        <vers prev="1" num="34.0.1847.131"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1751" published="2014-04-08" name="CVE-2014-1751" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0235 and CVE-2014-1755.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-018" source="MS" adv="1">MS14-018</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1752" published="2014-04-08" name="CVE-2014-1752" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-018" source="MS" adv="1">MS14-018</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="6"/>
+        <vers num="7"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1753" published="2014-04-08" name="CVE-2014-1753" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-018" source="MS" adv="1">MS14-018</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="6" edition="sp1"/>
+        <vers num="7"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1755" published="2014-04-08" name="CVE-2014-1755" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0235 and CVE-2014-1751.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-018" source="MS" adv="1">MS14-018</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1757" published="2014-04-08" name="CVE-2014-1757" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office File Format Converter Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-017" source="MS" adv="1">MS14-017</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="office_compatibility_pack">
+        <vers num="" edition="sp3"/>
+      </prod>
+      <prod vendor="microsoft" name="word">
+        <vers num="2007" edition="sp3"/>
+        <vers num="2010" edition="sp1"/>
+        <vers num="2010" edition="sp2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1758" published="2014-04-08" name="CVE-2014-1758" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Word Stack Overflow Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-017" source="MS" adv="1">MS14-017</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="word">
+        <vers num="2003" edition="sp3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1759" published="2014-04-08" name="CVE-2014-1759" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka "Arbitrary Pointer Dereference Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-020" source="MS" adv="1">MS14-020</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="publisher">
+        <vers num="2003" edition="sp3"/>
+        <vers num="2007" edition="sp3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1760" published="2014-04-08" name="CVE-2014-1760" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-018" source="MS" adv="1">MS14-018</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="11" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1761" published="2014-03-25" name="CVE-2014-1761" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://technet.microsoft.com/security/bulletin/MS14-017" source="MS">MS14-017</ref>
+      <ref url="http://technet.microsoft.com/security/advisory/2953095" source="CONFIRM" adv="1">http://technet.microsoft.com/security/advisory/2953095</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="office">
+        <vers num="2011" edition=":mac"/>
+      </prod>
+      <prod vendor="microsoft" name="office_compatibility_pack">
+        <vers num="" edition="sp3"/>
+      </prod>
+      <prod vendor="microsoft" name="office_web_apps">
+        <vers num="2010" edition="sp1"/>
+        <vers num="2010" edition="sp2"/>
+      </prod>
+      <prod vendor="microsoft" name="office_web_apps_server">
+        <vers num="2013"/>
+      </prod>
+      <prod vendor="microsoft" name="sharepoint_server">
+        <vers num="2010" edition="sp1"/>
+        <vers num="2010" edition="sp2"/>
+        <vers num="2013"/>
+      </prod>
+      <prod vendor="microsoft" name="word">
+        <vers num="2003" edition="sp3"/>
+        <vers num="2007" edition="sp3"/>
+        <vers num="2010" edition="sp1:~~~x64~~"/>
+        <vers num="2010" edition="sp1:~~~x86~~"/>
+        <vers num="2010" edition="sp2:~~~x64~~"/>
+        <vers num="2010" edition="sp2:~~~x86~~"/>
+        <vers num="2013" edition="-:~-~-~rt~~"/>
+      </prod>
+      <prod vendor="microsoft" name="word_viewer">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1762" published="2014-04-27" name="CVE-2014-1762" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code with medium-integrity privileges and bypass a sandbox protection mechanism via unknown vectors, as demonstrated by ZDI during a Pwn4Fun competition at CanSecWest 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</ref>
+      <ref url="http://twitter.com/thezdi/statuses/443810610958958592" source="MISC">http://twitter.com/thezdi/statuses/443810610958958592</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="11" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1763" published="2014-04-27" name="CVE-2014-1763" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</ref>
+      <ref url="http://twitter.com/thezdi/statuses/443855973673754624" source="MISC">http://twitter.com/thezdi/statuses/443855973673754624</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="11" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1764" published="2014-04-27" name="CVE-2014-1764" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one/</ref>
+      <ref url="http://twitter.com/thezdi/statuses/443855973673754624" source="MISC">http://twitter.com/thezdi/statuses/443855973673754624</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="11" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1765" published="2014-04-27" name="CVE-2014-1765" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/</ref>
+      <ref url="http://twitter.com/thezdi/statuses/444216845734666240" source="MISC">http://twitter.com/thezdi/statuses/444216845734666240</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="11" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1766" published="2014-04-27" name="CVE-2014-1766" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the kernel in Microsoft Windows 8.1 allows local users to gain privileges via unknown vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/" source="MISC">http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/</ref>
+      <ref url="http://twitter.com/thezdi/statuses/444216845734666240" source="MISC">http://twitter.com/thezdi/statuses/444216845734666240</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_8.1">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1776" published="2014-04-27" name="CVE-2014-1776" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in VGX.DLL in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2014.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://technet.microsoft.com/library/security/2963983" source="CONFIRM" adv="1">https://technet.microsoft.com/library/security/2963983</ref>
+      <ref url="http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html" source="MISC">http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="internet_explorer">
+        <vers num="10"/>
+        <vers num="11" edition="-"/>
+        <vers num="6"/>
+        <vers num="7"/>
+        <vers num="8"/>
+        <vers num="9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1826" published="2014-03-26" name="CVE-2014-1826" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:P/A:N)" CVSS_score="2.6" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML via a crafted map name.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.madirish.net/559" source="MISC">http://www.madirish.net/559</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ithoughts" name="ithoughtshd">
+        <vers num="4.19" edition=":~~~iphone_os~ipad~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1827" published="2014-03-26" name="CVE-2014-1827" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to upload arbitrary files by placing a %00 sequence after a dangerous extension, as demonstrated by a .html%00.txt file.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.madirish.net/559" source="MISC">http://www.madirish.net/559</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ithoughts" name="ithoughtshd">
+        <vers num="4.19" edition=":~~~iphone_os~ipad~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1828" published="2014-03-26" name="CVE-2014-1828" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad devices allows remote attackers to cause a denial of service (disk consumption) by uploading a large file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.madirish.net/559" source="MISC">http://www.madirish.net/559</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ithoughts" name="ithoughtshd">
+        <vers num="4.19" edition=":~~~iphone_os~ipad~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1833" published="2014-02-05" name="CVE-2014-1833" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1059947" source="CONFIRM" adv="1">https://bugzilla.redhat.com/show_bug.cgi?id=1059947</ref>
+      <ref url="http://www.securityfocus.com/bid/65260" source="BID">65260</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/31/7" source="MLIST">[oss-security] 20140131 CVE request: uupdate (devscripts) directory traversal</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/01/31/11" source="MLIST">[oss-security] 20140131 Re: CVE request: uupdate (devscripts) directory traversal</ref>
+      <ref url="http://osvdb.org/102748" source="OSVDB">102748</ref>
+      <ref url="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160" source="MISC">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737160</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="devscripts_devel_team" name="devscripts">
+        <vers num="2.14.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1837" published="2014-01-30" name="CVE-2014-1837" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90974" source="XF">komento-joomla-cve20141837-xss(90974)</ref>
+      <ref url="http://www.securityfocus.com/bid/65173" source="BID">65173</ref>
+      <ref url="http://stackideas.com/downloads/changelog/komento" source="CONFIRM" adv="1">http://stackideas.com/downloads/changelog/komento</ref>
+      <ref url="http://secunia.com/advisories/56577" source="SECUNIA" adv="1">56577</ref>
+      <ref url="http://osvdb.org/102563" source="OSVDB">102563</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="stackideas" name="komento">
+        <vers num="1.7.0"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.2"/>
+        <vers prev="1" num="1.7.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1838" published="2014-03-11" name="CVE-2014-1838" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="4.4" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.4" CVSS_base_score="4.4">
+    <desc>
+      <descript source="cve">The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051</ref>
+      <ref url="http://www.logilab.org/ticket/207561" source="CONFIRM">http://www.logilab.org/ticket/207561</ref>
+      <ref url="http://secunia.com/advisories/57209" source="SECUNIA">57209</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html" source="SUSE">openSUSE-SU-2014:0306</ref>
+      <ref url="http://comments.gmane.org/gmane.comp.security.oss.general/11986" source="MLIST">[oss-security] 20140131 CVE request: temp file issues in python's logilab-common module</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="logilab" name="logilab-common">
+        <vers prev="1" num="0.60.0"/>
+      </prod>
+      <prod vendor="novell" name="opensuse">
+        <vers num="12.3"/>
+        <vers num="13.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1839" published="2014-03-11" name="CVE-2014-1839" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="4.4" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.4" CVSS_base_score="4.4">
+    <desc>
+      <descript source="cve">The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051</ref>
+      <ref url="http://www.logilab.org/ticket/207562" source="CONFIRM">http://www.logilab.org/ticket/207562</ref>
+      <ref url="http://secunia.com/advisories/57209" source="SECUNIA" adv="1">57209</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html" source="SUSE">openSUSE-SU-2014:0306</ref>
+      <ref url="http://comments.gmane.org/gmane.comp.security.oss.general/11986" source="MLIST">[oss-security] 20140131 CVE request: temp file issues in python's logilab-common module</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="logilab" name="logilab-common">
+        <vers prev="1" num="0.60.0"/>
+      </prod>
+      <prod vendor="novell" name="opensuse">
+        <vers num="12.3"/>
+        <vers num="13.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1840" published="2014-03-03" name="CVE-2014-1840" modified="2014-03-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/125038/MyBB-1.6.12-POST-Cross-Site-Scripting.html</ref>
+      <ref url="http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/" source="MISC">http://osandamalith.wordpress.com/2014/02/02/mybb-1-6-12-post-xss-0day/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mybb" name="mybb">
+        <vers num="1.6.0"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.10"/>
+        <vers num="1.6.11"/>
+        <vers prev="1" num="1.6.12"/>
+        <vers num="1.6.2"/>
+        <vers num="1.6.3"/>
+        <vers num="1.6.4"/>
+        <vers num="1.6.5"/>
+        <vers num="1.6.6"/>
+        <vers num="1.6.7"/>
+        <vers num="1.6.8"/>
+        <vers num="1.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1841" published="2014-04-29" name="CVE-2014-1841" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. (dot dot) in the src parameter.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" source="FULLDISC">20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="southrivertech" name="titan_ftp_server">
+        <vers num="10.0.1733"/>
+        <vers num="10.01.1740"/>
+        <vers num="10.30"/>
+        <vers prev="1" num="10.40"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1842" published="2014-04-29" name="CVE-2014-1842" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to list all usernames via a Go action with a .. (dot dot) in the search-bar value.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" source="FULLDISC">20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="southrivertech" name="titan_ftp_server">
+        <vers num="10.0.1733"/>
+        <vers num="10.01.1740"/>
+        <vers num="10.30"/>
+        <vers prev="1" num="10.40"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1843" published="2014-04-29" name="CVE-2014-1843" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. (dot dot) in the src parameter.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0092.html" source="FULLDISC">20140210 Titan FTP Server Directory Traversal Vulnerabilities - [CVE-2014-1841 / CVE-2014-1842 / CVE-2014-1843]</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="southrivertech" name="titan_ftp_server">
+        <vers num="10.0.1733"/>
+        <vers num="10.01.1740"/>
+        <vers num="10.30"/>
+        <vers prev="1" num="10.40"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1854" published="2014-02-27" name="CVE-2014-1854" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23201" source="MISC">https://www.htbridge.com/advisory/HTB23201</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91253" source="XF">adrotate-track-sql-injection(91253)</ref>
+      <ref url="http://www.securityfocus.com/bid/65709" source="BID">65709</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531176/100/0/threaded" source="BUGTRAQ">20140220 SQL Injection in AdRotate</ref>
+      <ref url="http://www.exploit-db.com/exploits/31834" source="EXPLOIT-DB">31834</ref>
+      <ref url="http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5" source="CONFIRM" adv="1">http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5</ref>
+      <ref url="http://secunia.com/advisories/57079" source="SECUNIA" adv="1">57079</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adrotateplugin" name="adrotate">
+        <vers num="3.9." edition=":~free~wordpress~~~"/>
+        <vers num="3.9." edition=":~pro~wordpress~~~"/>
+        <vers num="3.9.1" edition=":~free~wordpress~~~"/>
+        <vers num="3.9.1" edition=":~pro~wordpress~~~"/>
+        <vers num="3.9.2" edition=":~free~wordpress~~~"/>
+        <vers num="3.9.2" edition=":~pro~wordpress~~~"/>
+        <vers num="3.9.3" edition=":~free~wordpress~~~"/>
+        <vers num="3.9.3" edition=":~pro~wordpress~~~"/>
+        <vers num="3.9.4" edition=":~free~wordpress~~~"/>
+        <vers num="3.9.4" edition=":~pro~wordpress~~~"/>
+        <vers num="3.9.5" edition=":~pro~wordpress~~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1861" published="2014-02-18" name="CVE-2014-1861" modified="2014-02-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://blog.quaji.com/2014/02/remote-code-execution-on-all-enterprise.html" source="MISC">http://blog.quaji.com/2014/02/remote-code-execution-on-all-enterprise.html</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-02/0075.html" source="BUGTRAQ">20140217 Jetro Cockpit Secure Browsing vulnerability - Client missing input validation allowing RCE</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="jetroplatforms" name="jetro_cockpit_secure_browsing">
+        <vers num="4.3.1"/>
+        <vers num="4.3.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1869" published="2014-02-07" name="CVE-2014-1869" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2" source="CONFIRM" patch="1" adv="1">https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.3.2</ref>
+      <ref url="https://github.com/zeroclipboard/zeroclipboard/pull/335" source="CONFIRM">https://github.com/zeroclipboard/zeroclipboard/pull/335</ref>
+      <ref url="https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca" source="MISC">https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91085" source="XF">zeroclipboard-cve20141869-xss(91085)</ref>
+      <ref url="http://www.securityfocus.com/bid/65484" source="BID">65484</ref>
+      <ref url="http://secunia.com/advisories/56821" source="SECUNIA">56821</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="zeroclipboard_project" name="zeroclipboard">
+        <vers num="1.0.5"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.3"/>
+        <vers num="1.1.4"/>
+        <vers num="1.1.5"/>
+        <vers num="1.1.6"/>
+        <vers num="1.1.7"/>
+        <vers num="1.2.0"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.3.0"/>
+        <vers prev="1" num="1.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1870" published="2014-02-06" name="CVE-2014-1870" modified="2014-02-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/" source="CONFIRM" adv="1">http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="opera" name="opera_browser">
+        <vers num="1.00"/>
+        <vers num="10.00" edition="alpha"/>
+        <vers num="10.00" edition="beta1"/>
+        <vers num="10.00" edition="beta2"/>
+        <vers num="10.00" edition="beta3"/>
+        <vers num="10.01"/>
+        <vers num="10.10" edition="beta1"/>
+        <vers num="10.11"/>
+        <vers num="10.20" edition="alpha"/>
+        <vers num="10.50" edition="beta1"/>
+        <vers num="10.50" edition="beta2"/>
+        <vers num="10.51"/>
+        <vers num="10.52" edition="beta1"/>
+        <vers num="10.52" edition="beta2"/>
+        <vers num="10.53" edition="b"/>
+        <vers num="10.53" edition="beta1"/>
+        <vers num="10.54"/>
+        <vers num="10.60" edition="alpha"/>
+        <vers num="10.60" edition="beta1"/>
+        <vers num="10.61"/>
+        <vers num="10.62"/>
+        <vers num="10.63"/>
+        <vers num="11.00" edition="beta"/>
+        <vers num="11.01"/>
+        <vers num="11.10" edition="beta"/>
+        <vers num="11.11"/>
+        <vers num="11.50" edition="beta"/>
+        <vers num="11.51"/>
+        <vers num="11.52"/>
+        <vers num="11.52.1100"/>
+        <vers num="11.60" edition="beta"/>
+        <vers num="11.61"/>
+        <vers num="11.62"/>
+        <vers num="11.64"/>
+        <vers num="11.65"/>
+        <vers num="11.66"/>
+        <vers num="11.67"/>
+        <vers num="12.00" edition="beta"/>
+        <vers num="12.01"/>
+        <vers num="12.02"/>
+        <vers num="12.10" edition="beta"/>
+        <vers num="12.11"/>
+        <vers num="12.12"/>
+        <vers num="12.13"/>
+        <vers num="12.14"/>
+        <vers num="12.15"/>
+        <vers num="15.00" edition="next"/>
+        <vers num="16.00"/>
+        <vers num="17.00"/>
+        <vers prev="1" num="18.00"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1874" published="2014-02-28" name="CVE-2014-1874" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:S/C:N/I:N/A:C)" CVSS_score="4.4" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="2.7" CVSS_base_score="4.4">
+    <desc>
+      <descript source="cve">The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/2172fa709ab32ca60e86179dc67d0857be8e2c98</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2172fa709ab32ca60e86179dc67d0857be8e2c98" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2172fa709ab32ca60e86179dc67d0857be8e2c98</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1062356" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1062356</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2141-1" source="UBUNTU">USN-2141-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2140-1" source="UBUNTU">USN-2140-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2139-1" source="UBUNTU">USN-2139-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2138-1" source="UBUNTU">USN-2138-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2137-1" source="UBUNTU">USN-2137-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2136-1" source="UBUNTU">USN-2136-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2135-1" source="UBUNTU">USN-2135-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2134-1" source="UBUNTU">USN-2134-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2133-1" source="UBUNTU">USN-2133-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2129-1" source="UBUNTU">USN-2129-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2128-1" source="UBUNTU">USN-2128-1</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/07/2" source="MLIST">[oss-security] 20140206 Re: CVE Request: Linux kernel: SELinux local DoS</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers prev="1" num="3.13.3"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1876" published="2014-02-10" name="CVE-2014-1876" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="4.4" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.4" CVSS_base_score="4.4">
+    <desc>
+      <descript source="cve">The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1060907" source="MISC">https://bugzilla.redhat.com/show_bug.cgi?id=1060907</ref>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/285" source="MLIST">[oss-security] 20140207 Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java)</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/242" source="MLIST">[oss-security] 20140203 CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java)</ref>
+      <ref url="http://osvdb.org/102808" source="OSVDB">102808</ref>
+      <ref url="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562" source="MISC">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="openjdk">
+        <vers num="1.6.0"/>
+        <vers num="1.7.0"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1877" published="2014-03-13" name="CVE-2014-1877" modified="2014-03-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2) Street, (3) Address line, (4) Zip code, or (5) City field to main/auth/profile.php; (6) Subject field to main/social/groups.php; or (7) Message body field to main/messages/view_message.php.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91295" source="XF">dokeos-cve20141877-xss(91295)</ref>
+      <ref url="http://www.xchg.info/?p=381" source="MISC">http://www.xchg.info/?p=381</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/286" source="MLIST">[oss-security] 20140207 Re: Dokeos 2.1.1 Multiple Stored XSS Vulnerabilities</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/258" source="MLIST">[oss-security] 20140206 Dokeos 2.1.1 Multiple Stored XSS Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="dokeos_project" name="dokeos">
+        <vers num="2.1.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1878" published="2014-02-28" name="CVE-2014-1878" modified="2014-02-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://dev.icinga.org/issues/5434" source="CONFIRM" patch="1">https://dev.icinga.org/issues/5434</ref>
+      <ref url="https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6" source="CONFIRM">https://www.icinga.org/2014/02/11/bugfix-releases-1-10-3-1-9-5-1-8-6</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1066578" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1066578</ref>
+      <ref url="http://www.securityfocus.com/bid/65605" source="BID">65605</ref>
+      <ref url="http://secunia.com/advisories/57024" source="SECUNIA" adv="1">57024</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="icinga" name="icinga">
+        <vers num="1.10.0"/>
+        <vers num="1.10.1"/>
+        <vers num="1.10.2"/>
+        <vers num="1.8.0"/>
+        <vers num="1.8.1"/>
+        <vers num="1.8.2"/>
+        <vers num="1.8.3"/>
+        <vers num="1.8.4"/>
+        <vers prev="1" num="1.8.5"/>
+        <vers num="1.9.0"/>
+        <vers num="1.9.1"/>
+        <vers num="1.9.2"/>
+        <vers num="1.9.3"/>
+        <vers num="1.9.4"/>
+      </prod>
+      <prod vendor="nagios" name="nagios">
+        <vers num="4.0.0" edition="beta1"/>
+        <vers num="4.0.0" edition="beta2"/>
+        <vers num="4.0.0" edition="beta3"/>
+        <vers num="4.0.0" edition="beta4"/>
+        <vers num="4.0.2"/>
+        <vers prev="1" num="4.0.3" edition="rc1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1879" published="2014-02-20" name="CVE-2014-1879" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a" source="CONFIRM">https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a</ref>
+      <ref url="http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php" source="CONFIRM" adv="1">http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00017.html" source="SUSE">openSUSE-SU-2014:0344</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="phpmyadmin" name="phpmyadmin">
+        <vers num="1.0.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6" edition="a"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.1"/>
+        <vers num="1.2"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5"/>
+        <vers num="1.2.6"/>
+        <vers num="1.2.7"/>
+        <vers num="1.2.8"/>
+        <vers num="1.2.9"/>
+        <vers num="1.2.9.1"/>
+        <vers num="1.2.9.2"/>
+        <vers num="1.2.9.3"/>
+        <vers num="1.2.9.4" edition="b"/>
+        <vers num="1.2.9.4" edition="c"/>
+        <vers num="1.2.9.5"/>
+        <vers num="1.3" edition="alpha"/>
+        <vers num="2.11.0"/>
+        <vers num="2.11.1.0"/>
+        <vers num="2.11.1.1"/>
+        <vers num="2.11.1.2"/>
+        <vers num="2.11.10.0"/>
+        <vers num="2.11.10.1"/>
+        <vers num="2.11.2.0"/>
+        <vers num="2.11.2.1"/>
+        <vers num="2.11.2.2"/>
+        <vers num="2.11.3.0"/>
+        <vers num="2.11.4.0"/>
+        <vers num="2.11.5.0"/>
+        <vers num="2.11.5.1"/>
+        <vers num="2.11.5.2"/>
+        <vers num="2.11.6.0"/>
+        <vers num="2.11.7.0"/>
+        <vers num="2.11.7.1"/>
+        <vers num="2.11.8.0"/>
+        <vers num="2.11.9.0"/>
+        <vers num="2.11.9.1"/>
+        <vers num="2.11.9.2"/>
+        <vers num="2.11.9.3"/>
+        <vers num="2.11.9.4"/>
+        <vers num="2.11.9.5"/>
+        <vers num="2.11.9.6"/>
+        <vers num="3.0.0" edition="alpha"/>
+        <vers num="3.0.0" edition="beta"/>
+        <vers num="3.0.0" edition="rc1"/>
+        <vers num="3.0.1" edition="rc1"/>
+        <vers num="3.0.1.1"/>
+        <vers num="3.1.0" edition="beta1"/>
+        <vers num="3.1.1" edition="rc1"/>
+        <vers num="3.1.2" edition="rc1"/>
+        <vers num="3.1.3" edition="rc1"/>
+        <vers num="3.1.3.1"/>
+        <vers num="3.1.3.2"/>
+        <vers num="3.1.4" edition="rc2"/>
+        <vers num="3.1.5" edition="rc1"/>
+        <vers num="3.2.0" edition="beta1"/>
+        <vers num="3.2.0" edition="rc1"/>
+        <vers num="3.2.1" edition="rc1"/>
+        <vers num="3.2.2" edition="rc1"/>
+        <vers num="3.3.0.0"/>
+        <vers num="3.3.1.0"/>
+        <vers num="3.3.10.0"/>
+        <vers num="3.3.2.0"/>
+        <vers num="3.3.3.0"/>
+        <vers num="3.3.4.0"/>
+        <vers num="3.3.5.0"/>
+        <vers num="3.3.5.1"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.3.8.1"/>
+        <vers num="3.3.9.0"/>
+        <vers num="3.3.9.1"/>
+        <vers num="3.3.9.2"/>
+        <vers num="3.4.0.0"/>
+        <vers num="3.4.1.0"/>
+        <vers num="3.4.10.0"/>
+        <vers num="3.4.10.1"/>
+        <vers num="3.4.10.2"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.2.0"/>
+        <vers num="3.4.3.0"/>
+        <vers num="3.4.3.1"/>
+        <vers num="3.4.3.2"/>
+        <vers num="3.4.4.0"/>
+        <vers num="3.4.5.0"/>
+        <vers num="3.4.6.0"/>
+        <vers num="3.4.7.0"/>
+        <vers num="3.4.7.1"/>
+        <vers num="3.4.8.0"/>
+        <vers num="3.4.9.0"/>
+        <vers num="3.5.0.0"/>
+        <vers num="3.5.1.0"/>
+        <vers num="3.5.2.0"/>
+        <vers num="3.5.2.1"/>
+        <vers num="3.5.2.2"/>
+        <vers num="3.5.3.0"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7" edition="rc1"/>
+        <vers num="3.5.8" edition="rc1"/>
+        <vers num="3.5.8.1"/>
+        <vers num="3.5.8.2"/>
+        <vers num="4.0.0" edition="rc2"/>
+        <vers num="4.0.0" edition="rc3"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.4.1"/>
+        <vers num="4.0.4.2"/>
+        <vers num="4.0.5"/>
+        <vers num="4.0.6"/>
+        <vers num="4.0.7"/>
+        <vers num="4.0.8"/>
+        <vers num="4.0.9"/>
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="4.1.4"/>
+        <vers num="4.1.5"/>
+        <vers prev="1" num="4.1.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1881" published="2014-03-02" name="CVE-2014-1881" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://seclists.org/bugtraq/2014/Jan/96" source="BUGTRAQ" patch="1">20140124 Security Vulnerabilities in Apache Cordova / PhoneGap</ref>
+      <ref url="http://www.internetsociety.org/ndss2014/programme#session3" source="MISC">http://www.internetsociety.org/ndss2014/programme#session3</ref>
+      <ref url="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" source="MISC">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</ref>
+      <ref url="http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt" source="MISC">http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/07/9" source="MLIST">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="phonegap">
+        <vers num="2.0.0" edition="rc1"/>
+        <vers num="2.1.0"/>
+        <vers num="2.2.0" edition="rc1"/>
+        <vers num="2.2.0" edition="rc2"/>
+        <vers num="2.3.0" edition="rc1"/>
+        <vers num="2.3.0" edition="rc2"/>
+        <vers num="2.4.0" edition="rc1"/>
+        <vers num="2.5.0" edition="rc1"/>
+        <vers num="2.6.0" edition="rc1"/>
+        <vers num="2.7.0" edition="rc1"/>
+        <vers num="2.8.0"/>
+        <vers num="2.8.1"/>
+        <vers prev="1" num="2.9.0" edition="rc1"/>
+      </prod>
+      <prod vendor="apache" name="cordova">
+        <vers num="3.0.0" edition="rc1"/>
+        <vers num="3.1.0" edition="rc1"/>
+        <vers num="3.2.0" edition="rc1"/>
+        <vers prev="1" num="3.3.0" edition="rc1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1882" published="2014-03-02" name="CVE-2014-1882" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.internetsociety.org/ndss2014/programme#session3" source="MISC">http://www.internetsociety.org/ndss2014/programme#session3</ref>
+      <ref url="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" source="MISC">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</ref>
+      <ref url="http://seclists.org/bugtraq/2014/Jan/96" source="BUGTRAQ" adv="1">20140124 Security Vulnerabilities in Apache Cordova / PhoneGap</ref>
+      <ref url="http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt" source="MISC">http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/07/9" source="MLIST">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="phonegap">
+        <vers num="2.0.0" edition="rc1"/>
+        <vers num="2.1.0"/>
+        <vers num="2.2.0" edition="rc1"/>
+        <vers num="2.2.0" edition="rc2"/>
+        <vers num="2.3.0" edition="rc1"/>
+        <vers num="2.3.0" edition="rc2"/>
+        <vers num="2.4.0" edition="rc1"/>
+        <vers num="2.5.0" edition="rc1"/>
+        <vers num="2.6.0" edition="rc1"/>
+        <vers num="2.7.0" edition="rc1"/>
+        <vers num="2.8.0"/>
+        <vers num="2.8.1"/>
+        <vers prev="1" num="2.9.0" edition="rc1"/>
+      </prod>
+      <prod vendor="apache" name="cordova">
+        <vers num="3.0.0" edition="rc1"/>
+        <vers num="3.1.0" edition="rc1"/>
+        <vers num="3.2.0" edition="rc1"/>
+        <vers prev="1" num="3.3.0" edition="rc1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1883" published="2014-03-02" name="CVE-2014-1883" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://seclists.org/bugtraq/2014/Jan/96" source="BUGTRAQ" patch="1">20140124 Security Vulnerabilities in Apache Cordova / PhoneGap</ref>
+      <ref url="https://github.com/phonegap/phonegap/blob/2.6.0/changelog" source="MISC">https://github.com/phonegap/phonegap/blob/2.6.0/changelog</ref>
+      <ref url="http://www.internetsociety.org/ndss2014/programme#session3" source="MISC">http://www.internetsociety.org/ndss2014/programme#session3</ref>
+      <ref url="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" source="MISC">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</ref>
+      <ref url="http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt" source="MISC">http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/07/9" source="MLIST">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="phonegap">
+        <vers num="2.0.0" edition="rc1"/>
+        <vers num="2.1.0"/>
+        <vers num="2.2.0" edition="rc1"/>
+        <vers num="2.2.0" edition="rc2"/>
+        <vers num="2.3.0" edition="rc1"/>
+        <vers num="2.3.0" edition="rc2"/>
+        <vers num="2.4.0" edition="rc1"/>
+        <vers prev="1" num="2.5.0" edition="rc1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1884" published="2014-03-02" name="CVE-2014-1884" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.internetsociety.org/ndss2014/programme#session3" source="MISC">http://www.internetsociety.org/ndss2014/programme#session3</ref>
+      <ref url="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" source="MISC">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</ref>
+      <ref url="http://seclists.org/bugtraq/2014/Jan/96" source="BUGTRAQ" adv="1">20140124 Security Vulnerabilities in Apache Cordova / PhoneGap</ref>
+      <ref url="http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt" source="MISC">http://packetstormsecurity.com/files/124954/apachecordovaphonegap-bypass.txt</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/07/9" source="MLIST">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="adobe" name="phonegap">
+        <vers num="2.0.0" edition="rc1"/>
+        <vers num="2.1.0"/>
+        <vers num="2.2.0" edition="rc1"/>
+        <vers num="2.2.0" edition="rc2"/>
+        <vers num="2.3.0" edition="rc1"/>
+        <vers num="2.3.0" edition="rc2"/>
+        <vers num="2.4.0" edition="rc1"/>
+        <vers num="2.5.0" edition="rc1"/>
+        <vers num="2.6.0" edition="rc1"/>
+        <vers num="2.7.0" edition="rc1"/>
+        <vers num="2.8.0"/>
+        <vers num="2.8.1"/>
+        <vers prev="1" num="2.9.0" edition="rc1"/>
+      </prod>
+      <prod vendor="apache" name="cordova">
+        <vers num="3.0.0" edition="rc1"/>
+        <vers num="3.1.0" edition="rc1"/>
+        <vers num="3.2.0" edition="rc1"/>
+        <vers prev="1" num="3.3.0" edition="rc1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1885" published="2014-03-02" name="CVE-2014-1885" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:P)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.internetsociety.org/ndss2014/programme#session3" source="MISC">http://www.internetsociety.org/ndss2014/programme#session3</ref>
+      <ref url="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" source="MISC">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/07/9" source="MLIST">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="hsgroup" name="forzearmate">
+        <vers num="-" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1886" published="2014-03-02" name="CVE-2014-1886" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.internetsociety.org/ndss2014/programme#session3" source="MISC">http://www.internetsociety.org/ndss2014/programme#session3</ref>
+      <ref url="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" source="MISC">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/07/9" source="MLIST">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="edinburghtour" name="edinburgh_by_bus">
+        <vers num="-" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1887" published="2014-03-02" name="CVE-2014-1887" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated by (1) freelifetimecheating.com and (2) www.babesroulette.com.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.internetsociety.org/ndss2014/programme#session3" source="MISC">http://www.internetsociety.org/ndss2014/programme#session3</ref>
+      <ref url="http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf" source="MISC">http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/07/9" source="MLIST">[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="drinkedin" name="drinkedin_barfinder">
+        <vers num="-" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1888" published="2014-02-28" name="CVE-2014-1888" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details.  NOTE: this can be exploited without authentication by leveraging CVE-2014-1889.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91175" source="XF">buddypress-cve20141888-xss(91175)</ref>
+      <ref url="http://www.securityfocus.com/bid/65555" source="BID">65555</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531049/100/0/threaded" source="BUGTRAQ">20140213 Wordpress plugin Buddypress &lt;= 1.9.1 stored xss vulnerability</ref>
+      <ref url="http://secunia.com/advisories/56950" source="SECUNIA" adv="1">56950</ref>
+      <ref url="http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/125212/WordPress-Buddypress-1.9.1-Cross-Site-Scripting.html</ref>
+      <ref url="http://osvdb.org/103307" source="OSVDB">103307</ref>
+      <ref url="http://buddypress.org/2014/02/buddypress-1-9-2" source="CONFIRM" adv="1">http://buddypress.org/2014/02/buddypress-1-9-2</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="buddypress" name="buddypress_plugin">
+        <vers num="1.5"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.3.1"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.6"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.2"/>
+        <vers num="1.6.3"/>
+        <vers num="1.6.4"/>
+        <vers num="1.6.5"/>
+        <vers num="1.7"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.2"/>
+        <vers num="1.7.3"/>
+        <vers num="1.8"/>
+        <vers num="1.8.1"/>
+        <vers prev="1" num="1.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1891" published="2014-04-01" name="CVE-2014-1891" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:S/C:N/I:N/A:C)" CVSS_score="5.2" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="4.4" CVSS_base_score="5.2">
+    <desc>
+      <descript source="cve">Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/advisory-84.html" source="CONFIRM" patch="1" adv="1">http://xenbits.xen.org/xsa/advisory-84.html</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/10/8" source="MLIST">[oss-security] 20140210 Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/07/4" source="MLIST">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/07/12" source="MLIST">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" source="SUSE">SUSE-SU-2014:0446</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" source="SUSE">SUSE-SU-2014:0373</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" source="SUSE">SUSE-SU-2014:0372</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="3.2.0"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.3.0"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.4.0"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.4"/>
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="4.1.4"/>
+        <vers num="4.1.5"/>
+        <vers num="4.1.6.1"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers prev="1" num="4.3.0"/>
+        <vers num="4.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1892" published="2014-04-01" name="CVE-2014-1892" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:S/C:N/I:N/A:C)" CVSS_score="5.2" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="4.4" CVSS_base_score="5.2">
+    <desc>
+      <descript source="cve">Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/advisory-84.html" source="CONFIRM" patch="1" adv="1">http://xenbits.xen.org/xsa/advisory-84.html</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/10/8" source="MLIST">[oss-security] 20140210 Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/07/4" source="MLIST">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/07/12" source="MLIST">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" source="SUSE">SUSE-SU-2014:0446</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" source="SUSE">SUSE-SU-2014:0373</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" source="SUSE">SUSE-SU-2014:0372</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="3.3.0"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.4.0"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.4"/>
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="4.1.4"/>
+        <vers num="4.1.5"/>
+        <vers num="4.1.6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1893" published="2014-04-01" name="CVE-2014-1893" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:S/C:N/I:N/A:C)" CVSS_score="5.2" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="4.4" CVSS_base_score="5.2">
+    <desc>
+      <descript source="cve">Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/advisory-84.html" source="CONFIRM" patch="1" adv="1">http://xenbits.xen.org/xsa/advisory-84.html</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/10/8" source="MLIST">[oss-security] 20140210 Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/07/4" source="MLIST">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/07/12" source="MLIST">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" source="SUSE">SUSE-SU-2014:0446</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" source="SUSE">SUSE-SU-2014:0373</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" source="SUSE">SUSE-SU-2014:0372</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="3.2.0"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.3.0"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.4.0"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.4"/>
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="4.1.4"/>
+        <vers num="4.1.5"/>
+        <vers prev="1" num="4.1.6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1894" published="2014-04-01" name="CVE-2014-1894" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:S/C:N/I:N/A:C)" CVSS_score="5.2" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="4.4" CVSS_base_score="5.2">
+    <desc>
+      <descript source="cve">Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/advisory-84.html" source="CONFIRM" patch="1" adv="1">http://xenbits.xen.org/xsa/advisory-84.html</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/10/8" source="MLIST">[oss-security] 20140210 Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/07/4" source="MLIST">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/07/12" source="MLIST">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" source="SUSE">SUSE-SU-2014:0446</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" source="SUSE">SUSE-SU-2014:0373</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" source="SUSE">SUSE-SU-2014:0372</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.2.0"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.2"/>
+        <vers prev="1" num="3.2.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1895" published="2014-04-01" name="CVE-2014-1895" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:S/C:P/I:N/A:C)" CVSS_score="5.8" CVSS_impact_subscore="7.8" CVSS_exploit_subscore="4.4" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/advisory-85.html" source="CONFIRM" patch="1" adv="1">http://xenbits.xen.org/xsa/advisory-85.html</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/10/6" source="MLIST">[oss-security] 20140210 Xen Security Advisory 85 (CVE-2014-1895) - Off-by-one error in FLASK_AVC_CACHESTAT hypercall</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/07/12" source="MLIST">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" source="SUSE">SUSE-SU-2014:0373</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.3.0"/>
+        <vers num="4.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1896" published="2014-04-01" name="CVE-2014-1896" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="4.9" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="4.4" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/xsa86.patch" source="CONFIRM" patch="1">http://xenbits.xen.org/xsa/xsa86.patch</ref>
+      <ref url="http://xenbits.xen.org/xsa/advisory-86.html" source="CONFIRM" patch="1" adv="1">http://xenbits.xen.org/xsa/advisory-86.html</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/10/7" source="MLIST">[oss-security] 20140210 Xen Security Advisory 86 (CVE-2014-1896) - libvchan failure handling malicious ring indexes</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/07/12" source="MLIST">[oss-security] 20140207 Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" source="SUSE">SUSE-SU-2014:0373</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.3.0"/>
+        <vers num="4.3.1"/>
+        <vers num="4.4.0" edition="rc1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-1899" published="2014-05-02" name="CVE-2014-1899" modified="2014-05-02">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <refs>
+      <ref url="https://support.citrix.com/article/CTX140291" source="CONFIRM">https://support.citrix.com/article/CTX140291</ref>
+    </refs>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1903" published="2014-02-18" name="CVE-2014-1903" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531040/100/0/threaded" source="BUGTRAQ">20140211 [CVE-2014-1903] FreePBX 2.9 through 12 RCE</ref>
+      <ref url="http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice" source="CONFIRM">http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice</ref>
+      <ref url="http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html" source="MISC">http://packetstormsecurity.com/files/125215/FreePBX-2.9-Remote-Code-Execution.html</ref>
+      <ref url="http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html" source="MISC">http://packetstormsecurity.com/files/125166/FreePBX-2.x-Code-Execution.html</ref>
+      <ref url="http://osvdb.org/103240" source="OSVDB">103240</ref>
+      <ref url="http://issues.freepbx.org/browse/FREEPBX-7123" source="CONFIRM" adv="1">http://issues.freepbx.org/browse/FREEPBX-7123</ref>
+      <ref url="http://issues.freepbx.org/browse/FREEPBX-7117" source="CONFIRM" adv="1">http://issues.freepbx.org/browse/FREEPBX-7117</ref>
+      <ref url="http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429" source="CONFIRM">http://code.freepbx.org/changelog/FreePBX_SVN?cs=16429</ref>
+      <ref url="http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03" source="CONFIRM">http://code.freepbx.org/changelog/FreePBX_Framework?cs=a29382efeb293ef4f42aa9b841dfc8eabb2d1e03</ref>
+      <ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0111.html" source="FULLDISC">20140211 Re: Freepbx , php code execution exploit</ref>
+      <ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0097.html" source="FULLDISC">20140211 Freepbx , php code execution exploit</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="freepbx" name="freepbx">
+        <vers num="2.10"/>
+        <vers num="2.11"/>
+        <vers num="2.12"/>
+        <vers num="2.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1904" published="2014-03-20" name="CVE-2014-1904" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://jira.springsource.org/browse/SPR-11426" source="CONFIRM">https://jira.springsource.org/browse/SPR-11426</ref>
+      <ref url="https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485" source="CONFIRM">https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531422/100/0/threaded" source="BUGTRAQ">20140311 CVE-2014-1904 XSS when using Spring MVC</ref>
+      <ref url="http://www.gopivotal.com/security/cve-2014-1904" source="CONFIRM">http://www.gopivotal.com/security/cve-2014-1904</ref>
+      <ref url="http://secunia.com/advisories/57915" source="SECUNIA">57915</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0400.html" source="REDHAT">RHSA-2014:0400</ref>
+      <ref url="http://docs.spring.io/spring/docs/3.2.8.RELEASE/changelog.txt" source="CONFIRM" adv="1">http://docs.spring.io/spring/docs/3.2.8.RELEASE/changelog.txt</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="springsource" name="spring_framework">
+        <vers num="3.0.0" edition="m1"/>
+        <vers num="3.0.0" edition="m2"/>
+        <vers num="3.0.0" edition="m3"/>
+        <vers num="3.0.0" edition="m4"/>
+        <vers num="3.0.0" edition="rc1"/>
+        <vers num="3.0.0" edition="rc2"/>
+        <vers num="3.0.0" edition="rc3"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.2.0"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers prev="1" num="3.2.7"/>
+        <vers num="4.0.0" edition="m1"/>
+        <vers num="4.0.0" edition="m2"/>
+        <vers num="4.0.0" edition="rc1"/>
+        <vers prev="1" num="4.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1906" published="2014-03-06" name="CVE-2014-1906" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23199" source="MISC">https://www.htbridge.com/advisory/HTB23199</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91477" source="XF">videowhisper-cve20141906-xss(91477)</ref>
+      <ref url="http://packetstormsecurity.com/files/125454" source="MISC">http://packetstormsecurity.com/files/125454</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="videowhisper" name="live_streaming_integration_plugin">
+        <vers num="1.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.1"/>
+        <vers num="2.2"/>
+        <vers num="4.05"/>
+        <vers num="4.07"/>
+        <vers num="4.25"/>
+        <vers num="4.25.3"/>
+        <vers num="4.27"/>
+        <vers num="4.27.3"/>
+        <vers prev="1" num="4.27.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1907" published="2014-03-06" name="CVE-2014-1907" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:P)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23199" source="MISC">https://www.htbridge.com/advisory/HTB23199</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91478" source="XF">videowhisper-cve20141907-dir-trav(91478)</ref>
+      <ref url="http://packetstormsecurity.com/files/125454" source="MISC">http://packetstormsecurity.com/files/125454</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="videowhisper" name="live_streaming_integration_plugin">
+        <vers num="1.0.2"/>
+        <vers num="2.0"/>
+        <vers num="2.1"/>
+        <vers num="2.2"/>
+        <vers num="4.05"/>
+        <vers num="4.07"/>
+        <vers num="4.25"/>
+        <vers num="4.25.3"/>
+        <vers num="4.27"/>
+        <vers num="4.27.3"/>
+        <vers prev="1" num="4.27.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1910" published="2014-02-21" name="CVE-2014-1910" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.citrix.com/article/CTX140303" source="CONFIRM" patch="1" adv="1">http://support.citrix.com/article/CTX140303</ref>
+      <ref url="http://www.securitytracker.com/id/1029791" source="SECTRACK">1029791</ref>
+      <ref url="http://secunia.com/advisories/57020" source="SECUNIA" adv="1">57020</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="citrix" name="sharefile_mobile">
+        <vers prev="1" num="2.4" edition=":~~~android~~"/>
+      </prod>
+      <prod vendor="citrix" name="sharefile_mobile_for_tablets">
+        <vers prev="1" num="2.4" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1911" published="2014-03-06" name="CVE-2014-1911" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:N/A:N)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The Foscam FI8910W camera with firmware before 11.37.2.55 allows remote attackers to obtain sensitive video and image data via a blank username and password.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/525132" source="CERT-VN">VU#525132</ref>
+      <ref url="http://foscam.us/forum/mjpeg-54-firmware-bug-user-logon-bypass-t8442.html" source="CONFIRM" adv="1">http://foscam.us/forum/mjpeg-54-firmware-bug-user-logon-bypass-t8442.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="foscam" name="fi8919w">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="foscam" name="fi8919w_firmware">
+        <vers prev="1" num="11.37.2.54"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1912" published="2014-02-28" name="CVE-2014-1912" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://bugs.python.org/issue20246" source="CONFIRM" patch="1">http://bugs.python.org/issue20246</ref>
+      <ref url="https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/" source="MISC">https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2125-1" source="UBUNTU">USN-2125-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029831" source="SECTRACK">1029831</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/12/16" source="MLIST">[oss-security] 20140212 Re: CVE request? buffer overflow in socket.recvfrom_into</ref>
+      <ref url="http://www.exploit-db.com/exploits/31875" source="EXPLOIT-DB">31875</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2880" source="DEBIAN">DSA-2880</ref>
+      <ref url="http://pastebin.com/raw.php?i=GHXSmNEg" source="MISC">http://pastebin.com/raw.php?i=GHXSmNEg</ref>
+      <ref url="http://hg.python.org/cpython/rev/87673659d8f7" source="CONFIRM">http://hg.python.org/cpython/rev/87673659d8f7</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="python" name="python">
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.150"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="2.5.6"/>
+        <vers num="2.6"/>
+        <vers num="2.6.1"/>
+        <vers num="2.6.2"/>
+        <vers num="2.6.2150"/>
+        <vers num="2.6.3"/>
+        <vers num="2.6.4"/>
+        <vers num="2.6.5"/>
+        <vers num="2.6.6"/>
+        <vers num="2.6.6150"/>
+        <vers num="2.6.7"/>
+        <vers num="2.6.8"/>
+        <vers num="2.7"/>
+        <vers num="2.7.1" edition="rc1"/>
+        <vers num="2.7.1150" edition=":~~~~x64~"/>
+        <vers num="2.7.2" edition="rc1"/>
+        <vers num="2.7.2150"/>
+        <vers num="2.7.3"/>
+        <vers num="2.7.4"/>
+        <vers num="2.7.5"/>
+        <vers num="2.7.6"/>
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.2150" edition=":~~~~x64~"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.2" edition="alpha"/>
+        <vers num="3.2.0"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.2150"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.3" edition="beta2"/>
+        <vers num="3.3.0"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.4" edition="alpha1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1914" published="2014-02-07" name="CVE-2014-1914" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to sw/chat/message.php.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90179" source="XF">commandschool-message-xss(90179)</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/90178" source="XF">commandschool-addtopic-xss(90178)</ref>
+      <ref url="http://www.securityfocus.com/bid/64707" source="BID">64707</ref>
+      <ref url="http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html" source="MISC">http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html</ref>
+      <ref url="http://osvdb.org/101892" source="OSVDB">101892</ref>
+      <ref url="http://osvdb.org/101891" source="OSVDB">101891</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="doug_poulin" name="command_school_student_management_system">
+        <vers num="1.06.01"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1915" published="2014-02-07" name="CVE-2014-1915" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php.  NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/64707" source="BID">64707</ref>
+      <ref url="http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html" source="MISC">http://packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html</ref>
+      <ref url="http://osvdb.org/101890" source="OSVDB">101890</ref>
+      <ref url="http://osvdb.org/101889" source="OSVDB">101889</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="doug_poulin" name="command_school_student_management_system">
+        <vers num="1.06.01"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1916" published="2014-02-07" name="CVE-2014-1916" modified="2014-02-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_frame functions in the client in MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d and Mumble for iOS 1.1 through 1.2.2 do not properly check the return value of the copyDataBlock method, which allow remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted length prefix value in an Opus voice packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://osvdb.org/102957" source="OSVDB">102957</ref>
+      <ref url="http://mumble.info/security/Mumble-SA-2014-003.txt" source="CONFIRM" adv="1">http://mumble.info/security/Mumble-SA-2014-003.txt</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="light_speed_gaming" name="mumble">
+        <vers num="1.1" edition=":~~~iphone_os~~"/>
+        <vers num="1.1" edition="rc1:~~~iphone_os~~"/>
+        <vers num="1.1.1" edition=":~~~iphone_os~~"/>
+        <vers num="1.2" edition=":~~~iphone_os~~"/>
+        <vers num="1.2.1" edition=":~~~iphone_os~~"/>
+        <vers num="1.2.2" edition=":~~~iphone_os~~"/>
+      </prod>
+      <prod vendor="light_speed_gaming" name="mumblekit">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1921" published="2014-02-14" name="CVE-2014-1921" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://gaffer.ptitcanardnoir.org/intrigeri/files/parcimonie/App-Parcimonie-0.8.1.tar.gz" source="CONFIRM" patch="1">https://gaffer.ptitcanardnoir.org/intrigeri/files/parcimonie/App-Parcimonie-0.8.1.tar.gz</ref>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738134" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738134</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91118" source="XF">parcimonie-cve20141921-info-disc(91118)</ref>
+      <ref url="http://www.securityfocus.com/bid/65505" source="BID">65505</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2860" source="DEBIAN">DSA-2860</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/308" source="MLIST">[oss-security] 20140210 Re: CVE request: parcimonie (0.6 to 0.8, included) possible correlation between key fetches</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/305" source="MLIST">[oss-security] 20140210 CVE request: parcimonie (0.6 to 0.8, included) possible correlation between key fetches</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="parcimonie_project" name="parcimonie">
+        <vers num="0.6-1"/>
+        <vers num="0.6-3"/>
+        <vers num="0.7-1"/>
+        <vers prev="1" num="0.7.1-1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1930" published="2014-02-10" name="CVE-2014-1930" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/566894" source="CERT-VN">VU#566894</ref>
+      <ref url="http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details" source="CONFIRM" adv="1">http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details</ref>
+      <ref url="http://www.securityfocus.com/bid/65305" source="BID">65305</ref>
+      <ref url="http://osvdb.org/102815" source="OSVDB">102815</ref>
+      <ref url="http://osvdb.org/102814" source="OSVDB">102814</ref>
+      <ref url="http://jvn.jp/vu/JVNVU97441356/index.html" source="MISC">http://jvn.jp/vu/JVNVU97441356/index.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="visibility_software" name="cyber_recruiter">
+        <vers num="6.2"/>
+        <vers num="6.4"/>
+        <vers num="6.6"/>
+        <vers num="6.8"/>
+        <vers num="7.0"/>
+        <vers num="7.2"/>
+        <vers prev="1" num="8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1931" published="2014-02-10" name="CVE-2014-1931" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related information via a series of requests.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details" source="CONFIRM" adv="1">http://www.vspublic.com/help/Cyber%20Recruiter/default.aspx?pageid=release_details</ref>
+      <ref url="http://www.securityfocus.com/bid/65564" source="BID">65564</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="visibility_software" name="cyber_recruiter">
+        <vers num="6.2"/>
+        <vers num="6.4"/>
+        <vers num="6.6"/>
+        <vers num="6.8"/>
+        <vers num="7.0"/>
+        <vers num="7.2"/>
+        <vers prev="1" num="8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1932" published="2014-04-17" name="CVE-2014-1932" modified="2014-04-18" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="4.4" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.4" CVSS_base_score="4.4">
+    <desc>
+      <descript source="cve">The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7" source="CONFIRM" patch="1">https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7</ref>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2168-1" source="UBUNTU">USN-2168-1</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/11/1" source="MLIST">[oss-security] 20140210 Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="python" name="pillow">
+        <vers prev="1" num="2.3.0"/>
+      </prod>
+      <prod vendor="pythonware" name="python_imaging_library">
+        <vers prev="1" num="1.1.7"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1933" published="2014-04-17" name="CVE-2014-1933" modified="2014-04-18" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7" source="CONFIRM" patch="1">https://github.com/python-imaging/Pillow/commit/4e9f367dfd3f04c8f5d23f7f759ec12782e10ee7</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2168-1" source="UBUNTU">USN-2168-1</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/11/1" source="MLIST">[oss-security] 20140210 Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/10/15" source="MLIST">[oss-security] 20140210 CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="python" name="pillow">
+        <vers prev="1" num="2.3.0"/>
+      </prod>
+      <prod vendor="pythonware" name="python_imaging_library">
+        <vers prev="1" num="1.1.7"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1939" published="2014-03-02" name="CVE-2014-1939" modified="2014-03-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/11/2" source="MLIST">[oss-security] 20140210 CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean</ref>
+      <ref url="http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html" source="CONFIRM">http://blog.chromium.org/2013/11/introducing-chromium-powered-android.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="google" name="android">
+        <vers num="4.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.3"/>
+        <vers prev="1" num="4.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1942" published="2014-04-01" name="CVE-2014-1942" modified="2014-04-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/163188" source="CERT-VN">VU#163188</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="pearson" name="esis_enterprise_student_information_system">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1943" published="2014-02-18" name="CVE-2014-1943" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/glensc/file/blob/FILE5_17/ChangeLog" source="CONFIRM">https://github.com/glensc/file/blob/FILE5_17/ChangeLog</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2126-1" source="UBUNTU">USN-2126-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2123-1" source="UBUNTU">USN-2123-1</ref>
+      <ref url="http://www.php.net/ChangeLog-5.php" source="CONFIRM">http://www.php.net/ChangeLog-5.php</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2868" source="DEBIAN">DSA-2868</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2861" source="DEBIAN">DSA-2861</ref>
+      <ref url="http://mx.gw.com/pipermail/file/2014/001337.html" source="MLIST">[file] 20140213 segfault in magic_buffer</ref>
+      <ref url="http://mx.gw.com/pipermail/file/2014/001334.html" source="MLIST">[file] 20140211 segfault in magic_buffer</ref>
+      <ref url="http://mx.gw.com/pipermail/file/2014/001330.html" source="MLIST">[file] 20140211 segfault in magic_buffer</ref>
+      <ref url="http://mx.gw.com/pipermail/file/2014/001327.html" source="MLIST">[file] 20142010 segfault in magic_buffer</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html" source="SUSE">openSUSE-SU-2014:0367</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html" source="SUSE">openSUSE-SU-2014:0364</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="fine_free_file_project" name="fine_free_file">
+        <vers num="5.0"/>
+        <vers num="5.1"/>
+        <vers num="5.10"/>
+        <vers num="5.11"/>
+        <vers num="5.12"/>
+        <vers num="5.13"/>
+        <vers num="5.14"/>
+        <vers num="5.15"/>
+        <vers prev="1" num="5.16"/>
+        <vers num="5.2"/>
+        <vers num="5.3"/>
+        <vers num="5.4"/>
+        <vers num="5.7"/>
+        <vers num="5.8"/>
+        <vers num="5.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1944" published="2014-03-09" name="CVE-2014-1944" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/IlchCMS/Ilch-2.0/commit/381e15f39d07d3cdf6aaaa25c0f2321f817935f7" source="CONFIRM" patch="1">https://github.com/IlchCMS/Ilch-2.0/commit/381e15f39d07d3cdf6aaaa25c0f2321f817935f7</ref>
+      <ref url="https://www.htbridge.com/advisory/HTB23203" source="MISC">https://www.htbridge.com/advisory/HTB23203</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91538" source="XF">ilchcms-cve20141944-xss(91538)</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531350/100/0/threaded" source="BUGTRAQ">20140305 Cross-Site Scripting (XSS) in Ilch CMS</ref>
+      <ref url="http://www.exploit-db.com/exploits/32076" source="EXPLOIT-DB">32076</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ilch" name="ilch_cms">
+        <vers prev="1" num="2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1945" published="2014-03-09" name="CVE-2014-1945" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.opendocman.com/opendocman-v1-2-7-2-released" source="MISC" patch="1" adv="1">http://www.opendocman.com/opendocman-v1-2-7-2-released</ref>
+      <ref url="http://www.opendocman.com/opendocman-v1-2-7-1-release" source="MISC" patch="1" adv="1">http://www.opendocman.com/opendocman-v1-2-7-1-release</ref>
+      <ref url="https://www.htbridge.com/advisory/HTB23202" source="MISC">https://www.htbridge.com/advisory/HTB23202</ref>
+      <ref url="http://www.securityfocus.com/bid/65775" source="BID">65775</ref>
+      <ref url="http://secunia.com/advisories/56189" source="SECUNIA" adv="1">56189</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="opendocman" name="opendocman">
+        <vers num="1.2.6.2" edition="-"/>
+        <vers num="1.2.6.2" edition="a"/>
+        <vers num="1.2.6.2" edition="b"/>
+        <vers num="1.2.6.3" edition="-"/>
+        <vers num="1.2.6.3" edition="a"/>
+        <vers num="1.2.6.5"/>
+        <vers num="1.2.6.6"/>
+        <vers num="1.2.6.7" edition="-"/>
+        <vers num="1.2.6.7" edition="beta"/>
+        <vers num="1.2.6.8"/>
+        <vers num="1.2.7"/>
+        <vers prev="1" num="1.2.7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1948" published="2014-02-14" name="CVE-2014-1948" modified="2014-03-08" CVSS_version="2.0" CVSS_vector="(AV:L/AC:H/Au:N/C:P/I:P/A:N)" CVSS_score="2.6" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="1.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugs.launchpad.net/glance/+bug/1275062" source="CONFIRM">https://bugs.launchpad.net/glance/+bug/1275062</ref>
+      <ref url="http://www.securityfocus.com/bid/65507" source="BID">65507</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/12/18" source="MLIST">[oss-security] 20140212 [OSSA 2014-004] Glance Swift store backend password leak  (CVE-2014-1948)</ref>
+      <ref url="http://secunia.com/advisories/56419" source="SECUNIA">56419</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0229.html" source="REDHAT">RHSA-2014:0229</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openstack" name="image_registry_and_delivery_service_(glance)">
+        <vers num="2013.2"/>
+        <vers num="2013.2.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1950" published="2014-02-14" name="CVE-2014-1950" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause a denial of service (heap corruption) and possibly gain privileges via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/advisory-88.html" source="CONFIRM" adv="1">http://xenbits.xen.org/xsa/advisory-88.html</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/12/17" source="MLIST">[oss-security] 20140212 Xen Security Advisory 88 (CVE-2014-1950) - use-after-free in xc_cpupool_getinfo() under memory pressure</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html" source="SUSE">SUSE-SU-2014:0373</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html" source="SUSE">SUSE-SU-2014:0372</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="4.1.4"/>
+        <vers num="4.1.5"/>
+        <vers num="4.1.6.1"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.3.0"/>
+        <vers num="4.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1955" published="2014-04-30" name="CVE-2014-1955" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.fortiguard.com/advisory/FG-IR-13-009/" source="CONFIRM" adv="1">http://www.fortiguard.com/advisory/FG-IR-13-009/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="fortinet" name="fortiweb">
+        <vers prev="1" num="5.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1956" published="2014-04-30" name="CVE-2014-1956" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.</descript>
+      <descript source="nvd">CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') "http://cwe.mitre.org/data/definitions/113.html"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.fortiguard.com/advisory/FG-IR-13-009/" source="CONFIRM" adv="1">http://www.fortiguard.com/advisory/FG-IR-13-009/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="fortinet" name="fortiweb">
+        <vers prev="1" num="5.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1957" published="2014-04-30" name="CVE-2014-1957" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+      <sec_prot user="1"/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.fortiguard.com/advisory/FG-IR-13-009/" source="CONFIRM" adv="1">http://www.fortiguard.com/advisory/FG-IR-13-009/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="fortinet" name="fortiweb">
+        <vers prev="1" num="5.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1959" published="2014-03-06" name="CVE-2014-1959" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c" source="CONFIRM" patch="1">https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2121-1" source="UBUNTU">USN-2121-1</ref>
+      <ref url="http://www.gnutls.org/security.html" source="CONFIRM" adv="1">http://www.gnutls.org/security.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2866" source="DEBIAN">DSA-2866</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/345" source="MLIST">[oss-security] 20140213 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/344" source="MLIST">[oss-security] 20140213 CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="gnu" name="gnutls">
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.12"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.18"/>
+        <vers num="3.1.19"/>
+        <vers num="3.1.2"/>
+        <vers prev="1" num="3.1.20"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.2.0"/>
+        <vers num="3.2.1"/>
+        <vers prev="1" num="3.2.10"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.8.1"/>
+        <vers num="3.2.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1960" published="2014-02-14" name="CVE-2014-1960" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1828885" source="CONFIRM">https://service.sap.com/sap/support/notes/1828885</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91093" source="XF">netweaver-solution-info-disc(91093)</ref>
+      <ref url="http://secunia.com/advisories/56942" source="SECUNIA" adv="1">56942</ref>
+      <ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
+      <ref url="http://erpscan.com/advisories/erpscan-14-004-sap-netweaver-solution-manager-missing-authorization-check-information-disclosure/" source="MISC">http://erpscan.com/advisories/erpscan-14-004-sap-netweaver-solution-manager-missing-authorization-check-information-disclosure/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="netweaver">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="sap" name="netweaver_solution_manager">
+        <vers num="7.0"/>
+        <vers num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1961" published="2014-02-14" name="CVE-2014-1961" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1852146" source="CONFIRM">https://service.sap.com/sap/support/notes/1852146</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91096" source="XF">netweaver-webdyn-path-disclosure(91096)</ref>
+      <ref url="http://secunia.com/advisories/56947" source="SECUNIA" adv="1">56947</ref>
+      <ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
+      <ref url="http://erpscan.com/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure/" source="MISC">http://erpscan.com/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="netweaver">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1962" published="2014-02-14" name="CVE-2014-1962" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1917054" source="CONFIRM">https://service.sap.com/sap/support/notes/1917054</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91098" source="XF">sap-crm-info-disc(91098)</ref>
+      <ref url="http://secunia.com/advisories/56944" source="SECUNIA" adv="1">56944</ref>
+      <ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
+      <ref url="http://erpscan.com/advisories/erpscan-14-003-sap-crm-gwsync-xxe/" source="MISC">http://erpscan.com/advisories/erpscan-14-003-sap-crm-gwsync-xxe/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="customer_relationship_management">
+        <vers num="7.02" edition="ehp2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1963" published="2014-02-14" name="CVE-2014-1963" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1773912" source="CONFIRM">https://service.sap.com/sap/support/notes/1773912</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91097" source="XF">netweaver-message-server-dos(91097)</ref>
+      <ref url="http://secunia.com/advisories/56947" source="SECUNIA" adv="1">56947</ref>
+      <ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
+      <ref url="http://erpscan.com/advisories/erpscan-14-001-sap-netweaver-message-server-dos/" source="MISC">http://erpscan.com/advisories/erpscan-14-001-sap-netweaver-message-server-dos/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="netweaver">
+        <vers num="7.20"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1964" published="2014-02-14" name="CVE-2014-1964" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1788080" source="CONFIRM">https://service.sap.com/sap/support/notes/1788080</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91095" source="XF">netweaver-dir-xss(91095)</ref>
+      <ref url="http://secunia.com/advisories/56947" source="SECUNIA">56947</ref>
+      <ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
+      <ref url="http://erpscan.com/advisories/erpscan-14-005-sap-netweaver-dir-error-xss/" source="MISC">http://erpscan.com/advisories/erpscan-14-005-sap-netweaver-dir-error-xss/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="netweaver">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="sap" name="netweaver_exchange_infrastructure_(bc-xi)">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1965" published="2014-02-14" name="CVE-2014-1965" modified="2014-02-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1442517" source="CONFIRM">https://service.sap.com/sap/support/notes/1442517</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91094" source="XF">netweaver-ispeakadapter-xss(91094)</ref>
+      <ref url="http://www.stechno.net/sap-notes.html?view=sapnote&amp;id=1442517" source="MISC">http://www.stechno.net/sap-notes.html?view=sapnote&amp;id=1442517</ref>
+      <ref url="http://secunia.com/advisories/56947" source="SECUNIA" adv="1">56947</ref>
+      <ref url="http://erpscan.com/advisories/erpscan-14-006-sap-netweaver-pip-xss/" source="MISC">http://erpscan.com/advisories/erpscan-14-006-sap-netweaver-pip-xss/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="netweaver">
+        <vers num="3.0"/>
+        <vers num="7.0"/>
+        <vers num="7.01"/>
+        <vers num="7.02"/>
+        <vers num="7.10"/>
+        <vers num="7.11"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1966" published="2014-02-23" name="CVE-2014-1966" modified="2014-02-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-051-03" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-051-03</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892342.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892342.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="ruggedcom_rugged_operating_system">
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.2"/>
+        <vers num="3.2.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.5"/>
+        <vers num="3.9.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1967" published="2014-02-26" name="CVE-2014-1967" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://play.google.com/store/apps/details?id=jp.denimoba" source="CONFIRM">https://play.google.com/store/apps/details?id=jp.denimoba</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000022" source="JVNDB">JVNDB-2014-000022</ref>
+      <ref url="http://jvn.jp/en/jp/JVN48810179/index.html" source="JVN">JVN#48810179</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="7andi-fs.co" name="denny's">
+        <vers num="1.0.1" edition=":~~~android~~"/>
+        <vers num="1.0.2" edition=":~~~android~~"/>
+        <vers prev="1" num="2.0.0" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1968" published="2014-02-26" name="CVE-2014-1968" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xoonips.sourceforge.jp" source="CONFIRM" patch="1">http://xoonips.sourceforge.jp</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000025" source="JVNDB">JVNDB-2014-000025</ref>
+      <ref url="http://jvn.jp/en/jp/JVN87797318/index.html" source="JVN">JVN#87797318</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="riken" name="xoonips">
+        <vers num="3.40" edition=":~~~xoops~~"/>
+        <vers num="3.41" edition=":~~~xoops~~"/>
+        <vers num="3.42" edition=":~~~xoops~~"/>
+        <vers num="3.43" edition=":~~~xoops~~"/>
+        <vers num="3.44" edition=":~~~xoops~~"/>
+        <vers num="3.45" edition=":~~~xoops~~"/>
+        <vers num="3.46" edition=":~~~xoops~~"/>
+        <vers prev="1" num="3.47" edition=":~~~xoops~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1969" published="2014-04-11" name="CVE-2014-1969" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000035" source="JVNDB">JVNDB-2014-000035</ref>
+      <ref url="http://jvn.jp/en/jp/JVN47386847/index.html" source="JVN">JVN#47386847</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apps4u@android" name="sd_card_manager">
+        <vers prev="1" num="20140223" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1970" published="2014-03-20" name="CVE-2014-1970" modified="2014-03-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000033" source="JVNDB">JVNDB-2014-000033</ref>
+      <ref url="http://jvn.jp/en/jp/JVN70029459/index.html" source="JVN">JVN#70029459</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="estrongs" name="es_file_explorer">
+        <vers num="1.6.0.2" edition=":~~~android~~"/>
+        <vers num="1.6.1.1" edition=":~~~android~~"/>
+        <vers prev="1" num="3.0.0" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1971" published="2014-03-20" name="CVE-2014-1971" modified="2014-03-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/silexlabs/Silex/blob/master/docs/change-log.md" source="MISC">https://github.com/silexlabs/Silex/blob/master/docs/change-log.md</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000032" source="JVNDB">JVNDB-2014-000032</ref>
+      <ref url="http://jvn.jp/en/jp/JVN14282890/index.html" source="JVN">JVN#14282890</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="silexlabs" name="silex">
+        <vers prev="1" num="2.0.0" edition="alpha5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1974" published="2014-04-19" name="CVE-2014-1974" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:P)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the LYSESOFT AndExplorer application before 20140403 and AndExplorerPro application before 20140405 for Android allows attackers to overwrite or create arbitrary files via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://play.google.com/store/apps/details?id=lysesoft.andexplorerpro" source="CONFIRM">https://play.google.com/store/apps/details?id=lysesoft.andexplorerpro</ref>
+      <ref url="https://play.google.com/store/apps/details?id=lysesoft.andexplorer" source="CONFIRM">https://play.google.com/store/apps/details?id=lysesoft.andexplorer</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000037" source="JVNDB">JVNDB-2014-000037</ref>
+      <ref url="http://jvn.jp/en/jp/JVN22670349/index.html" source="JVN">JVN#22670349</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="lyesoft" name="andexplorer">
+        <vers num="1.0" edition=":~~professional~android~~"/>
+        <vers num="1.0" edition=":~~~android~~"/>
+        <vers num="1.1" edition=":~~professional~android~~"/>
+        <vers num="1.1" edition=":~~~android~~"/>
+        <vers num="1.2" edition=":~~professional~android~~"/>
+        <vers num="1.2" edition=":~~~android~~"/>
+        <vers num="1.3" edition=":~~professional~android~~"/>
+        <vers num="1.3" edition=":~~~android~~"/>
+        <vers num="1.4" edition=":~~~android~~"/>
+        <vers num="1.4" edition=":~~professional~android~~"/>
+        <vers num="1.5" edition=":~~professional~android~~"/>
+        <vers num="1.5" edition=":~~~android~~"/>
+        <vers num="1.6" edition=":~~professional~android~~"/>
+        <vers num="1.6" edition=":~~~android~~"/>
+        <vers num="1.7" edition=":~~professional~android~~"/>
+        <vers num="1.7" edition=":~~~android~~"/>
+        <vers num="1.8" edition=":~~professional~android~~"/>
+        <vers num="1.8" edition=":~~~android~~"/>
+        <vers num="1.9" edition=":~~professional~android~~"/>
+        <vers num="1.9" edition=":~~~android~~"/>
+        <vers num="2.0" edition=":~~professional~android~~"/>
+        <vers num="2.1" edition=":~~~android~~"/>
+        <vers num="2.1" edition=":~~professional~android~~"/>
+        <vers num="2.2" edition=":~~~android~~"/>
+        <vers num="2.2" edition=":~~professional~android~~"/>
+        <vers num="2.3" edition=":~~~android~~"/>
+        <vers num="2.3" edition=":~~professional~android~~"/>
+        <vers num="2.4" edition=":~~~android~~"/>
+        <vers num="2.4" edition=":~~professional~android~~"/>
+        <vers num="2.5" edition=":~~~android~~"/>
+        <vers num="3.0" edition=":~~~android~~"/>
+        <vers num="3.0" edition=":~~professional~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1975" published="2014-03-18" name="CVE-2014-1975" modified="2014-03-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the R-Company Unzipper application 1.0.1 and earlier for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://play.google.com/store/apps/details?id=org.rhorita777.unzipper" source="CONFIRM">https://play.google.com/store/apps/details?id=org.rhorita777.unzipper</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000031" source="JVNDB">JVNDB-2014-000031</ref>
+      <ref url="http://jvn.jp/en/jp/JVN38227002/index.html" source="JVN">JVN#38227002</ref>
+      <ref url="http://jvn.jp/en/jp/JVN38227002/995495/index.html" source="CONFIRM">http://jvn.jp/en/jp/JVN38227002/995495/index.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="r-company" name="unzipper">
+        <vers num="1.0.0" edition=":~~~android~~"/>
+        <vers prev="1" num="1.0.1" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1976" published="2014-03-18" name="CVE-2014-1976" modified="2014-03-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://play.google.com/store/apps/details?id=com.demaecan.androidapp" source="MISC">https://play.google.com/store/apps/details?id=com.demaecan.androidapp</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000030" source="JVNDB">JVNDB-2014-000030</ref>
+      <ref url="http://jvn.jp/en/jp/JVN16263849/index.html" source="JVN">JVN#16263849</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="yumenomachi" name="demaecan">
+        <vers num="2.0.0" edition=":~~~android~~"/>
+        <vers prev="1" num="2.1.0" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1977" published="2014-03-19" name="CVE-2014-1977" modified="2014-03-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000027" source="JVNDB">JVNDB-2014-000027</ref>
+      <ref url="http://jvn.jp/en/jp/JVN81739241/index.html" source="JVN">JVN#81739241</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="nttdocomo" name="spmode_mail_android">
+        <vers num="2546"/>
+        <vers num="2631"/>
+        <vers num="3000"/>
+        <vers num="3100"/>
+        <vers num="3200"/>
+        <vers num="3300"/>
+        <vers num="3400"/>
+        <vers num="4000"/>
+        <vers num="4200"/>
+        <vers num="4300"/>
+        <vers num="4400"/>
+        <vers num="4500"/>
+        <vers num="4600"/>
+        <vers num="4700"/>
+        <vers num="4800"/>
+        <vers num="4900"/>
+        <vers num="5000"/>
+        <vers num="5100"/>
+        <vers num="5200"/>
+        <vers num="5300"/>
+        <vers num="5400"/>
+        <vers num="5500"/>
+        <vers num="5550"/>
+        <vers prev="1" num="6300" edition=":~~~android~~"/>
+        <vers prev="1" num="6700" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1978" published="2014-03-19" name="CVE-2014-1978" modified="2014-03-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000028" source="JVNDB">JVNDB-2014-000028</ref>
+      <ref url="http://jvn.jp/en/jp/JVN05951929/index.html" source="JVN">JVN#05951929</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="nttdocomo" name="spmode_mail_android">
+        <vers num="6100" edition=":~~~android~~"/>
+        <vers num="6130" edition=":~~~android~~"/>
+        <vers num="6300" edition=":~~~android~~"/>
+        <vers num="6700" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1979" published="2014-03-19" name="CVE-2014-1979" modified="2014-03-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000029" source="JVNDB">JVNDB-2014-000029</ref>
+      <ref url="http://jvn.jp/en/jp/JVN89260331/index.html" source="JVN">JVN#89260331</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="nttdocomo" name="spmode_mail_android">
+        <vers num="5900" edition=":~~~android~~"/>
+        <vers num="6000" edition=":~~~android~~"/>
+        <vers num="6200" edition=":~~~android~~"/>
+        <vers num="6300" edition=":~~~android~~"/>
+        <vers num="6620" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1982" published="2014-03-31" name="CVE-2014-1982" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.exploit-db.com/exploits/32545" source="EXPLOIT-DB">32545</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/340" source="FULLDISC">20140326 [GTA-2014-01] - Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell.</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="alliedtelesis" name="at-rg634a">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="alliedtelesis" name="img616lh">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="alliedtelesis" name="img624a">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="alliedtelesis" name="img646bd">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="alliedtelesis" name="at-rg634a_firmware">
+        <vers num="3.3+"/>
+      </prod>
+      <prod vendor="alliedtelesis" name="img616lh_firmware">
+        <vers num="+2.4"/>
+      </prod>
+      <prod vendor="alliedtelesis" name="img624a_firmware">
+        <vers num="3.5"/>
+      </prod>
+      <prod vendor="alliedtelesis" name="img646bd_firmware">
+        <vers num="3.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-1983" published="2014-04-19" name="CVE-2014-1983" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://cs.cybozu.co.jp/information/20130317notice01.php" source="CONFIRM" patch="1" adv="1">http://cs.cybozu.co.jp/information/20130317notice01.php</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000039" source="JVNDB">JVNDB-2014-000039</ref>
+      <ref url="http://jvn.jp/en/jp/JVN10319260/index.html" source="JVN">JVN#10319260</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cybozu" name="remote_service_manager">
+        <vers prev="1" num="2.3.0"/>
+        <vers prev="1" num="3.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1984" published="2014-04-19" name="CVE-2014-1984" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://cs.cybozu.co.jp/information/20130317notice02.php" source="CONFIRM" patch="1" adv="1">http://cs.cybozu.co.jp/information/20130317notice02.php</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000040" source="JVNDB">JVNDB-2014-000040</ref>
+      <ref url="http://jvn.jp/en/jp/JVN00058727/index.html" source="JVN">JVN#00058727</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cybozu" name="remote_service_manager">
+        <vers prev="1" num="2.3.0"/>
+        <vers prev="1" num="3.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1985" published="2014-04-11" name="CVE-2014-1985" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.redmine.org/projects/redmine/wiki/Security_Advisories" source="CONFIRM" patch="1">http://www.redmine.org/projects/redmine/wiki/Security_Advisories</ref>
+      <ref url="https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3" source="CONFIRM">https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3</ref>
+      <ref url="http://www.redmine.org/projects/redmine/wiki/Changelog_2_4" source="CONFIRM">http://www.redmine.org/projects/redmine/wiki/Changelog_2_4</ref>
+      <ref url="http://www.redmine.org/projects/redmine/wiki/Changelog" source="CONFIRM">http://www.redmine.org/projects/redmine/wiki/Changelog</ref>
+      <ref url="http://secunia.com/advisories/57524" source="SECUNIA" adv="1">57524</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/84" source="MLIST">[oss-security] 20140410 Re: CVE request: redmine open redirector</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="redmine" name="redmine">
+        <vers num="2.4.0"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers prev="1" num="2.4.4"/>
+        <vers num="2.5.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1986" published="2014-04-15" name="CVE-2014-1986" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://play.google.com/store/apps/details?id=jp.co.kokuyost.CamiApp" source="CONFIRM">https://play.google.com/store/apps/details?id=jp.co.kokuyost.CamiApp</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000036" source="JVNDB">JVNDB-2014-000036</ref>
+      <ref url="http://jvn.jp/en/jp/JVN55438786/index.html" source="JVN">JVN#55438786</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="kokuyo" name="camiapp">
+        <vers prev="1" num="1.21.1" edition=":~~~android~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-1988" published="2014-05-02" name="CVE-2014-1988" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:N/A:P)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://support.cybozu.com/ja-jp/article/8105" source="CONFIRM" adv="1">https://support.cybozu.com/ja-jp/article/8105</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000042" source="JVNDB">JVNDB-2014-000042</ref>
+      <ref url="http://jvn.jp/en/jp/JVN90519014/index.html" source="JVN">JVN#90519014</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cybozu" name="garoon">
+        <vers num="2.0.0"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.5.0"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="3.0.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.5.0"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.7" edition="sp1"/>
+        <vers num="3.7" edition="sp2"/>
+        <vers num="3.7.0"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1989" published="2014-05-02" name="CVE-2014-1989" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="6.0" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.8" CVSS_base_score="6.0">
+    <desc>
+      <descript source="cve">Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://support.cybozu.com/ja/article/5264" source="CONFIRM" adv="1">https://support.cybozu.com/ja/article/5264</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000043" source="JVNDB">JVNDB-2014-000043</ref>
+      <ref url="http://jvn.jp/en/jp/JVN31230946/index.html" source="JVN">JVN#31230946</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cybozu" name="garoon">
+        <vers num="3.0.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.5.0"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.7" edition="sp1"/>
+        <vers num="3.7" edition="sp2"/>
+        <vers num="3.7" edition="sp3"/>
+        <vers num="3.7.0"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-1990" published="2014-04-19" name="CVE-2014-1990" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authentication of administrators for requests that change passwords.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.toshibatec.co.jp/page.jsp?id=4224" source="CONFIRM">http://www.toshibatec.co.jp/page.jsp?id=4224</ref>
+      <ref url="http://jvndb.jvn.jp/jvndb/JVNDB-2014-000038" source="JVNDB">JVNDB-2014-000038</ref>
+      <ref url="http://jvn.jp/en/jp/JVN13313061/index.html" source="JVN">JVN#13313061</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="toshibatec" name="e-studio-232">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="toshibatec" name="e-studio-233">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="toshibatec" name="e-studio-282">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="toshibatec" name="e-studio-283">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2013" published="2014-03-03" name="CVE-2014-2013" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.hdwsec.fr/blog/mupdf.html" source="MISC">http://www.hdwsec.fr/blog/mupdf.html</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/375" source="MLIST">[oss-security] 20140218 Re: CVE request: MuPDF Stack-based Buffer Overflow in xps_parse_color()</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Jan/130" source="FULLDISC">20140120 0day - MuPDF Stack-based Buffer Overflow in xps_parse_color()</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-02/msg00088.html" source="SUSE">openSUSE-SU-2014:0309</ref>
+      <ref url="http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc" source="CONFIRM">http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc</ref>
+      <ref url="http://bugs.ghostscript.com/show_bug.cgi?id=694957" source="CONFIRM">http://bugs.ghostscript.com/show_bug.cgi?id=694957</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="artifex" name="mupdf">
+        <vers num="1.0"/>
+        <vers num="1.1"/>
+        <vers num="1.2"/>
+        <vers prev="1" num="1.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2014" published="2014-04-18" name="CVE-2014-2014" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://seclists.org/oss-sec/2014/q1/378" source="MLIST" patch="1">[oss-security] 20140218 Re: CVE request: "imapsync ignores the --tls switch and sends my authentication plaintext."</ref>
+      <ref url="https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128293.html" source="FEDORA">FEDORA-2014-2505</ref>
+      <ref url="https://github.com/imapsync/imapsync/issues/15" source="CONFIRM">https://github.com/imapsync/imapsync/issues/15</ref>
+      <ref url="https://bugs.mageia.org/show_bug.cgi?id=12770" source="CONFIRM">https://bugs.mageia.org/show_bug.cgi?id=12770</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:060" source="MANDRIVA">MDVSA-2014:060</ref>
+      <ref url="http://www.linux-france.org/prj/imapsync_list/msg01910.html" source="MLIST">[imapsync_list] 20140122 Re: [imapsync] Upon certificate issues STARTTLS is ignored and the password sent in plaintext (#15)</ref>
+      <ref url="http://www.linux-france.org/prj/imapsync_list/msg01907.html" source="MLIST">[imapsync_list] 20140120 Re: [imapsync] STARTTLS support (#15)</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/367" source="MLIST">[oss-security] 20140217 CVE request: "imapsync ignores the --tls switch and sends my authentication plaintext."</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="gilles_lamiral" name="imapsync">
+        <vers num="1.500"/>
+        <vers num="1.504"/>
+        <vers num="1.508"/>
+        <vers num="1.516"/>
+        <vers num="1.518"/>
+        <vers num="1.525"/>
+        <vers num="1.53"/>
+        <vers num="1.542"/>
+        <vers num="1.547"/>
+        <vers num="1.554"/>
+        <vers num="1.558"/>
+        <vers num="1.564"/>
+        <vers num="1.567"/>
+        <vers num="1.569"/>
+        <vers prev="1" num="1.580"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2016" published="2014-03-25" name="CVE-2014-2016" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://wiki.oxidforge.org/Security_bulletins/2014-001" source="CONFIRM" adv="1">http://wiki.oxidforge.org/Security_bulletins/2014-001</ref>
+      <ref url="http://secunia.com/advisories/57438" source="SECUNIA" adv="1">57438</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oxid-esales" name="eshop">
+        <vers num="4.6.0" edition=":professional"/>
+        <vers num="4.6.0" edition=":community"/>
+        <vers num="4.6.0" edition=":enterprise"/>
+        <vers num="4.6.1" edition=":professional"/>
+        <vers num="4.6.1" edition=":community"/>
+        <vers num="4.6.1" edition=":enterprise"/>
+        <vers num="4.6.2" edition=":community"/>
+        <vers num="4.6.2" edition=":enterprise"/>
+        <vers num="4.6.2" edition=":professional"/>
+        <vers num="4.6.3" edition=":community"/>
+        <vers num="4.6.3" edition=":enterprise"/>
+        <vers num="4.6.3" edition=":professional"/>
+        <vers num="4.6.4" edition=":community"/>
+        <vers num="4.6.4" edition=":professional"/>
+        <vers num="4.6.4" edition=":enterprise"/>
+        <vers num="4.6.5" edition=":community"/>
+        <vers num="4.6.5" edition=":professional"/>
+        <vers num="4.6.5" edition=":enterprise"/>
+        <vers num="4.6.6" edition=":community"/>
+        <vers num="4.6.6" edition=":professional"/>
+        <vers num="4.6.6" edition=":enterprise"/>
+        <vers num="4.6.7" edition=":community"/>
+        <vers num="4.6.7" edition=":professional"/>
+        <vers num="4.6.7" edition=":enterprise"/>
+        <vers prev="1" num="4.6.8" edition=":professional"/>
+        <vers prev="1" num="4.6.8" edition=":enterprise"/>
+        <vers num="4.7.0" edition="-:professional"/>
+        <vers num="4.7.0" edition="-:community"/>
+        <vers num="4.7.1" edition="-:professional"/>
+        <vers num="4.7.1" edition="-:community"/>
+        <vers num="4.7.10" edition=":professional"/>
+        <vers num="4.7.10" edition=":community"/>
+        <vers num="4.7.2" edition="-:professional"/>
+        <vers num="4.7.2" edition="-:community"/>
+        <vers num="4.7.3" edition="-:professional"/>
+        <vers num="4.7.3" edition="-:community"/>
+        <vers num="4.7.4" edition="-:professional"/>
+        <vers num="4.7.4" edition="-:community"/>
+        <vers num="4.7.5" edition="-:professional"/>
+        <vers num="4.7.5" edition="-:community"/>
+        <vers num="4.7.6" edition="-:professional"/>
+        <vers num="4.7.6" edition="-:community"/>
+        <vers num="4.7.7" edition="-:professional"/>
+        <vers num="4.7.7" edition="-:community"/>
+        <vers prev="1" num="4.7.8" edition=":community"/>
+        <vers prev="1" num="4.7.8" edition="-:professional"/>
+        <vers prev="1" num="4.7.8" edition="-:community"/>
+        <vers num="4.7.9" edition=":professional"/>
+        <vers num="4.7.9" edition=":community"/>
+        <vers num="4.8.0" edition=":community"/>
+        <vers num="4.8.0" edition=":professional"/>
+        <vers num="4.8.1" edition=":community"/>
+        <vers num="4.8.1" edition=":professional"/>
+        <vers num="4.8.2" edition=":community"/>
+        <vers num="4.8.2" edition=":professional"/>
+        <vers num="4.8.3" edition=":community"/>
+        <vers num="4.8.3" edition=":professional"/>
+        <vers num="5.0.0" edition=":enterprise"/>
+        <vers num="5.0.1" edition=":enterprise"/>
+        <vers num="5.0.10" edition=":enterprise"/>
+        <vers num="5.0.2" edition=":enterprise"/>
+        <vers num="5.0.3" edition=":enterprise"/>
+        <vers num="5.0.4" edition=":enterprise"/>
+        <vers num="5.0.5" edition=":enterprise"/>
+        <vers num="5.0.6" edition=":enterprise"/>
+        <vers num="5.0.7" edition=":enterprise"/>
+        <vers num="5.0.8" edition=":enterprise"/>
+        <vers num="5.0.9" edition=":enterprise"/>
+        <vers num="5.1.0" edition=":enterprise"/>
+        <vers num="5.1.1" edition=":enterprise"/>
+        <vers num="5.1.2" edition=":enterprise"/>
+        <vers num="5.1.3" edition=":enterprise"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2018" published="2014-02-17" name="CVE-2014-2018" modified="2014-02-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/863369" source="CERT-VN">VU#863369</ref>
+      <ref url="https://bugzilla.mozilla.org/show_bug.cgi?id=875818" source="CONFIRM" adv="1">https://bugzilla.mozilla.org/show_bug.cgi?id=875818</ref>
+      <ref url="http://www.vulnerability-lab.com/get_content.php?id=953" source="MISC">http://www.vulnerability-lab.com/get_content.php?id=953</ref>
+      <ref url="http://www.mozilla.org/security/announce/2014/mfsa2014-14.html" source="CONFIRM" adv="1">http://www.mozilla.org/security/announce/2014/mfsa2014-14.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mozilla" name="seamonkey">
+        <vers num="1.0" edition="alpha"/>
+        <vers num="1.0" edition="beta"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.0.7"/>
+        <vers num="1.0.8"/>
+        <vers num="1.0.9"/>
+        <vers num="1.1" edition="alpha"/>
+        <vers num="1.1" edition="beta"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.10"/>
+        <vers num="1.1.11"/>
+        <vers num="1.1.12"/>
+        <vers num="1.1.13"/>
+        <vers num="1.1.14"/>
+        <vers num="1.1.15"/>
+        <vers num="1.1.16"/>
+        <vers num="1.1.17"/>
+        <vers num="1.1.18"/>
+        <vers num="1.1.19"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.3"/>
+        <vers num="1.1.4"/>
+        <vers num="1.1.5"/>
+        <vers num="1.1.6"/>
+        <vers num="1.1.7"/>
+        <vers num="1.1.8"/>
+        <vers num="1.1.9"/>
+        <vers num="1.5.0.10"/>
+        <vers num="1.5.0.8"/>
+        <vers num="1.5.0.9"/>
+        <vers num="2.0" edition="alpha_1"/>
+        <vers num="2.0" edition="alpha_2"/>
+        <vers num="2.0" edition="alpha_3"/>
+        <vers num="2.0" edition="beta_1"/>
+        <vers num="2.0" edition="beta_2"/>
+        <vers num="2.0" edition="rc1"/>
+        <vers num="2.0" edition="rc2"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.10"/>
+        <vers num="2.0.11"/>
+        <vers num="2.0.12"/>
+        <vers num="2.0.13"/>
+        <vers num="2.0.14"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1" edition="alpha1"/>
+        <vers num="2.1" edition="alpha2"/>
+        <vers num="2.1" edition="alpha3"/>
+        <vers num="2.1" edition="beta1"/>
+        <vers num="2.1" edition="beta2"/>
+        <vers num="2.1" edition="beta3"/>
+        <vers num="2.1" edition="rc1"/>
+        <vers num="2.1" edition="rc2"/>
+        <vers num="2.10" edition="beta1"/>
+        <vers num="2.10" edition="beta2"/>
+        <vers num="2.10" edition="beta3"/>
+        <vers num="2.10.1"/>
+        <vers num="2.11" edition="beta1"/>
+        <vers num="2.11" edition="beta2"/>
+        <vers num="2.11" edition="beta3"/>
+        <vers num="2.11" edition="beta4"/>
+        <vers num="2.11" edition="beta5"/>
+        <vers num="2.11" edition="beta6"/>
+        <vers num="2.12" edition="beta1"/>
+        <vers num="2.12" edition="beta2"/>
+        <vers num="2.12" edition="beta3"/>
+        <vers num="2.12" edition="beta4"/>
+        <vers num="2.12" edition="beta5"/>
+        <vers num="2.12" edition="beta6"/>
+        <vers num="2.12.1"/>
+        <vers num="2.13" edition="beta1"/>
+        <vers num="2.13" edition="beta2"/>
+        <vers num="2.13" edition="beta3"/>
+        <vers num="2.13" edition="beta4"/>
+        <vers num="2.13" edition="beta5"/>
+        <vers num="2.13" edition="beta6"/>
+        <vers num="2.13.1"/>
+        <vers num="2.13.2"/>
+        <vers num="2.14" edition="beta1"/>
+        <vers num="2.14" edition="beta2"/>
+        <vers num="2.14" edition="beta3"/>
+        <vers num="2.14" edition="beta4"/>
+        <vers num="2.14" edition="beta5"/>
+        <vers num="2.15" edition="beta1"/>
+        <vers num="2.15" edition="beta2"/>
+        <vers num="2.15" edition="beta3"/>
+        <vers num="2.15" edition="beta4"/>
+        <vers num="2.15" edition="beta5"/>
+        <vers num="2.15" edition="beta6"/>
+        <vers num="2.15.1"/>
+        <vers num="2.15.2"/>
+        <vers num="2.16" edition="beta1"/>
+        <vers num="2.16" edition="beta2"/>
+        <vers num="2.16" edition="beta3"/>
+        <vers num="2.16" edition="beta4"/>
+        <vers num="2.16" edition="beta5"/>
+        <vers num="2.16.1"/>
+        <vers num="2.16.2"/>
+        <vers num="2.17" edition="beta1"/>
+        <vers num="2.17" edition="beta2"/>
+        <vers num="2.17" edition="beta3"/>
+        <vers num="2.17" edition="beta4"/>
+        <vers num="2.17.1"/>
+        <vers num="2.18" edition="beta1"/>
+        <vers num="2.18" edition="beta2"/>
+        <vers num="2.18" edition="beta3"/>
+        <vers num="2.18" edition="beta4"/>
+        <vers prev="1" num="2.19" edition="beta1"/>
+        <vers prev="1" num="2.19" edition="beta2"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird">
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+      </prod>
+      <prod vendor="mozilla" name="thunderbird_esr">
+        <vers num="17.0"/>
+        <vers num="17.0.1"/>
+        <vers num="17.0.10"/>
+        <vers num="17.0.2"/>
+        <vers num="17.0.3"/>
+        <vers num="17.0.4"/>
+        <vers num="17.0.5"/>
+        <vers num="17.0.6"/>
+        <vers num="17.0.7"/>
+        <vers num="17.0.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2019" published="2014-02-18" name="CVE-2014-2019" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:C/A:N)" CVSS_score="4.9" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.9" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.youtube.com/watch?v=QnPk4RRWjic" source="MISC">http://www.youtube.com/watch?v=QnPk4RRWjic</ref>
+      <ref url="http://support.apple.com/kb/HT6162" source="CONFIRM">http://support.apple.com/kb/HT6162</ref>
+      <ref url="http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml" source="MISC">http://news.softpedia.com/news/Major-iOS-7-Security-Flaw-Discovered-Video-425011.shtml</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="iphone_os">
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.0.2"/>
+        <vers num="7.0.3"/>
+        <vers prev="1" num="7.0.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2020" published="2014-02-18" name="CVE-2014-2020" modified="2014-03-08" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01" source="CONFIRM" adv="1">https://github.com/php/php-src/commit/2938329ce19cb8c4197dec146c3ec887c6f61d01</ref>
+      <ref url="https://bugs.php.net/bug.php?id=66356" source="CONFIRM" adv="1">https://bugs.php.net/bug.php?id=66356</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2126-1" source="UBUNTU">USN-2126-1</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="php" name="php">
+        <vers num="5.5.0" edition="alpha1"/>
+        <vers num="5.5.0" edition="alpha2"/>
+        <vers num="5.5.0" edition="alpha3"/>
+        <vers num="5.5.0" edition="alpha4"/>
+        <vers num="5.5.0" edition="alpha5"/>
+        <vers num="5.5.0" edition="alpha6"/>
+        <vers num="5.5.0" edition="beta1"/>
+        <vers num="5.5.0" edition="beta2"/>
+        <vers num="5.5.0" edition="beta3"/>
+        <vers num="5.5.0" edition="beta4"/>
+        <vers num="5.5.0" edition="rc1"/>
+        <vers num="5.5.0" edition="rc2"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers prev="1" num="5.5.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2024" published="2014-03-14" name="CVE-2014-2024" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/open-classifieds/openclassifieds2/commit/45ee8fb601a91b8a4238229580a32a4fd8d96ef9" source="CONFIRM" patch="1">https://github.com/open-classifieds/openclassifieds2/commit/45ee8fb601a91b8a4238229580a32a4fd8d96ef9</ref>
+      <ref url="https://www.htbridge.com/advisory/HTB23204" source="MISC">https://www.htbridge.com/advisory/HTB23204</ref>
+      <ref url="https://github.com/open-classifieds/openclassifieds2/issues/556" source="CONFIRM">https://github.com/open-classifieds/openclassifieds2/issues/556</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531428/100/0/threaded" source="BUGTRAQ">20140312 Cross-Site Scripting (XSS) in Open Classifieds</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openclassifieds" name="open_classifieds_2">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers prev="1" num="2.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2033" published="2014-03-02" name="CVE-2014-2033" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="7.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="5.5" CVSS_base_score="7.9">
+    <desc>
+      <descript source="cve">The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/221620" source="CERT-VN">VU#221620</ref>
+      <ref url="https://kb.bluecoat.com/index?page=content&amp;id=SA77" source="CONFIRM" adv="1">https://kb.bluecoat.com/index?page=content&amp;id=SA77</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="bluecoat" name="proxysgos">
+        <vers num="5.5"/>
+        <vers prev="1" num="5.5.11"/>
+        <vers num="6.1"/>
+        <vers prev="1" num="6.1.6.3"/>
+        <vers num="6.2"/>
+        <vers prev="1" num="6.2.15.3"/>
+        <vers num="6.3"/>
+        <vers num="6.4"/>
+        <vers prev="1" num="6.4.6.1"/>
+        <vers prev="1" num="6.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2034" published="2014-03-31" name="CVE-2014-2034" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API" source="CONFIRM" adv="1">https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API</ref>
+      <ref url="http://www.sonatype.org/advisories/archive/2014-03-03-Nexus" source="CONFIRM" adv="1">http://www.sonatype.org/advisories/archive/2014-03-03-Nexus</ref>
+      <ref url="http://www.securityfocus.com/bid/65956" source="BID">65956</ref>
+      <ref url="http://www.osvdb.org/104049" source="OSVDB">104049</ref>
+      <ref url="http://secunia.com/advisories/57142" source="SECUNIA" adv="1">57142</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sonatype" name="nexus">
+        <vers num="2.4.0" edition=":~~open_source~~~"/>
+        <vers num="2.4.0" edition=":~~professional~~~"/>
+        <vers num="2.5.0" edition=":~~professional~~~"/>
+        <vers num="2.5.0" edition=":~~open_source~~~"/>
+        <vers num="2.6.0" edition=":~~open_source~~~"/>
+        <vers num="2.6.0" edition=":~~professional~~~"/>
+        <vers num="2.6.1" edition=":~~professional~~~"/>
+        <vers num="2.6.1" edition=":~~open_source~~~"/>
+        <vers num="2.6.2" edition=":~~open_source~~~"/>
+        <vers num="2.6.2" edition=":~~professional~~~"/>
+        <vers num="2.6.3" edition=":~~open_source~~~"/>
+        <vers num="2.6.3" edition=":~~professional~~~"/>
+        <vers num="2.6.4" edition=":~~open_source~~~"/>
+        <vers num="2.6.4" edition=":~~professional~~~"/>
+        <vers num="2.6.5" edition=":~~professional~~~"/>
+        <vers num="2.7.0" edition=":~~professional~~~"/>
+        <vers num="2.7.0" edition=":~~open_source~~~"/>
+        <vers num="2.7.1" edition=":~~professional~~~"/>
+        <vers num="2.7.1" edition=":~~open_source~~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2035" published="2014-02-27" name="CVE-2014-2035" modified="2014-02-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.13 build 574 allows remote attackers to inject arbitrary web script or HTML via the i parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531191/100/0/threaded" source="BUGTRAQ">20140220 [CVE-2014-2035] XSS in InterWorx Web Control Panel &lt;= 5.0.12</ref>
+      <ref url="http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19" source="CONFIRM">http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="interworx" name="web_control_panel">
+        <vers num="5.0"/>
+        <vers num="5.0.10"/>
+        <vers num="5.0.11"/>
+        <vers num="5.0.12"/>
+        <vers prev="1" num="5.0.13"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2038" published="2014-02-28" name="CVE-2014-2038" modified="2014-03-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:H/Au:N/C:P/I:P/A:P)" CVSS_score="3.7" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="1.9" CVSS_base_score="3.7">
+    <desc>
+      <descript source="cve">The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/263b4509ec4d47e0da3e753f85a39ea12d1eff24" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/263b4509ec4d47e0da3e753f85a39ea12d1eff24</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=263b4509ec4d47e0da3e753f85a39ea12d1eff24" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=263b4509ec4d47e0da3e753f85a39ea12d1eff24</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1066939" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1066939</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2140-1" source="UBUNTU">USN-2140-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2137-1" source="UBUNTU">USN-2137-1</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/20/16" source="MLIST">[oss-security] 20140221 Re: Re: CVE request: Linux kernel: nfs: information leakage</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.3" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.3</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers prev="1" num="3.13.2"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2039" published="2014-02-28" name="CVE-2014-2039" modified="2014-02-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="4.9" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.9" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/8d7f6690cedb83456edd41c9bd583783f0703bf0" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/8d7f6690cedb83456edd41c9bd583783f0703bf0</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d7f6690cedb83456edd41c9bd583783f0703bf0" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d7f6690cedb83456edd41c9bd583783f0703bf0</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1067558" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1067558</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/20/14" source="MLIST">[oss-security] 20140220 Re: CVE Request: Linux kernel: s390: crash due to linkage stack instruction</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers prev="1" num="3.13.4"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2040" published="2014-03-03" name="CVE-2014-2040" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:S/C:N/I:P/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.vapid.dhs.org/advisories/wordpress/plugins/MediaFileRenamer-1.7.0/index.html" source="MISC">http://www.vapid.dhs.org/advisories/wordpress/plugins/MediaFileRenamer-1.7.0/index.html</ref>
+      <ref url="http://www.securityfocus.com/bid/65715" source="BID">65715</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531270/100/0/threaded" source="BUGTRAQ">20140226 Persistent XSS in Media File Renamer V1.7.0 wordpress plugin</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="jordy_meow" name="media_file_renamer">
+        <vers num="1.7.0" edition=":~~~wordpress~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2042" published="2014-04-28" name="CVE-2014-2042" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/434.html
+
+"CWE-434: Unrestricted Upload of File with Dangerous Type"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531914/100/0/threaded" source="BUGTRAQ">20140423 CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/260" source="FULLDISC">20140423 CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="livetecs" name="timeline">
+        <vers num="2.81"/>
+        <vers num="2.91"/>
+        <vers num="2.94"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.5"/>
+        <vers num="3.1.1"/>
+        <vers num="3.2.1"/>
+        <vers num="3.5.1"/>
+        <vers num="3.6.1"/>
+        <vers num="3.7.1"/>
+        <vers num="3.8.1"/>
+        <vers num="4.2.1"/>
+        <vers num="4.3.1"/>
+        <vers num="4.9.1"/>
+        <vers num="5.2.1"/>
+        <vers num="6.0.1"/>
+        <vers num="6.2.1"/>
+        <vers num="6.2.3"/>
+        <vers num="6.2.4"/>
+        <vers num="6.2.6"/>
+        <vers num="6.2.7"/>
+        <vers num="6.2.71"/>
+        <vers prev="1" num="6.2.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2043" published="2014-03-13" name="CVE-2014-2043" modified="2014-03-13" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2043" source="MISC">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2043</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531426/100/0/threaded" source="BUGTRAQ">20140312 CVE-2014-2043 - SQL Injection in Procentia IntelliPen</ref>
+      <ref url="http://www.exploit-db.com/exploits/32212" source="EXPLOIT-DB">32212</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="procentia" name="intellipen">
+        <vers prev="1" num="1.1.12.1520"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2047" published="2014-03-14" name="CVE-2014-2047" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://owncloud.org/about/security/advisories/oC-SA-2014-001/" source="CONFIRM" patch="1" adv="1">http://owncloud.org/about/security/advisories/oC-SA-2014-001/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="owncloud" name="owncloud">
+        <vers num="6.0.0"/>
+        <vers prev="1" num="6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2049" published="2014-03-14" name="CVE-2014-2049" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://owncloud.org/about/security/advisories/oC-SA-2014-003/" source="CONFIRM" patch="1" adv="1">http://owncloud.org/about/security/advisories/oC-SA-2014-003/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="owncloud" name="owncloud">
+        <vers num="3.0.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.10"/>
+        <vers num="4.0.11"/>
+        <vers num="4.0.12"/>
+        <vers num="4.0.13"/>
+        <vers num="4.0.14"/>
+        <vers num="4.0.15"/>
+        <vers num="4.0.16"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.5"/>
+        <vers num="4.0.6"/>
+        <vers num="4.0.7"/>
+        <vers num="4.0.8"/>
+        <vers num="4.0.9"/>
+        <vers num="4.5.0"/>
+        <vers num="4.5.1"/>
+        <vers num="4.5.10"/>
+        <vers num="4.5.11"/>
+        <vers num="4.5.12"/>
+        <vers num="4.5.13"/>
+        <vers num="4.5.2"/>
+        <vers num="4.5.3"/>
+        <vers num="4.5.4"/>
+        <vers num="4.5.5"/>
+        <vers num="4.5.6"/>
+        <vers num="4.5.7"/>
+        <vers num="4.5.8"/>
+        <vers num="4.5.9"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.10"/>
+        <vers num="5.0.11"/>
+        <vers num="5.0.12"/>
+        <vers num="5.0.13"/>
+        <vers prev="1" num="5.0.14"/>
+        <vers num="5.0.2"/>
+        <vers num="5.0.3"/>
+        <vers num="5.0.4"/>
+        <vers num="5.0.5"/>
+        <vers num="5.0.6"/>
+        <vers num="5.0.7"/>
+        <vers num="5.0.8"/>
+        <vers num="5.0.9"/>
+        <vers num="6.0.0"/>
+        <vers num="6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2057" published="2014-03-24" name="CVE-2014-2057" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://owncloud.org/about/security/advisories/oC-SA-2014-007/" source="CONFIRM" adv="1">http://owncloud.org/about/security/advisories/oC-SA-2014-007/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="owncloud" name="owncloud">
+        <vers num="3.0.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.10"/>
+        <vers num="4.0.11"/>
+        <vers num="4.0.12"/>
+        <vers num="4.0.13"/>
+        <vers num="4.0.14"/>
+        <vers num="4.0.15"/>
+        <vers num="4.0.16"/>
+        <vers num="4.0.2"/>
+        <vers num="4.0.3"/>
+        <vers num="4.0.4"/>
+        <vers num="4.0.5"/>
+        <vers num="4.0.6"/>
+        <vers num="4.0.7"/>
+        <vers num="4.0.8"/>
+        <vers num="4.0.9"/>
+        <vers num="4.5.0"/>
+        <vers num="4.5.1"/>
+        <vers num="4.5.10"/>
+        <vers num="4.5.11"/>
+        <vers num="4.5.12"/>
+        <vers num="4.5.13"/>
+        <vers num="4.5.2"/>
+        <vers num="4.5.3"/>
+        <vers num="4.5.4"/>
+        <vers num="4.5.5"/>
+        <vers num="4.5.6"/>
+        <vers num="4.5.7"/>
+        <vers num="4.5.8"/>
+        <vers num="4.5.9"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.10"/>
+        <vers num="5.0.11"/>
+        <vers num="5.0.12"/>
+        <vers num="5.0.13"/>
+        <vers num="5.0.14" edition="a"/>
+        <vers num="5.0.2"/>
+        <vers num="5.0.3"/>
+        <vers num="5.0.4"/>
+        <vers num="5.0.5"/>
+        <vers num="5.0.6"/>
+        <vers num="5.0.7"/>
+        <vers num="5.0.8"/>
+        <vers num="5.0.9"/>
+        <vers num="6.0.0"/>
+        <vers prev="1" num="6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2059" published="2014-02-28" name="CVE-2014-2059" modified="2014-03-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d" source="CONFIRM" patch="1">https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d</ref>
+      <ref url="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" source="CONFIRM" adv="1">https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91346" source="XF">jenkins-cve20142059-dir-trav(91346)</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/421" source="MLIST">[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cloudbees" name="jenkins">
+        <vers num="1.301"/>
+        <vers num="1.302"/>
+        <vers num="1.303"/>
+        <vers num="1.304"/>
+        <vers num="1.305"/>
+        <vers num="1.306"/>
+        <vers num="1.307"/>
+        <vers num="1.308"/>
+        <vers num="1.309"/>
+        <vers num="1.310"/>
+        <vers num="1.311"/>
+        <vers num="1.312"/>
+        <vers num="1.313"/>
+        <vers num="1.314"/>
+        <vers num="1.315"/>
+        <vers num="1.316"/>
+        <vers num="1.317"/>
+        <vers num="1.318"/>
+        <vers num="1.319"/>
+        <vers num="1.320"/>
+        <vers num="1.321"/>
+        <vers num="1.322"/>
+        <vers num="1.323"/>
+        <vers num="1.324"/>
+        <vers num="1.325"/>
+        <vers num="1.326"/>
+        <vers num="1.327"/>
+        <vers num="1.328"/>
+        <vers num="1.329"/>
+        <vers num="1.330"/>
+        <vers num="1.331"/>
+        <vers num="1.332"/>
+        <vers num="1.333"/>
+        <vers num="1.334"/>
+        <vers num="1.335"/>
+        <vers num="1.336"/>
+        <vers num="1.337"/>
+        <vers num="1.338"/>
+        <vers num="1.339"/>
+        <vers num="1.340"/>
+        <vers num="1.341"/>
+        <vers num="1.342"/>
+        <vers num="1.343"/>
+        <vers num="1.344"/>
+        <vers num="1.345"/>
+        <vers num="1.346"/>
+        <vers num="1.347"/>
+        <vers num="1.348"/>
+        <vers num="1.349"/>
+        <vers num="1.350"/>
+        <vers num="1.351"/>
+        <vers num="1.352"/>
+        <vers num="1.353"/>
+        <vers num="1.354"/>
+        <vers num="1.355"/>
+        <vers num="1.356"/>
+        <vers num="1.357"/>
+        <vers num="1.358"/>
+        <vers num="1.359"/>
+        <vers num="1.360"/>
+        <vers num="1.361"/>
+        <vers num="1.362"/>
+        <vers num="1.363"/>
+        <vers num="1.364"/>
+        <vers num="1.365"/>
+        <vers num="1.366"/>
+        <vers num="1.367"/>
+        <vers num="1.368"/>
+        <vers num="1.369"/>
+        <vers num="1.370"/>
+        <vers num="1.371"/>
+        <vers num="1.372"/>
+        <vers num="1.373"/>
+        <vers num="1.374"/>
+        <vers num="1.375"/>
+        <vers num="1.376"/>
+        <vers num="1.377"/>
+        <vers num="1.378"/>
+        <vers num="1.379"/>
+        <vers num="1.380"/>
+        <vers num="1.382"/>
+        <vers num="1.383"/>
+        <vers num="1.384"/>
+        <vers num="1.386"/>
+        <vers num="1.387"/>
+        <vers num="1.388"/>
+        <vers num="1.389"/>
+        <vers num="1.390"/>
+        <vers num="1.391"/>
+        <vers num="1.392"/>
+        <vers num="1.393"/>
+        <vers num="1.394"/>
+        <vers num="1.395"/>
+        <vers num="1.396"/>
+        <vers num="1.397"/>
+        <vers num="1.398"/>
+        <vers num="1.399"/>
+        <vers num="1.400" edition=":lts"/>
+        <vers num="1.400" edition="-:lts"/>
+        <vers num="1.400.0.12" edition=":lts"/>
+        <vers num="1.401"/>
+        <vers num="1.402"/>
+        <vers num="1.403"/>
+        <vers num="1.404"/>
+        <vers num="1.405"/>
+        <vers num="1.406"/>
+        <vers num="1.407"/>
+        <vers num="1.408"/>
+        <vers num="1.409"/>
+        <vers num="1.409.1" edition=":lts"/>
+        <vers num="1.409.1" edition="-:lts"/>
+        <vers num="1.409.2" edition=":lts"/>
+        <vers num="1.409.2" edition="-:lts"/>
+        <vers num="1.409.3" edition="-:lts"/>
+        <vers num="1.410"/>
+        <vers num="1.411"/>
+        <vers num="1.412"/>
+        <vers num="1.413"/>
+        <vers num="1.414"/>
+        <vers num="1.415"/>
+        <vers num="1.416"/>
+        <vers num="1.417"/>
+        <vers num="1.418"/>
+        <vers num="1.419"/>
+        <vers num="1.420"/>
+        <vers num="1.421"/>
+        <vers num="1.422"/>
+        <vers num="1.423"/>
+        <vers num="1.424" edition="-:lts"/>
+        <vers num="1.424.1" edition="-:lts"/>
+        <vers num="1.424.2" edition="-:lts"/>
+        <vers num="1.424.3" edition="-:lts"/>
+        <vers num="1.424.4" edition="-:lts"/>
+        <vers num="1.424.5" edition="-:lts"/>
+        <vers num="1.424.6" edition="-:lts"/>
+        <vers num="1.425"/>
+        <vers num="1.426"/>
+        <vers num="1.427"/>
+        <vers num="1.428"/>
+        <vers num="1.429"/>
+        <vers num="1.430"/>
+        <vers num="1.431"/>
+        <vers num="1.432"/>
+        <vers num="1.433"/>
+        <vers num="1.434"/>
+        <vers num="1.435"/>
+        <vers num="1.436"/>
+        <vers num="1.437"/>
+        <vers num="1.447" edition="-:lts"/>
+        <vers num="1.447.1" edition="-:lts"/>
+        <vers num="1.447.2" edition="-:lts"/>
+        <vers num="1.466.1" edition="-:lts"/>
+        <vers num="1.466.2" edition="-:lts"/>
+        <vers num="1.480.1" edition="-:lts"/>
+        <vers num="1.480.2" edition="-:lts"/>
+        <vers num="1.480.3" edition="-:lts"/>
+        <vers num="1.480.3.1"/>
+        <vers num="1.509.1" edition="-:lts"/>
+        <vers num="1.509.2" edition="-:lts"/>
+        <vers num="1.509.3" edition="-:lts"/>
+        <vers num="1.509.4" edition="-:lts"/>
+        <vers num="1.523"/>
+        <vers num="1.524"/>
+        <vers num="1.525"/>
+        <vers num="1.526"/>
+        <vers num="1.527"/>
+        <vers num="1.528"/>
+        <vers num="1.529"/>
+        <vers num="1.530"/>
+        <vers num="1.531"/>
+        <vers num="1.532"/>
+        <vers prev="1" num="1.532.1" edition="-:lts"/>
+        <vers num="1.533"/>
+        <vers num="1.534"/>
+        <vers num="1.535"/>
+        <vers num="1.536"/>
+        <vers num="1.537"/>
+        <vers num="1.538"/>
+        <vers num="1.539"/>
+        <vers num="1.540"/>
+        <vers num="1.541"/>
+        <vers num="1.542"/>
+        <vers num="1.543"/>
+        <vers num="1.544"/>
+        <vers num="1.545"/>
+        <vers num="1.546"/>
+        <vers num="1.547"/>
+        <vers num="1.548"/>
+        <vers num="1.549"/>
+        <vers prev="1" num="1.550"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2067" published="2014-02-28" name="CVE-2014-2067" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" source="CONFIRM" adv="1">https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14</ref>
+      <ref url="https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014" source="CONFIRM">https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91354" source="XF">jenkins-cve20142067-xss(91354)</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/421" source="MLIST">[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cloudbees" name="jenkins">
+        <vers num="1.301"/>
+        <vers num="1.302"/>
+        <vers num="1.303"/>
+        <vers num="1.304"/>
+        <vers num="1.305"/>
+        <vers num="1.306"/>
+        <vers num="1.307"/>
+        <vers num="1.308"/>
+        <vers num="1.309"/>
+        <vers num="1.310"/>
+        <vers num="1.311"/>
+        <vers num="1.312"/>
+        <vers num="1.313"/>
+        <vers num="1.314"/>
+        <vers num="1.315"/>
+        <vers num="1.316"/>
+        <vers num="1.317"/>
+        <vers num="1.318"/>
+        <vers num="1.319"/>
+        <vers num="1.320"/>
+        <vers num="1.321"/>
+        <vers num="1.322"/>
+        <vers num="1.323"/>
+        <vers num="1.324"/>
+        <vers num="1.325"/>
+        <vers num="1.326"/>
+        <vers num="1.327"/>
+        <vers num="1.328"/>
+        <vers num="1.329"/>
+        <vers num="1.330"/>
+        <vers num="1.331"/>
+        <vers num="1.332"/>
+        <vers num="1.333"/>
+        <vers num="1.334"/>
+        <vers num="1.335"/>
+        <vers num="1.336"/>
+        <vers num="1.337"/>
+        <vers num="1.338"/>
+        <vers num="1.339"/>
+        <vers num="1.340"/>
+        <vers num="1.341"/>
+        <vers num="1.342"/>
+        <vers num="1.343"/>
+        <vers num="1.344"/>
+        <vers num="1.345"/>
+        <vers num="1.346"/>
+        <vers num="1.347"/>
+        <vers num="1.348"/>
+        <vers num="1.349"/>
+        <vers num="1.350"/>
+        <vers num="1.351"/>
+        <vers num="1.352"/>
+        <vers num="1.353"/>
+        <vers num="1.354"/>
+        <vers num="1.355"/>
+        <vers num="1.356"/>
+        <vers num="1.357"/>
+        <vers num="1.358"/>
+        <vers num="1.359"/>
+        <vers num="1.360"/>
+        <vers num="1.361"/>
+        <vers num="1.362"/>
+        <vers num="1.363"/>
+        <vers num="1.364"/>
+        <vers num="1.365"/>
+        <vers num="1.366"/>
+        <vers num="1.367"/>
+        <vers num="1.368"/>
+        <vers num="1.369"/>
+        <vers num="1.370"/>
+        <vers num="1.371"/>
+        <vers num="1.372"/>
+        <vers num="1.373"/>
+        <vers num="1.374"/>
+        <vers num="1.375"/>
+        <vers num="1.376"/>
+        <vers num="1.377"/>
+        <vers num="1.378"/>
+        <vers num="1.379"/>
+        <vers num="1.380"/>
+        <vers num="1.382"/>
+        <vers num="1.383"/>
+        <vers num="1.384"/>
+        <vers num="1.386"/>
+        <vers num="1.387"/>
+        <vers num="1.388"/>
+        <vers num="1.389"/>
+        <vers num="1.390"/>
+        <vers num="1.391"/>
+        <vers num="1.392"/>
+        <vers num="1.393"/>
+        <vers num="1.394"/>
+        <vers num="1.395"/>
+        <vers num="1.396"/>
+        <vers num="1.397"/>
+        <vers num="1.398"/>
+        <vers num="1.399"/>
+        <vers num="1.400" edition=":lts"/>
+        <vers num="1.400" edition="-:lts"/>
+        <vers num="1.400.0.12" edition=":lts"/>
+        <vers num="1.401"/>
+        <vers num="1.402"/>
+        <vers num="1.403"/>
+        <vers num="1.404"/>
+        <vers num="1.405"/>
+        <vers num="1.406"/>
+        <vers num="1.407"/>
+        <vers num="1.408"/>
+        <vers num="1.409"/>
+        <vers num="1.409.1" edition=":lts"/>
+        <vers num="1.409.1" edition="-:lts"/>
+        <vers num="1.409.2" edition=":lts"/>
+        <vers num="1.409.2" edition="-:lts"/>
+        <vers num="1.409.3" edition="-:lts"/>
+        <vers num="1.410"/>
+        <vers num="1.411"/>
+        <vers num="1.412"/>
+        <vers num="1.413"/>
+        <vers num="1.414"/>
+        <vers num="1.415"/>
+        <vers num="1.416"/>
+        <vers num="1.417"/>
+        <vers num="1.418"/>
+        <vers num="1.419"/>
+        <vers num="1.420"/>
+        <vers num="1.421"/>
+        <vers num="1.422"/>
+        <vers num="1.423"/>
+        <vers num="1.424" edition="-:lts"/>
+        <vers num="1.424.1" edition="-:lts"/>
+        <vers num="1.424.2" edition="-:lts"/>
+        <vers num="1.424.3" edition="-:lts"/>
+        <vers num="1.424.4" edition="-:lts"/>
+        <vers num="1.424.5" edition="-:lts"/>
+        <vers num="1.424.6" edition="-:lts"/>
+        <vers num="1.425"/>
+        <vers num="1.426"/>
+        <vers num="1.427"/>
+        <vers num="1.428"/>
+        <vers num="1.429"/>
+        <vers num="1.430"/>
+        <vers num="1.431"/>
+        <vers num="1.432"/>
+        <vers num="1.433"/>
+        <vers num="1.434"/>
+        <vers num="1.435"/>
+        <vers num="1.436"/>
+        <vers num="1.437"/>
+        <vers num="1.447" edition="-:lts"/>
+        <vers num="1.447.1" edition="-:lts"/>
+        <vers num="1.447.2" edition="-:lts"/>
+        <vers num="1.466.1" edition="-:lts"/>
+        <vers num="1.466.2" edition="-:lts"/>
+        <vers num="1.480.1" edition="-:lts"/>
+        <vers num="1.480.2" edition="-:lts"/>
+        <vers num="1.480.3" edition="-:lts"/>
+        <vers num="1.480.3.1"/>
+        <vers num="1.509.1" edition="-:lts"/>
+        <vers num="1.509.2" edition="-:lts"/>
+        <vers num="1.509.3" edition="-:lts"/>
+        <vers num="1.509.4" edition="-:lts"/>
+        <vers num="1.523"/>
+        <vers num="1.524"/>
+        <vers num="1.525"/>
+        <vers num="1.526"/>
+        <vers num="1.527"/>
+        <vers num="1.528"/>
+        <vers num="1.529"/>
+        <vers num="1.530"/>
+        <vers num="1.531"/>
+        <vers num="1.532"/>
+        <vers prev="1" num="1.532.1" edition="-:lts"/>
+        <vers num="1.533"/>
+        <vers num="1.534"/>
+        <vers num="1.535"/>
+        <vers num="1.536"/>
+        <vers num="1.537"/>
+        <vers num="1.538"/>
+        <vers num="1.539"/>
+        <vers num="1.540"/>
+        <vers num="1.541"/>
+        <vers num="1.542"/>
+        <vers num="1.543"/>
+        <vers num="1.544"/>
+        <vers num="1.545"/>
+        <vers num="1.546"/>
+        <vers num="1.547"/>
+        <vers num="1.548"/>
+        <vers num="1.549"/>
+        <vers prev="1" num="1.550"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2075" published="2014-02-27" name="CVE-2014-2075" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt" source="CONFIRM" adv="1">http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt</ref>
+      <ref url="http://www.tibco.com/mk/advisory.jsp" source="CONFIRM" adv="1">http://www.tibco.com/mk/advisory.jsp</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="tibco" name="enterprise_administrator">
+        <vers num="1.0.0"/>
+      </prod>
+      <prod vendor="tibco" name="enterprise_administrator_sdk">
+        <vers num="1.0.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2077" published="2014-03-20" name="CVE-2014-2077" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://secunia.com/advisories/57290" source="SECUNIA" adv="1">57290</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0108.html" source="BUGTRAQ">20140317 Open-Xchange Security Advisory 2014-03-17</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="open-xchange" name="open-xchange_appsuite">
+        <vers num="7.4.1"/>
+        <vers num="7.4.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2080" published="2014-02-28" name="CVE-2014-2080" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Evolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea" source="CONFIRM" patch="1">https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea</ref>
+      <ref url="http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss" source="CONFIRM" patch="1" adv="1">http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss</ref>
+      <ref url="http://secunia.com/advisories/57038" source="SECUNIA" adv="1">57038</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/431" source="MLIST">[oss-security] 20140224 Re: CVE request: XSS in MODX Revolution before 2.2.11</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="modx" name="modx_revolution">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.2.0"/>
+        <vers num="2.2.1"/>
+        <vers prev="1" num="2.2.10"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2087" published="2014-03-18" name="CVE-2014-2087" modified="2014-03-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://www.rcesecurity.com/2014/03/cve-2014-2087-free-download-manager-cdownloads_deleted-updatedownload-remote-code-execution" source="MISC">https://www.rcesecurity.com/2014/03/cve-2014-2087-free-download-manager-cdownloads_deleted-updatedownload-remote-code-execution</ref>
+      <ref url="http://www.securityfocus.com/bid/66211" source="BID">66211</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="freedownloadmanager" name="free_download_manager">
+        <vers num="3.8"/>
+        <vers num="3.9.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2088" published="2014-03-02" name="CVE-2014-2088" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/434.html
+
+"CWE-434: Unrestricted Upload of File with Dangerous Type"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html" source="MISC">http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ilias" name="ilias">
+        <vers num="4.4.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2089" published="2014-03-02" name="CVE-2014-2089" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html" source="MISC">http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ilias" name="ilias">
+        <vers num="4.4.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2090" published="2014-03-02" name="CVE-2014-2090" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html" source="MISC">http://packetstormsecurity.com/files/125350/ILIAS-4.4.1-Cross-Site-Scripting-Shell-Upload.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ilias" name="ilias">
+        <vers num="4.4.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2091" published="2014-03-02" name="CVE-2014-2091" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action.  NOTE: the original disclosure also reported issues that may not cross privilege boundaries.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://packetstormsecurity.com/files/125348/ATutor-2.1.1-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/125348/ATutor-2.1.1-Cross-Site-Scripting.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="atutor" name="atutor">
+        <vers num="2.1.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2092" published="2014-03-02" name="CVE-2014-2092" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334.  NOTE: the original disclosure also reported issues that may not cross privilege boundaries.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://packetstormsecurity.com/files/125353/CMSMadeSimple-1.11.10-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/125353/CMSMadeSimple-1.11.10-Cross-Site-Scripting.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cmsmadesimple" name="cms_made_simple">
+        <vers num="1.11.10"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2093" published="2014-02-26" name="CVE-2014-2093" modified="2014-03-11" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/426.html
+
+"CWE-426: Untrusted Search Path"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1069396" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1069396</ref>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/25/4" source="MLIST">[oss-security] 20140225 Re: CVE request for catfish program</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/25/2" source="MLIST">[oss-security] 20140225 Re: CVE request for catfish program</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="catfish_project" name="catfish">
+        <vers num="0.4.0"/>
+        <vers num="0.4.0.1"/>
+        <vers num="0.4.0.2"/>
+        <vers num="0.4.0.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2094" published="2014-02-26" name="CVE-2014-2094" modified="2014-03-11" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the current working directory.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1069396" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1069396</ref>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/25/4" source="MLIST">[oss-security] 20140225 Re: CVE request for catfish program</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/25/2" source="MLIST">[oss-security] 20140225 Re: CVE request for catfish program</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="catfish_project" name="catfish">
+        <vers num="0.4.0"/>
+        <vers num="0.4.0.1"/>
+        <vers num="0.4.0.2"/>
+        <vers num="0.4.0.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2095" published="2014-02-26" name="CVE-2014-2095" modified="2014-03-11" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/426.html
+
+"CWE-426: Untrusted Search Path"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1069396" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1069396</ref>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/25/4" source="MLIST">[oss-security] 20140225 Re: CVE request for catfish program</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/25/2" source="MLIST">[oss-security] 20140225 Re: CVE request for catfish program</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="catfish_project" name="catfish">
+        <vers num="0.6.0"/>
+        <vers num="0.6.1"/>
+        <vers num="0.6.2"/>
+        <vers num="0.6.3"/>
+        <vers num="0.6.4"/>
+        <vers num="0.8.0"/>
+        <vers num="0.8.1"/>
+        <vers num="0.8.2"/>
+        <vers num="1.0.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2096" published="2014-02-26" name="CVE-2014-2096" modified="2014-03-11" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/426.html
+
+"CWE-426: Untrusted Search Path"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1069396" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1069396</ref>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739958</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/25/4" source="MLIST">[oss-security] 20140225 Re: CVE request for catfish program</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/25/2" source="MLIST">[oss-security] 20140225 Re: CVE request for catfish program</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="catfish_project" name="catfish">
+        <vers num="0.6.0"/>
+        <vers num="0.6.1"/>
+        <vers num="0.6.2"/>
+        <vers num="0.6.3"/>
+        <vers num="0.6.4"/>
+        <vers num="0.8.0"/>
+        <vers num="0.8.1"/>
+        <vers num="0.8.2"/>
+        <vers num="1.0.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2097" published="2014-03-01" name="CVE-2014-2097" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f58eab151214d2d35ff0973f2b3e51c5eb372da4" source="CONFIRM" patch="1">http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f58eab151214d2d35ff0973f2b3e51c5eb372da4</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ffmpeg" name="ffmpeg">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers prev="1" num="2.1.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2098" published="2014-03-01" name="CVE-2014-2098" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3" source="CONFIRM" patch="1">http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ec9578d54d09b64bf112c2bf7a34b1ef3b93dbd3</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ffmpeg" name="ffmpeg">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers prev="1" num="2.1.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2099" published="2014-03-01" name="CVE-2014-2099" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2" source="CONFIRM" patch="1">http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ffmpeg" name="ffmpeg">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers prev="1" num="2.1.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2102" published="2014-02-26" name="CVE-2014-2102" modified="2014-02-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2102" source="CISCO" adv="1">20140225 Cisco Unified Contact Center Express CCMConfig Sensitive Information Disclosure Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_contact_center_express_editor_software">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2103" published="2014-02-27" name="CVE-2014-2103" modified="2014-02-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:C)" CVSS_score="6.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.0" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2103" source="CISCO" adv="1">20140227 Cisco IPS MainApp SNMP Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="intrusion_prevention_system">
+        <vers num="5.1"/>
+        <vers num="6.0"/>
+        <vers num="6.0.2.0"/>
+        <vers num="7.0"/>
+        <vers num="7.0(1)e3"/>
+        <vers num="7.0(2)e3"/>
+        <vers num="7.0(2)e4"/>
+        <vers num="7.0(3)e4"/>
+        <vers num="7.0(4)e4"/>
+        <vers num="7.0(5a)e4"/>
+        <vers num="7.0(6)e4"/>
+        <vers num="7.0(7)e4"/>
+        <vers num="7.0(8)e4"/>
+        <vers num="7.0(9)e4"/>
+        <vers num="7.1"/>
+      </prod>
+      <prod vendor="cisco" name="intrusion_prevention_system">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2104" published="2014-03-01" name="CVE-2014-2104" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33111" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33111</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2104" source="CISCO" adv="1">20140227 Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_domain_manager">
+        <vers num="9.0(.1)"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2106" published="2014-03-27" name="CVE-2014-2106" modified="2014-03-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898.</descript>
+    </desc>
+    <impacts>
+      <impact source="nvd">Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-sip
+
+"The following Cisco IOS Software and Cisco IOS XE Software releases are affected by this vulnerability:
+
+    Cisco IOS Software release 15.3(3)M and 15.3(3)M1
+    Cisco IOS XE Software release 3.10.0S and 3.10.1S1"</impact>
+    </impacts>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-sip" source="CISCO" adv="1">20140326 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ios">
+        <vers num="15.3(3)m"/>
+        <vers num="15.3(3)m1"/>
+      </prod>
+      <prod vendor="cisco" name="ios_xe">
+        <vers num="3.10.0s"/>
+        <vers num="3.10.1s1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2107" published="2014-03-27" name="CVE-2014-2107" modified="2014-03-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-RSP72010GE" source="CISCO" adv="1">20140326 Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ios">
+        <vers num="12.2"/>
+        <vers num="15.0"/>
+        <vers num="15.0(1)se"/>
+        <vers num="15.1"/>
+        <vers num="15.2"/>
+        <vers num="15.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2108" published="2014-03-27" name="CVE-2014-2108" modified="2014-03-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ikev2" source="CISCO" adv="1">20140326 Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ios">
+        <vers num="12.2"/>
+        <vers num="15.0"/>
+        <vers num="15.0(1)se"/>
+        <vers num="15.1"/>
+        <vers num="15.2"/>
+        <vers num="15.3"/>
+      </prod>
+      <prod vendor="cisco" name="ios_xe">
+        <vers num="3.10"/>
+        <vers num="3.2.0s"/>
+        <vers num="3.2.0sg"/>
+        <vers num="3.2.0xo"/>
+        <vers num="3.2.1s"/>
+        <vers num="3.2.1sg"/>
+        <vers num="3.2.2s"/>
+        <vers num="3.2.2sg"/>
+        <vers num="3.2.3sg"/>
+        <vers num="3.2.4sg"/>
+        <vers num="3.2s(.0)"/>
+        <vers num="3.2s(.1)"/>
+        <vers num="3.2s(.2)"/>
+        <vers num="3.3.0s"/>
+        <vers num="3.3.0sg"/>
+        <vers num="3.3.1s"/>
+        <vers num="3.3.1sg"/>
+        <vers num="3.3.2s"/>
+        <vers num="3.3.3s"/>
+        <vers num="3.3s(.0)"/>
+        <vers num="3.3s(.1)"/>
+        <vers num="3.3s(.2)"/>
+        <vers num="3.4.0as"/>
+        <vers num="3.4.0s"/>
+        <vers num="3.4.1s"/>
+        <vers num="3.4.2s"/>
+        <vers num="3.4.3s"/>
+        <vers num="3.4.4s"/>
+        <vers num="3.4.5s"/>
+        <vers num="3.4.xs"/>
+        <vers num="3.4s(.0)"/>
+        <vers num="3.4s(.1)"/>
+        <vers num="3.4s(.2)"/>
+        <vers num="3.4s(.3)"/>
+        <vers num="3.4s(.4)"/>
+        <vers num="3.4s(.5)"/>
+        <vers num="3.4s(.6)"/>
+        <vers num="3.5.0s"/>
+        <vers num="3.5.1s"/>
+        <vers num="3.5.2s"/>
+        <vers num="3.5.xs"/>
+        <vers num="3.5s(.0)"/>
+        <vers num="3.5s(.1)"/>
+        <vers num="3.5s(.2)"/>
+        <vers num="3.6.0s"/>
+        <vers num="3.6.1s"/>
+        <vers num="3.6.2s"/>
+        <vers num="3.6s(.0)"/>
+        <vers num="3.6s(.1)"/>
+        <vers num="3.6s(.2)"/>
+        <vers num="3.7.0s"/>
+        <vers num="3.7.1s"/>
+        <vers num="3.7.2s"/>
+        <vers num="3.7s(.0)"/>
+        <vers num="3.7s(.1)"/>
+        <vers num="3.8.0s"/>
+        <vers num="3.8s(.0)"/>
+        <vers num="3.8s(.1)"/>
+        <vers num="3.8s(.2)"/>
+        <vers num="3.9.0s"/>
+        <vers num="3.9.1s"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2109" published="2014-03-27" name="CVE-2014-2109" modified="2014-03-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat" source="CISCO" adv="1">20140326 Cisco IOS Software Network Address Translation Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ios">
+        <vers num="12.2"/>
+        <vers num="12.3"/>
+        <vers num="12.4"/>
+        <vers num="15.0"/>
+        <vers num="15.1"/>
+        <vers num="15.2"/>
+        <vers num="15.3"/>
+        <vers num="15.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2111" published="2014-03-27" name="CVE-2014-2111" modified="2014-03-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat" source="CISCO" adv="1">20140326 Cisco IOS Software Network Address Translation Vulnerabilities</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ios">
+        <vers num="12.2"/>
+        <vers num="12.3"/>
+        <vers num="12.4"/>
+        <vers num="15.0"/>
+        <vers num="15.1"/>
+        <vers num="15.2"/>
+        <vers num="15.3"/>
+        <vers num="15.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2112" published="2014-03-27" name="CVE-2014-2112" modified="2014-03-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn" source="CISCO" adv="1">20140326 Cisco IOS Software SSL VPN Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ios">
+        <vers num="15.1"/>
+        <vers num="15.2"/>
+        <vers num="15.3"/>
+        <vers num="15.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2113" published="2014-03-27" name="CVE-2014-2113" modified="2014-03-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ipv6" source="CISCO" adv="1">20140326 Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ios">
+        <vers num="15.1"/>
+        <vers num="15.2"/>
+        <vers num="15.3"/>
+      </prod>
+      <prod vendor="cisco" name="ios_xe">
+        <vers num="3.10"/>
+        <vers num="3.10.0s"/>
+        <vers num="3.10.1s"/>
+        <vers num="3.10.1s1"/>
+        <vers num="3.3.0s"/>
+        <vers num="3.3.0sg"/>
+        <vers num="3.3.1s"/>
+        <vers num="3.3.1sg"/>
+        <vers num="3.3.2s"/>
+        <vers num="3.3.3s"/>
+        <vers num="3.3s(.0)"/>
+        <vers num="3.3s(.1)"/>
+        <vers num="3.3s(.2)"/>
+        <vers num="3.5.0s"/>
+        <vers num="3.5.1s"/>
+        <vers num="3.5.xs"/>
+        <vers num="3.5s(.0)"/>
+        <vers num="3.5s(.1)"/>
+        <vers num="3.5s(.2)"/>
+        <vers num="3.7.0s"/>
+        <vers num="3.7.1s"/>
+        <vers num="3.7.2s"/>
+        <vers num="3.7s(.0)"/>
+        <vers num="3.7s(.1)"/>
+        <vers num="3.8.0s"/>
+        <vers num="3.8s(.0)"/>
+        <vers num="3.8s(.1)"/>
+        <vers num="3.8s(.2)"/>
+        <vers num="3.9.0s"/>
+        <vers num="3.9.1s"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2114" published="2014-04-04" name="CVE-2014-2114" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33644" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33644</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2114" source="CISCO" adv="1">20140403 Cisco Emergency Responder Cross-Site Scripting Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="emergency_responder">
+        <vers prev="1" num="8.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2115" published="2014-04-04" name="CVE-2014-2115" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33643" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33643</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115" source="CISCO" adv="1">20140403 Cisco Emergency Responder Cross-Site Request Forgery Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="emergency_responder">
+        <vers prev="1" num="8.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2116" published="2014-04-04" name="CVE-2014-2116" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33641" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33641</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2116" source="CISCO" adv="1">20140403 Cisco Emergency Responder Dynamic Content Modification Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="emergency_responder">
+        <vers prev="1" num="8.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2117" published="2014-04-04" name="CVE-2014-2117" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33642" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33642</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2117" source="CISCO" adv="1">20140403 Cisco Emergency Responder Open Redirect Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="emergency_responder">
+        <vers prev="1" num="8.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2118" published="2014-03-27" name="CVE-2014-2118" modified="2014-03-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in dashboard-related HTML documents in Cisco Prime Security Manager (aka PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun50687.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33542" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33542</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2118" source="CISCO" adv="1">20140327 Cisco Prime Security Manager Cross-Site Scripting Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="prime_security_manager">
+        <vers num="9.0"/>
+        <vers num="9.1"/>
+        <vers num="9.1.2-29"/>
+        <vers num="9.1.2-42"/>
+        <vers num="9.1.3-10"/>
+        <vers num="9.1.3-13"/>
+        <vers num="9.1.3-8"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1-1"/>
+        <vers prev="1" num="9.2.1-2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2119" published="2014-03-20" name="CVE-2014-2119" modified="2014-03-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:C/I:C/A:C)" CVSS_score="8.5" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="6.8" CVSS_base_score="8.5">
+    <desc>
+      <descript source="cve">The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140319-asyncos" source="CISCO" adv="1">20140319 Cisco AsyncOS Software Code Execution Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="content_security_management_appliance">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="email_security_appliance">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="ironport_asyncos">
+        <vers prev="1" num="7.6.2-201"/>
+        <vers prev="1" num="7.9.1-039"/>
+        <vers num="8.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2120" published="2014-03-18" name="CVE-2014-2120" modified="2014-03-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120" source="CISCO" adv="1">20140318 Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="adaptive_security_appliance_software">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2121" published="2014-03-18" name="CVE-2014-2121" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1029933" source="SECTRACK">1029933</ref>
+      <ref url="http://www.securityfocus.com/bid/66283" source="BID">66283</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2121" source="CISCO" adv="1">20140318 Cisco Hosted Collaboration Solution Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="hosted_collaboration_solution">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2122" published="2014-03-18" name="CVE-2014-2122" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91907" source="XF">cisco-hosted-cve20142122-dos(91907)</ref>
+      <ref url="http://www.securitytracker.com/id/1029936" source="SECTRACK">1029936</ref>
+      <ref url="http://www.securityfocus.com/bid/66293" source="BID">66293</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2122" source="CISCO" adv="1">20140318 Cisco Hosted Collaboration Solution Memory Leak Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="hosted_collaboration_solution">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2124" published="2014-03-20" name="CVE-2014-2124" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T (aka Sup2T) on Catalyst 6500 devices, allows remote attackers to cause a denial of service (device crash) via crafted multicast packets, aka Bug ID CSCuf60783.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91904" source="XF">ciscoios-cve20142124-dos(91904)</ref>
+      <ref url="http://www.securitytracker.com/id/1029942" source="SECTRACK">1029942</ref>
+      <ref url="http://www.securityfocus.com/bid/66301" source="BID">66301</ref>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33413" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33413</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2124" source="CISCO" adv="1">20140319 Cisco IOS Software Sup2T Denial of Service Vulnerability</ref>
+      <ref url="http://secunia.com/advisories/57515" source="SECUNIA">57515</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="catalyst_6500">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="ios">
+        <vers prev="1" num="15.1(2)sy3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2125" published="2014-04-01" name="CVE-2014-2125" modified="2014-04-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33603" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33603</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2125" source="CISCO" adv="1">20140401 Cisco Unity Connection Cross-Site Scripting Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unity_connection">
+        <vers prev="1" num="8.6" edition="(1)"/>
+        <vers prev="1" num="8.6" edition="(2)"/>
+        <vers prev="1" num="8.6" edition="(2a)su1"/>
+        <vers prev="1" num="8.6" edition="(2a)su2"/>
+        <vers prev="1" num="8.6" edition="(2a)su3"/>
+        <vers num="8.6(1a)"/>
+        <vers num="8.6(2a)"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2126" published="2014-04-10" name="CVE-2014-2126" modified="2014-04-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:C/I:C/A:C)" CVSS_score="8.5" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="6.8" CVSS_base_score="8.5">
+    <desc>
+      <descript source="cve">Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa" source="CISCO" adv="1">20140409 Multiple Vulnerabilities in Cisco ASA Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="adaptive_security_appliance_software">
+        <vers num="8.2"/>
+        <vers num="8.4"/>
+        <vers num="8.7"/>
+        <vers num="9.0"/>
+        <vers num="9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2127" published="2014-04-10" name="CVE-2014-2127" modified="2014-04-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:C/I:C/A:C)" CVSS_score="8.5" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="6.8" CVSS_base_score="8.5">
+    <desc>
+      <descript source="cve">Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa" source="CISCO" adv="1">20140409 Multiple Vulnerabilities in Cisco ASA Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="adaptive_security_appliance_software">
+        <vers num="8.0"/>
+        <vers num="8.1"/>
+        <vers num="8.2"/>
+        <vers num="8.3(1)"/>
+        <vers num="8.4"/>
+        <vers num="8.6"/>
+        <vers num="9.0"/>
+        <vers num="9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2128" published="2014-04-10" name="CVE-2014-2128" modified="2014-04-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47, 8.3 before 8.3(2.40), 8.4 before 8.4(7.3), 8.6 before 8.6(1.13), 9.0 before 9.0(3.8), and 9.1 before 9.1(3.2) allows remote attackers to bypass authentication via (1) a crafted cookie value within modified HTTP POST data or (2) a crafted URL, aka Bug ID CSCua85555.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa" source="CISCO" adv="1">20140409 Multiple Vulnerabilities in Cisco ASA Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="adaptive_security_appliance_software">
+        <vers num="8.2"/>
+        <vers num="8.3(1)"/>
+        <vers num="8.4"/>
+        <vers num="8.6"/>
+        <vers num="9.0"/>
+        <vers num="9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2129" published="2014-04-10" name="CVE-2014-2129" modified="2014-04-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-asa" source="CISCO" adv="1">20140409 Multiple Vulnerabilities in Cisco ASA Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="adaptive_security_appliance_software">
+        <vers num="8.2"/>
+        <vers num="8.4"/>
+        <vers num="9.0"/>
+        <vers num="9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2131" published="2014-03-28" name="CVE-2014-2131" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="6.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.5" CVSS_base_score="6.1">
+    <desc>
+      <descript source="cve">The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD) packets, aka Bug IDs CSCug41049 and CSCue61890.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2131" source="CISCO" adv="1">20140328 Cisco IOS Software High Priority Queue Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ios">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2137" published="2014-04-01" name="CVE-2014-2137" modified="2014-04-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33608" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33608</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2137" source="CISCO" adv="1">20140401 Cisco WSA HTTP Header Injection Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="web_security_virtual_appliance">
+        <vers num="7.1.0"/>
+        <vers num="7.1.1"/>
+        <vers num="7.1.2"/>
+        <vers num="7.1.3"/>
+        <vers num="7.1.4"/>
+        <vers num="7.5.0"/>
+        <vers num="7.5.1"/>
+        <vers prev="1" num="7.7"/>
+      </prod>
+      <prod vendor="cisco" name="web_security_appliance">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2138" published="2014-04-01" name="CVE-2014-2138" modified="2014-04-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33607" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33607</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2138" source="CISCO" adv="1">20140401 Cisco Security Manager HTTP Header Redirection Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="security_manager">
+        <vers num="3.0.2"/>
+        <vers num="3.1"/>
+        <vers num="3.1.1" edition="sp3"/>
+        <vers num="3.2" edition="sp1"/>
+        <vers num="3.2" edition="sp2"/>
+        <vers num="3.2.1" edition="sp1"/>
+        <vers num="3.2.2" edition="-"/>
+        <vers num="3.2.2" edition="sp1"/>
+        <vers num="3.2.2" edition="sp2"/>
+        <vers num="3.2.2" edition="sp3"/>
+        <vers num="3.2.2" edition="sp4"/>
+        <vers num="3.3" edition="-"/>
+        <vers num="3.3" edition="sp1"/>
+        <vers num="3.3" edition="sp2"/>
+        <vers num="3.3.1" edition="-"/>
+        <vers num="3.3.1" edition="sp1"/>
+        <vers num="3.3.1" edition="sp2"/>
+        <vers num="3.3.1" edition="sp3"/>
+        <vers num="3.3.1" edition="sp4"/>
+        <vers num="4.0" edition="-"/>
+        <vers num="4.0" edition="sp1"/>
+        <vers num="4.0.1" edition="-"/>
+        <vers num="4.0.1" edition="sp1"/>
+        <vers num="4.0.1" edition="sp2"/>
+        <vers num="4.1" edition="sp1"/>
+        <vers num="4.1" edition="sp2"/>
+        <vers prev="1" num="4.2" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2139" published="2014-04-12" name="CVE-2014-2139" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (flash write outage) via a TCP FIN attack that triggers file-descriptor exhaustion, aka Bug ID CSCug97315.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33681" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33681</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2139" source="CISCO" adv="1">20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ons_15454">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="cisco_ons_15454_system_software">
+        <vers num="9.0"/>
+        <vers num="9.1"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.3"/>
+        <vers num="9.4"/>
+        <vers prev="1" num="9.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2140" published="2014-04-12" name="CVE-2014-2140" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Cisco ONS 15454 controller cards with software 9.6 and earlier allow remote attackers to cause a denial of service (card reset) via a TCP FIN attack that triggers file-descriptor exhaustion and a failure to open a CAL pipe, aka Bug ID CSCug97348.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33680" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33680</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2140" source="CISCO" adv="1">20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ons_15454">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="cisco_ons_15454_system_software">
+        <vers num="9.0"/>
+        <vers num="9.1"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.3"/>
+        <vers num="9.4"/>
+        <vers prev="1" num="9.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2141" published="2014-04-10" name="CVE-2014-2141" modified="2014-04-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The session-termination functionality on Cisco ONS 15454 controller cards with software 9.6 and earlier does not initialize an unspecified pointer, which allows remote authenticated users to cause a denial of service (card reset) via crafted session-close actions, aka Bug ID CSCug97416.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33682" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33682</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2141" source="CISCO" adv="1">20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ons_15454">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="cisco_ons_15454_system_software">
+        <vers num="9.0"/>
+        <vers num="9.1"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.3"/>
+        <vers num="9.4"/>
+        <vers prev="1" num="9.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2142" published="2014-04-12" name="CVE-2014-2142" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33679" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33679</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2142" source="CISCO" adv="1">20140407 Cisco ONS 15454 Controller Card Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ons_15454">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="cisco_ons_15454_system_software">
+        <vers num="9.0"/>
+        <vers num="9.1"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.3"/>
+        <vers num="9.4"/>
+        <vers num="9.6"/>
+      </prod>
+      <prod vendor="cisco" name="ons_15454_system_software">
+        <vers prev="1" num="10.0"/>
+        <vers num="9.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2143" published="2014-04-04" name="CVE-2014-2143" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE allows remote attackers to cause a denial of service (security-association drop) via crafted Main Mode packets, aka Bug ID CSCun31021.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33639" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33639</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2143" source="CISCO" adv="1">20140403 Cisco IOS Software IKE Main Mode Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ios">
+        <vers num="15.0"/>
+        <vers num="15.0(1)se"/>
+        <vers num="15.1"/>
+        <vers num="15.2"/>
+        <vers num="15.3"/>
+        <vers num="15.3(2)s"/>
+        <vers num="15.3(3)m"/>
+        <vers num="15.3(3)m1"/>
+        <vers num="15.3(3)m2"/>
+        <vers num="15.3(3)s"/>
+        <vers num="15.3s"/>
+        <vers num="15.4"/>
+        <vers prev="1" num="15.4(1)t"/>
+      </prod>
+      <prod vendor="cisco" name="ios_xe">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2144" published="2014-04-05" name="CVE-2014-2144" modified="2014-04-07" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="6.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.5" CVSS_base_score="6.1">
+    <desc>
+      <descript source="cve">Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2144" source="CISCO" adv="1">20140404 Cisco IOS XR Software ICMPv6 Redirect Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="ios_xr">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2145" published="2014-04-05" name="CVE-2014-2145" modified="2014-04-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2145" source="CISCO" adv="1">20140404 Cisco Unity Connection Directory Traversal Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unity_connection">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2154" published="2014-04-23" name="CVE-2014-2154" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Memory leak in the SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and instability) via crafted SIP packets, aka Bug ID CSCuf67469.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2154" source="CISCO" adv="1">20140422 Cisco ASA SIP Inspection Memory Leak Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="adaptive_security_appliance_software">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2155" published="2014-04-19" name="CVE-2014-2155" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33850" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33850</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2155" source="CISCO" adv="1">20140417 Cisco Network Registrar DHCPv6 Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="cns_network_registrar">
+        <vers num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2156" published="2014-05-02" name="CVE-2014-2156" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45739.</descript>
+    </desc>
+    <impacts>
+      <impact source="nvd">Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp
+
+" Vulnerable Products
+The following products running a version of Cisco TelePresence System MXP Series Software prior to F9.3.1 are affected by the vulnerabilities described in this advisory:
+
+    Cisco TelePresence System 1700 MXP
+    Cisco TelePresence System 1000 MXP
+    Cisco TelePresence System Edge 75 MXP
+    Cisco TelePresence System Edge 85 MXP
+    Cisco TelePresence System Edge 95 MXP
+    Cisco TelePresence System Codec 3000 MXP
+    Cisco TelePresence System Codec 6000 MXP
+    Tandberg 550 MXP
+    Tandberg 770 MXP
+    Tandberg 880 MXP
+    Tandberg 990 MXP
+    Tandberg 2000 MXP"
+</impact>
+    </impacts>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_system_software">
+        <vers num="f9.0.1"/>
+        <vers num="f9.0.2"/>
+        <vers num="f9.1.0"/>
+        <vers num="f9.1.1"/>
+        <vers num="f9.1.2"/>
+        <vers prev="1" num="f9.3"/>
+        <vers num="fnc9.1.0"/>
+        <vers num="fnc9.1.1"/>
+        <vers num="fnc9.1.2"/>
+        <vers num="fnc9.3"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_2000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_550_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_770_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_880_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_990_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1700_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_codec_3000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_codec_6000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_75_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_85_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_95_mxp">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2157" published="2014-05-02" name="CVE-2014-2157" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733.</descript>
+    </desc>
+    <impacts>
+      <impact source="nvd">Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp
+
+" Vulnerable Products
+The following products running a version of Cisco TelePresence System MXP Series Software prior to F9.3.1 are affected by the vulnerabilities described in this advisory:
+
+    Cisco TelePresence System 1700 MXP
+    Cisco TelePresence System 1000 MXP
+    Cisco TelePresence System Edge 75 MXP
+    Cisco TelePresence System Edge 85 MXP
+    Cisco TelePresence System Edge 95 MXP
+    Cisco TelePresence System Codec 3000 MXP
+    Cisco TelePresence System Codec 6000 MXP
+    Tandberg 550 MXP
+    Tandberg 770 MXP
+    Tandberg 880 MXP
+    Tandberg 990 MXP
+    Tandberg 2000 MXP"</impact>
+    </impacts>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_system_software">
+        <vers num="f9.0.1"/>
+        <vers num="f9.0.2"/>
+        <vers num="f9.1.0"/>
+        <vers num="f9.1.1"/>
+        <vers num="f9.1.2"/>
+        <vers prev="1" num="f9.3"/>
+        <vers num="fnc9.1.0"/>
+        <vers num="fnc9.1.1"/>
+        <vers num="fnc9.1.2"/>
+        <vers num="fnc9.3"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_2000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_550_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_770_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_880_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_990_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1700_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_codec_3000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_codec_6000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_75_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_85_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_95_mxp">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2158" published="2014-05-02" name="CVE-2014-2158" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_system_software">
+        <vers num="f9.0.1"/>
+        <vers num="f9.0.2"/>
+        <vers num="f9.1.0"/>
+        <vers num="f9.1.1"/>
+        <vers num="f9.1.2"/>
+        <vers prev="1" num="f9.3"/>
+        <vers num="fnc9.1.0"/>
+        <vers num="fnc9.1.1"/>
+        <vers num="fnc9.1.2"/>
+        <vers num="fnc9.3"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_2000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_550_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_770_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_880_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_990_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1700_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_codec_3000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_codec_6000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_75_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_85_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_95_mxp">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2159" published="2014-05-02" name="CVE-2014-2159" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_system_software">
+        <vers num="f9.0.1"/>
+        <vers num="f9.0.2"/>
+        <vers num="f9.1.0"/>
+        <vers num="f9.1.1"/>
+        <vers num="f9.1.2"/>
+        <vers prev="1" num="f9.3"/>
+        <vers num="fnc9.1.0"/>
+        <vers num="fnc9.1.1"/>
+        <vers num="fnc9.1.2"/>
+        <vers num="fnc9.3"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_2000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_550_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_770_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_880_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_990_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1700_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_codec_3000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_codec_6000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_75_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_85_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_95_mxp">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2160" published="2014-05-02" name="CVE-2014-2160" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_system_software">
+        <vers num="f9.0.1"/>
+        <vers num="f9.0.2"/>
+        <vers num="f9.1.0"/>
+        <vers num="f9.1.1"/>
+        <vers num="f9.1.2"/>
+        <vers prev="1" num="f9.3"/>
+        <vers num="fnc9.1.0"/>
+        <vers num="fnc9.1.1"/>
+        <vers num="fnc9.1.2"/>
+        <vers num="fnc9.3"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_2000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_550_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_770_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_880_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_990_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1700_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_codec_3000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_codec_6000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_75_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_85_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_95_mxp">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2161" published="2014-05-02" name="CVE-2014-2161" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_system_software">
+        <vers num="f9.0.1"/>
+        <vers num="f9.0.2"/>
+        <vers num="f9.1.0"/>
+        <vers num="f9.1.1"/>
+        <vers num="f9.1.2"/>
+        <vers prev="1" num="f9.3"/>
+        <vers num="fnc9.1.0"/>
+        <vers num="fnc9.1.1"/>
+        <vers num="fnc9.1.2"/>
+        <vers num="fnc9.3"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_2000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_550_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_770_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_880_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="tandberg_990_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_1700_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_codec_3000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_codec_6000_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_75_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_85_mxp">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_system_edge_95_mxp">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2162" published="2014-05-02" name="CVE-2014-2162" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCud29566.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2163" published="2014-05-02" name="CVE-2014-2163" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua64961.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2164" published="2014-05-02" name="CVE-2014-2164" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCuj94651.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2165" published="2014-05-02" name="CVE-2014-2165" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2166" published="2014-05-02" name="CVE-2014-2166" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2167" published="2014-05-02" name="CVE-2014-2167" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua86589.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2168" published="2014-05-02" name="CVE-2014-2168" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:C/I:C/A:C)" CVSS_score="7.6" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="4.9" CVSS_base_score="7.6">
+    <desc>
+      <descript source="cve">Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2169" published="2014-05-02" name="CVE-2014-2169" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="9.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.0" CVSS_base_score="9.0">
+    <desc>
+      <descript source="cve">Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal system scripts, aka Bug ID CSCue60211.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+        <vers num="6.0.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.1.0"/>
+        <vers num="6.1.1"/>
+        <vers num="6.1.2"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2170" published="2014-05-02" name="CVE-2014-2170" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_score="9.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.0" CVSS_base_score="9.0">
+    <desc>
+      <descript source="cve">Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="6.0.0"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2171" published="2014-05-02" name="CVE-2014-2171" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP packets, aka Bug ID CSCud81796.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+        <vers num="6.0.0"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2172" published="2014-05-02" name="CVE-2014-2172" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:S/C:C/I:C/A:C)" CVSS_score="6.6" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="2.7" CVSS_base_score="6.6">
+    <desc>
+      <descript source="cve">Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for internal executable files, aka Bug ID CSCub67693.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2173" published="2014-05-02" name="CVE-2014-2173" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
+    <desc>
+      <descript source="cve">Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bug ID CSCub67692.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2175" published="2014-05-02" name="CVE-2014-2175" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte" source="CISCO" adv="1">20140430 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="telepresence_tc_software">
+        <vers num="4.0.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.4"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="5.1.7"/>
+      </prod>
+      <prod vendor="cisco" name="telepresence_te_software">
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2180" published="2014-04-29" name="CVE-2014-2180" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2180" source="CISCO" adv="1">20140428 Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_contact_center_enterprise">
+        <vers num=""/>
+      </prod>
+      <prod vendor="cisco" name="unified_contact_center_express_editor_software">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2182" published="2014-04-29" name="CVE-2014-2182" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="6.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.5" CVSS_base_score="6.1">
+    <desc>
+      <descript source="cve">Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun45520.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2182" source="CISCO" adv="1">20140428 Cisco ASA DHCPv6 Denial of Service Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="adaptive_security_appliance_software">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2183" published="2014-04-29" name="CVE-2014-2183" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:N/A:C)" CVSS_score="6.3" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.8" CVSS_base_score="6.3">
+    <desc>
+      <descript source="cve">The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 routers allows remote authenticated users to cause a denial of service (ESP card reload) via a malformed L2TP packet, aka Bug ID CSCun09973.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/viewAlert.x?alertId=33971" source="CONFIRM" adv="1">http://tools.cisco.com/security/center/viewAlert.x?alertId=33971</ref>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2183" source="CISCO" adv="1">20140428 Cisco IOS XE Software Malformed L2TP Packet Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="asr_1001_router">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="asr_1002-x_router">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="asr_1002_fixed_router">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="asr_1002_router">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="asr_1004_router">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="asr_1006_router">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="asr_1013_router">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="asr_1023_router">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="cisco" name="ios_xe">
+        <vers num="3.10"/>
+        <vers num="3.10.0s"/>
+        <vers num="3.10.1s"/>
+        <vers num="3.10.1s1"/>
+        <vers prev="1" num="3.10.2s"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2184" published="2014-04-29" name="CVE-2014-2184" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2184" source="CISCO" adv="1">20140428 Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2185" published="2014-04-29" name="CVE-2014-2185" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185" source="CISCO" adv="1">20140428 Cisco Unified Communications Manager CDR Management Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="unified_communications_manager">
+        <vers num=""/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2186" published="2014-04-30" name="CVE-2014-2186" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj81777.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2186" source="CISCO" adv="1">20140429 Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cisco" name="webex_meetings_server">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2205" published="2014-02-26" name="CVE-2014-2205" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:C/I:N/A:N)" CVSS_score="6.3" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.8" CVSS_base_score="6.3">
+    <desc>
+      <descript source="cve">The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt" source="MISC">https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt</ref>
+      <ref url="https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10065" source="CONFIRM" adv="1">https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10065</ref>
+      <ref url="http://www.securityfocus.com/bid/65771" source="BID">65771</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531255/100/0/threaded" source="BUGTRAQ">20140225 [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard</ref>
+      <ref url="http://secunia.com/advisories/57114" source="SECUNIA" adv="1">57114</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mcafee" name="epolicy_orchestrator">
+        <vers num="4.6.0"/>
+        <vers num="4.6.1"/>
+        <vers num="4.6.2"/>
+        <vers num="4.6.3"/>
+        <vers num="4.6.4"/>
+        <vers num="4.6.5"/>
+        <vers num="4.6.6"/>
+        <vers prev="1" num="4.6.7"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2206" published="2014-03-05" name="CVE-2014-2206" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/65913" source="BID">65913</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531326/100/0/threaded" source="BUGTRAQ">20140302 [CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution</ref>
+      <ref url="http://www.rcesecurity.com/2014/03/cve-2014-2206-getgo-download-manager-http-response-header-buffer-overflow-remote-code-execution" source="MISC">http://www.rcesecurity.com/2014/03/cve-2014-2206-getgo-download-manager-http-response-header-buffer-overflow-remote-code-execution</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="getgosoft" name="getgo_download_manager">
+        <vers prev="1" num="4.4.5.502"/>
+        <vers num="4.8.2.1346"/>
+        <vers num="4.9.0.1982"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2210" published="2014-04-04" name="CVE-2014-2210" modified="2014-04-04" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B7F968A14-7407-4BCF-9EB1-EFE9F0E6D663%7D" source="CONFIRM" patch="1" adv="1">https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B7F968A14-7407-4BCF-9EB1-EFE9F0E6D663%7D</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ca" name="erwin_web_portal">
+        <vers num="9.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2211" published="2014-03-03" name="CVE-2014-2211" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.sysdream.com/CVE-2014-2211_2214" source="MISC" patch="1">http://www.sysdream.com/CVE-2014-2211_2214</ref>
+      <ref url="http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf" source="MISC">http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf</ref>
+      <ref url="http://www.securityfocus.com/bid/65817" source="BID">65817</ref>
+      <ref url="http://sourceforge.net/p/posh/svn/3540/" source="CONFIRM">http://sourceforge.net/p/posh/svn/3540/</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/444" source="MLIST">[oss-security] 20140227 [CVE assignment notification] Multiple vulnerabilities in POSH</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="posh_project" name="posh">
+        <vers num="3.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers prev="1" num="3.2.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2212" published="2014-04-01" name="CVE-2014-2212" modified="2014-04-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, which allows attackers to obtain sensitive information by reading this cookie.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf" source="MISC">http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf</ref>
+      <ref url="http://www.sysdream.com/CVE-2014-2211_2214" source="MISC">http://www.sysdream.com/CVE-2014-2211_2214</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/444" source="MLIST">[oss-security] 20140227 [CVE assignment notification] Multiple vulnerabilities in POSH</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="posh_project" name="posh">
+        <vers num="1.0.1"/>
+        <vers num="1.1.0"/>
+        <vers num="1.2.0"/>
+        <vers num="1.3.0"/>
+        <vers num="1.3.2"/>
+        <vers num="1.4.2"/>
+        <vers num="1.5" edition="-"/>
+        <vers num="1.5" edition="beta"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5" edition="rc"/>
+        <vers num="1.5.1"/>
+        <vers num="2.0" edition="-"/>
+        <vers num="2.0" edition="beta"/>
+        <vers num="2.0" edition="beta2"/>
+        <vers num="2.0" edition="p1"/>
+        <vers num="2.0" edition="rc"/>
+        <vers num="2.1" edition="-"/>
+        <vers num="2.1" edition="b"/>
+        <vers num="2.1" edition="p1"/>
+        <vers num="2.1" edition="p2"/>
+        <vers num="2.1" edition="rc"/>
+        <vers num="2.2" edition="-"/>
+        <vers num="2.2" edition="beta"/>
+        <vers num="2.2" edition="rc"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.3"/>
+        <vers num="2.3"/>
+        <vers num="3.0" edition="-"/>
+        <vers num="3.0" edition="beta"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers num="3.2.1"/>
+        <vers prev="1" num="3.3.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2219" published="2014-03-20" name="CVE-2014-2219" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23205" source="MISC">https://www.htbridge.com/advisory/HTB23205</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531527/100/0/threaded" source="BUGTRAQ">20140319 Cross-Site Scripting (XSS) in CMSimple</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cmsimple" name="cmsimple_classic">
+        <vers prev="1" num="3.5.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2231" published="2014-02-27" name="CVE-2014-2231" modified="2014-02-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=141" source="CONFIRM">http://www.i-doit.com/en/company/news/single-news/?tx_ttnews%5Btt_news%5D=141</ref>
+      <ref url="http://secunia.com/advisories/56931" source="SECUNIA" adv="1">56931</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="i-doit" name="i-doit">
+        <vers num="1.0" edition=":~~pro~~~"/>
+        <vers num="1.0.2" edition=":~~pro~~~"/>
+        <vers num="1.1.1" edition=":~~pro~~~"/>
+        <vers num="1.1.2" edition=":~~pro~~~"/>
+        <vers num="1.2.1" edition=":~~pro~~~"/>
+        <vers num="1.2.2" edition=":~~pro~~~"/>
+        <vers num="1.2.3" edition=":~~pro~~~"/>
+        <vers prev="1" num="1.2.4" edition=":~~pro~~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2234" published="2014-03-05" name="CVE-2014-2234" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's documentation, which allows remote attackers to bypass extra verification within a custom application via a crafted certificate chain that is acceptable to TEA but not acceptable to that application.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://hynek.me/articles/apple-openssl-verification-surprises/" source="MISC">https://hynek.me/articles/apple-openssl-verification-surprises/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="mac_os_x">
+        <vers prev="1" num="10.9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2235" published="2014-03-05" name="CVE-2014-2235" modified="2014-03-05" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allows remote attackers to inject arbitrary web script or HTML via vectors related to the question search form.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2" source="CONFIRM" patch="1">https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1070852" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1070852</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/28/8" source="MLIST">[oss-security] 20140228 Re: CVE request: askbot xss</ref>
+      <ref url="http://secunia.com/advisories/57163" source="SECUNIA" adv="1">57163</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="askbot" name="askbot">
+        <vers prev="1" num="0.7.48"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2236" published="2014-03-05" name="CVE-2014-2236" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/ASKBOT/askbot-devel/commit/a676a86b6b7a5737d4da4f59f71e037406f88d29" source="CONFIRM" patch="1">https://github.com/ASKBOT/askbot-devel/commit/a676a86b6b7a5737d4da4f59f71e037406f88d29</ref>
+      <ref url="https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2#diff-b693b4c02739be4b3231bece15b0eb87" source="CONFIRM" patch="1">https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2#diff-b693b4c02739be4b3231bece15b0eb87</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1070852" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1070852</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/02/28/8" source="MLIST">[oss-security] 20140228 Re: CVE request: askbot xss</ref>
+      <ref url="http://secunia.com/advisories/57163" source="SECUNIA" adv="1">57163</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="askbot" name="askbot">
+        <vers num="0.7.40"/>
+        <vers num="0.7.41"/>
+        <vers num="0.7.42"/>
+        <vers num="0.7.43"/>
+        <vers num="0.7.44"/>
+        <vers num="0.7.45"/>
+        <vers num="0.7.46"/>
+        <vers num="0.7.47"/>
+        <vers prev="1" num="0.7.48"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2237" published="2014-04-01" name="CVE-2014-2237" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugs.launchpad.net/keystone/+bug/1260080" source="CONFIRM">https://bugs.launchpad.net/keystone/+bug/1260080</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/04/16" source="MLIST">[oss-security] 20140304 [OSSA 2014-006] Trustee token revocation does not work with memcache  backend (CVE-2014-2237)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openstack" name="keystone">
+        <vers num="2013.1"/>
+        <vers num="2013.1.1"/>
+        <vers num="2013.1.2"/>
+        <vers num="2013.1.3"/>
+        <vers num="2013.1.4"/>
+        <vers num="2013.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2238" published="2014-03-05" name="CVE-2014-2238" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://seclists.org/oss-sec/2014/q1/490" source="MLIST" patch="1">[oss-security] 20140304 Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability</ref>
+      <ref url="http://www.securityfocus.com/bid/65903" source="BID">65903</ref>
+      <ref url="http://www.mantisbt.org/blog/?p=288" source="CONFIRM">http://www.mantisbt.org/blog/?p=288</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/456" source="MLIST">[oss-security] 20140228 CVE request: MantisBT 1.2.13 SQL injection vulnerability</ref>
+      <ref url="http://mantisbt.domainunion.de/bugs/view.php?id=17055" source="CONFIRM">http://mantisbt.domainunion.de/bugs/view.php?id=17055</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mantisbt" name="mantisbt">
+        <vers num="1.2.13"/>
+        <vers num="1.2.14"/>
+        <vers num="1.2.15"/>
+        <vers num="1.2.16"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2240" published="2014-03-12" name="CVE-2014-2240" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.freetype.org/index.html" source="CONFIRM" patch="1" adv="1">http://www.freetype.org/index.html</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2148-1" source="UBUNTU">USN-2148-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029895" source="SECTRACK">1029895</ref>
+      <ref url="http://www.securityfocus.com/bid/66074" source="BID">66074</ref>
+      <ref url="http://sourceforge.net/projects/freetype/files/freetype2/2.5.3" source="CONFIRM">http://sourceforge.net/projects/freetype/files/freetype2/2.5.3</ref>
+      <ref url="http://secunia.com/advisories/57447" source="SECUNIA">57447</ref>
+      <ref url="http://secunia.com/advisories/57291" source="SECUNIA" adv="1">57291</ref>
+      <ref url="http://savannah.nongnu.org/bugs/?41697" source="CONFIRM">http://savannah.nongnu.org/bugs/?41697</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="freetype" name="freetype">
+        <vers num="1.3.1"/>
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8" edition="rc1"/>
+        <vers num="2.1.8_rc1"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.3.0"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers num="2.3.11"/>
+        <vers num="2.3.12"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4.0"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.10"/>
+        <vers num="2.4.11"/>
+        <vers num="2.4.12"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+        <vers num="2.4.7"/>
+        <vers num="2.4.8"/>
+        <vers num="2.4.9"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers prev="1" num="2.5.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2241" published="2014-03-18" name="CVE-2014-2241" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969" source="CONFIRM" patch="1">http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2148-1" source="UBUNTU">USN-2148-1</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/12/4" source="MLIST">[oss-security] 20140312 Re: Two stack-based issues in freetype [NOT a request]</ref>
+      <ref url="http://secunia.com/advisories/57447" source="SECUNIA">57447</ref>
+      <ref url="http://savannah.nongnu.org/bugs/?41697" source="CONFIRM">http://savannah.nongnu.org/bugs/?41697</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="freetype" name="freetype">
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers prev="1" num="2.5.2"/>
+      </prod>
+      <prod vendor="canonical" name="ubuntu_linux">
+        <vers num="13.10"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2242" published="2014-03-01" name="CVE-2014-2242" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html" source="MLIST" patch="1" adv="1">[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12</ref>
+      <ref url="https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z" source="CONFIRM">https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z</ref>
+      <ref url="https://bugzilla.wikimedia.org/show_bug.cgi?id=60771" source="CONFIRM" adv="1">https://bugzilla.wikimedia.org/show_bug.cgi?id=60771</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1071135" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1071135</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/01/2" source="MLIST">[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/28/1" source="MLIST">[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mediawiki" name="mediawiki">
+        <vers num="1.1.0"/>
+        <vers num="1.10.0" edition="rc1"/>
+        <vers num="1.10.0" edition="rc2"/>
+        <vers num="1.10.1"/>
+        <vers num="1.10.2"/>
+        <vers num="1.10.3"/>
+        <vers num="1.10.4"/>
+        <vers num="1.11"/>
+        <vers num="1.11.0" edition="rc1"/>
+        <vers num="1.11.1"/>
+        <vers num="1.11.2"/>
+        <vers num="1.12.0" edition="rc1"/>
+        <vers num="1.12.1"/>
+        <vers num="1.12.2"/>
+        <vers num="1.12.3"/>
+        <vers num="1.12.4"/>
+        <vers num="1.13.0" edition="rc1"/>
+        <vers num="1.13.0" edition="rc2"/>
+        <vers num="1.13.1"/>
+        <vers num="1.13.2"/>
+        <vers num="1.13.3"/>
+        <vers num="1.13.4"/>
+        <vers num="1.14.0" edition="rc1"/>
+        <vers num="1.14.1"/>
+        <vers num="1.15.0" edition="rc1"/>
+        <vers num="1.15.1"/>
+        <vers num="1.15.2"/>
+        <vers num="1.15.3"/>
+        <vers num="1.15.4"/>
+        <vers num="1.15.5"/>
+        <vers num="1.16.0" edition="beta1"/>
+        <vers num="1.16.0" edition="beta2"/>
+        <vers num="1.16.0" edition="beta3"/>
+        <vers num="1.16.1"/>
+        <vers num="1.16.2"/>
+        <vers num="1.17" edition="beta_1"/>
+        <vers num="1.17.0" edition="rc1"/>
+        <vers num="1.17.1"/>
+        <vers num="1.17.2"/>
+        <vers num="1.17.3"/>
+        <vers num="1.17.4"/>
+        <vers num="1.18" edition="beta_1"/>
+        <vers num="1.18.0" edition="rc1"/>
+        <vers num="1.18.1"/>
+        <vers num="1.18.2"/>
+        <vers num="1.18.3"/>
+        <vers num="1.19" edition="beta_1"/>
+        <vers num="1.19" edition="beta_2"/>
+        <vers num="1.19.0"/>
+        <vers num="1.19.1"/>
+        <vers num="1.19.10"/>
+        <vers prev="1" num="1.19.11"/>
+        <vers num="1.19.2"/>
+        <vers num="1.19.3"/>
+        <vers num="1.19.4"/>
+        <vers num="1.19.5"/>
+        <vers num="1.19.6"/>
+        <vers num="1.19.7"/>
+        <vers num="1.19.8"/>
+        <vers num="1.19.9"/>
+        <vers num="1.20"/>
+        <vers num="1.20.1"/>
+        <vers num="1.20.2"/>
+        <vers num="1.20.3"/>
+        <vers num="1.20.4"/>
+        <vers num="1.20.5"/>
+        <vers num="1.20.6"/>
+        <vers num="1.20.7"/>
+        <vers num="1.20.8"/>
+        <vers num="1.21"/>
+        <vers num="1.21.1"/>
+        <vers num="1.21.2"/>
+        <vers num="1.21.3"/>
+        <vers num="1.21.4"/>
+        <vers num="1.21.5"/>
+        <vers num="1.22.0"/>
+        <vers num="1.22.1"/>
+        <vers num="1.22.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2243" published="2014-03-01" name="CVE-2014-2243" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html" source="MLIST" patch="1" adv="1">[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12</ref>
+      <ref url="https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z" source="CONFIRM">https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z</ref>
+      <ref url="https://bugzilla.wikimedia.org/show_bug.cgi?id=61346" source="CONFIRM" adv="1">https://bugzilla.wikimedia.org/show_bug.cgi?id=61346</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1071136" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1071136</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/01/2" source="MLIST">[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/28/1" source="MLIST">[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mediawiki" name="mediawiki">
+        <vers num="1.1.0"/>
+        <vers num="1.10.0" edition="rc1"/>
+        <vers num="1.10.0" edition="rc2"/>
+        <vers num="1.10.1"/>
+        <vers num="1.10.2"/>
+        <vers num="1.10.3"/>
+        <vers num="1.10.4"/>
+        <vers num="1.11"/>
+        <vers num="1.11.0" edition="rc1"/>
+        <vers num="1.11.1"/>
+        <vers num="1.11.2"/>
+        <vers num="1.12.0" edition="rc1"/>
+        <vers num="1.12.1"/>
+        <vers num="1.12.2"/>
+        <vers num="1.12.3"/>
+        <vers num="1.12.4"/>
+        <vers num="1.13.0" edition="rc1"/>
+        <vers num="1.13.0" edition="rc2"/>
+        <vers num="1.13.1"/>
+        <vers num="1.13.2"/>
+        <vers num="1.13.3"/>
+        <vers num="1.13.4"/>
+        <vers num="1.14.0" edition="rc1"/>
+        <vers num="1.14.1"/>
+        <vers num="1.15.0" edition="rc1"/>
+        <vers num="1.15.1"/>
+        <vers num="1.15.2"/>
+        <vers num="1.15.3"/>
+        <vers num="1.15.4"/>
+        <vers num="1.15.5"/>
+        <vers num="1.16.0" edition="beta1"/>
+        <vers num="1.16.0" edition="beta2"/>
+        <vers num="1.16.0" edition="beta3"/>
+        <vers num="1.16.1"/>
+        <vers num="1.16.2"/>
+        <vers num="1.17" edition="beta_1"/>
+        <vers num="1.17.0" edition="rc1"/>
+        <vers num="1.17.1"/>
+        <vers num="1.17.2"/>
+        <vers num="1.17.3"/>
+        <vers num="1.17.4"/>
+        <vers num="1.18" edition="beta_1"/>
+        <vers num="1.18.0" edition="rc1"/>
+        <vers num="1.18.1"/>
+        <vers num="1.18.2"/>
+        <vers num="1.18.3"/>
+        <vers num="1.19" edition="beta_1"/>
+        <vers num="1.19" edition="beta_2"/>
+        <vers num="1.19.0"/>
+        <vers num="1.19.1"/>
+        <vers num="1.19.10"/>
+        <vers prev="1" num="1.19.11"/>
+        <vers num="1.19.2"/>
+        <vers num="1.19.3"/>
+        <vers num="1.19.4"/>
+        <vers num="1.19.5"/>
+        <vers num="1.19.6"/>
+        <vers num="1.19.7"/>
+        <vers num="1.19.8"/>
+        <vers num="1.19.9"/>
+        <vers num="1.20"/>
+        <vers num="1.20.1"/>
+        <vers num="1.20.2"/>
+        <vers num="1.20.3"/>
+        <vers num="1.20.4"/>
+        <vers num="1.20.5"/>
+        <vers num="1.20.6"/>
+        <vers num="1.20.7"/>
+        <vers num="1.20.8"/>
+        <vers num="1.21"/>
+        <vers num="1.21.1"/>
+        <vers num="1.21.2"/>
+        <vers num="1.21.3"/>
+        <vers num="1.21.4"/>
+        <vers num="1.21.5"/>
+        <vers num="1.22.0"/>
+        <vers num="1.22.1"/>
+        <vers num="1.22.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2244" published="2014-03-01" name="CVE-2014-2244" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-February/000141.html" source="MLIST" patch="1" adv="1">[mediawiki-announce] 20140228 MediaWiki Security and Maintenance Releases: 1.22.3, 1.21.6 and 1.19.12</ref>
+      <ref url="https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb,n,z" source="CONFIRM">https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb,n,z</ref>
+      <ref url="https://bugzilla.wikimedia.org/show_bug.cgi?id=61362" source="CONFIRM" adv="1">https://bugzilla.wikimedia.org/show_bug.cgi?id=61362</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1071139" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1071139</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/01/2" source="MLIST">[oss-security] 20140301 Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/02/28/1" source="MLIST">[oss-security] 20140228 CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mediawiki" name="mediawiki">
+        <vers num="1.1.0"/>
+        <vers num="1.10.0" edition="rc1"/>
+        <vers num="1.10.0" edition="rc2"/>
+        <vers num="1.10.1"/>
+        <vers num="1.10.2"/>
+        <vers num="1.10.3"/>
+        <vers num="1.10.4"/>
+        <vers num="1.11"/>
+        <vers num="1.11.0" edition="rc1"/>
+        <vers num="1.11.1"/>
+        <vers num="1.11.2"/>
+        <vers num="1.12.0" edition="rc1"/>
+        <vers num="1.12.1"/>
+        <vers num="1.12.2"/>
+        <vers num="1.12.3"/>
+        <vers num="1.12.4"/>
+        <vers num="1.13.0" edition="rc1"/>
+        <vers num="1.13.0" edition="rc2"/>
+        <vers num="1.13.1"/>
+        <vers num="1.13.2"/>
+        <vers num="1.13.3"/>
+        <vers num="1.13.4"/>
+        <vers num="1.14.0" edition="rc1"/>
+        <vers num="1.14.1"/>
+        <vers num="1.15.0" edition="rc1"/>
+        <vers num="1.15.1"/>
+        <vers num="1.15.2"/>
+        <vers num="1.15.3"/>
+        <vers num="1.15.4"/>
+        <vers num="1.15.5"/>
+        <vers num="1.16.0" edition="beta1"/>
+        <vers num="1.16.0" edition="beta2"/>
+        <vers num="1.16.0" edition="beta3"/>
+        <vers num="1.16.1"/>
+        <vers num="1.16.2"/>
+        <vers num="1.17" edition="beta_1"/>
+        <vers num="1.17.0" edition="rc1"/>
+        <vers num="1.17.1"/>
+        <vers num="1.17.2"/>
+        <vers num="1.17.3"/>
+        <vers num="1.17.4"/>
+        <vers num="1.18" edition="beta_1"/>
+        <vers num="1.18.0" edition="rc1"/>
+        <vers num="1.18.1"/>
+        <vers num="1.18.2"/>
+        <vers num="1.18.3"/>
+        <vers num="1.19" edition="beta_1"/>
+        <vers num="1.19" edition="beta_2"/>
+        <vers num="1.19.0"/>
+        <vers num="1.19.1"/>
+        <vers num="1.19.10"/>
+        <vers prev="1" num="1.19.11"/>
+        <vers num="1.19.2"/>
+        <vers num="1.19.3"/>
+        <vers num="1.19.4"/>
+        <vers num="1.19.5"/>
+        <vers num="1.19.6"/>
+        <vers num="1.19.7"/>
+        <vers num="1.19.8"/>
+        <vers num="1.19.9"/>
+        <vers num="1.20"/>
+        <vers num="1.20.1"/>
+        <vers num="1.20.2"/>
+        <vers num="1.20.3"/>
+        <vers num="1.20.4"/>
+        <vers num="1.20.5"/>
+        <vers num="1.20.6"/>
+        <vers num="1.20.7"/>
+        <vers num="1.20.8"/>
+        <vers num="1.21"/>
+        <vers num="1.21.1"/>
+        <vers num="1.21.2"/>
+        <vers num="1.21.3"/>
+        <vers num="1.21.4"/>
+        <vers num="1.21.5"/>
+        <vers num="1.22.0"/>
+        <vers num="1.22.1"/>
+        <vers num="1.22.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2245" published="2014-03-05" name="CVE-2014-2245" modified="2014-03-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="6.0" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.8" CVSS_base_score="6.0">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php.  NOTE: some of these details are obtained from third party information.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/65953" source="BID">65953</ref>
+      <ref url="http://secunia.com/advisories/56996" source="SECUNIA" adv="1">56996</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/467" source="MLIST">[oss-security] 20140301 Re: CVE request: CMS Made Simple SQL injection fixed in 1.11.10</ref>
+      <ref url="http://dev.cmsmadesimple.org/project/changelog/4602" source="CONFIRM" adv="1">http://dev.cmsmadesimple.org/project/changelog/4602</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cmsmadesimple" name="cms_made_simple">
+        <vers num="0.1"/>
+        <vers num="0.10"/>
+        <vers num="0.10.1"/>
+        <vers num="0.10.2"/>
+        <vers num="0.10.3"/>
+        <vers num="0.10.4"/>
+        <vers num="0.11"/>
+        <vers num="0.11.1"/>
+        <vers num="0.11.2"/>
+        <vers num="0.12"/>
+        <vers num="0.12.1"/>
+        <vers num="0.12.2"/>
+        <vers num="0.13"/>
+        <vers num="0.2"/>
+        <vers num="0.2.1"/>
+        <vers num="0.3"/>
+        <vers num="0.3.1"/>
+        <vers num="0.3.2"/>
+        <vers num="0.4"/>
+        <vers num="0.4.1"/>
+        <vers num="0.5"/>
+        <vers num="0.5.1"/>
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.6.2"/>
+        <vers num="0.6.3"/>
+        <vers num="0.7"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.7.3"/>
+        <vers num="0.8"/>
+        <vers num="0.8.1"/>
+        <vers num="0.8.2"/>
+        <vers num="0.9"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers num="1.0"/>
+        <vers num="1.0.1"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.4"/>
+        <vers num="1.0.5"/>
+        <vers num="1.0.6"/>
+        <vers num="1.1"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.3"/>
+        <vers num="1.1.3.1"/>
+        <vers num="1.1.4"/>
+        <vers num="1.10"/>
+        <vers num="1.10.1"/>
+        <vers num="1.10.2"/>
+        <vers num="1.10.3"/>
+        <vers num="1.11"/>
+        <vers num="1.11.1"/>
+        <vers num="1.11.2"/>
+        <vers num="1.11.2.1"/>
+        <vers num="1.11.3"/>
+        <vers num="1.11.4"/>
+        <vers num="1.11.5"/>
+        <vers num="1.11.6"/>
+        <vers num="1.11.7"/>
+        <vers num="1.11.8"/>
+        <vers prev="1" num="1.11.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2246" published="2014-03-16" name="CVE-2014-2246" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" source="CONFIRM" patch="1" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7-1500_cpu_firmware">
+        <vers num="1.0.1"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers prev="1" num="1.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2247" published="2014-03-16" name="CVE-2014-2247" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors.</descript>
+      <descript source="nvd">CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" source="CONFIRM" patch="1" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7-1500_cpu_firmware">
+        <vers num="1.0.1"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers prev="1" num="1.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2248" published="2014-03-16" name="CVE-2014-2248" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.</descript>
+      <descript source="nvd">CWE-601: URL Redirection to Untrusted Site (“Open Redirect”)</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" source="CONFIRM" patch="1" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7-1500_cpu_firmware">
+        <vers num="1.0.1"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers prev="1" num="1.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2249" published="2014-03-16" name="CVE-2014-2249" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02</ref>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" source="CONFIRM" patch="1" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" source="CONFIRM">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7-1500_cpu_firmware">
+        <vers num="1.0.1"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers prev="1" num="1.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2250" published="2014-03-24" name="CVE-2014-2250" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:C)" CVSS_score="8.3" CVSS_impact_subscore="8.5" CVSS_exploit_subscore="8.6" CVSS_base_score="8.3">
+    <desc>
+      <descript source="cve">The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7_cpu-1211c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1212c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1214c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1215c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1217c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1200_firmware">
+        <vers num="3.0"/>
+        <vers prev="1" num="3.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2251" published="2014-03-16" name="CVE-2014-2251" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:C)" CVSS_score="8.3" CVSS_impact_subscore="8.5" CVSS_exploit_subscore="8.6" CVSS_base_score="8.3">
+    <desc>
+      <descript source="cve">The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors.</descript>
+      <descript source="nvd">CWE-331: Insufficient Entropy</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" source="CONFIRM" patch="1" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7-1500_cpu_firmware">
+        <vers num="1.0.1"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers prev="1" num="1.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2252" published="2014-03-24" name="CVE-2014-2252" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="6.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.5" CVSS_base_score="6.1">
+    <desc>
+      <descript source="cve">Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted PROFINET packets, a different vulnerability than CVE-2014-2253.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7_cpu-1211c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1212c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1214c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1215c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1217c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1200_firmware">
+        <vers num="3.0"/>
+        <vers prev="1" num="3.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2253" published="2014-03-16" name="CVE-2014-2253" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="6.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.5" CVSS_base_score="6.1">
+    <desc>
+      <descript source="cve">Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets.</descript>
+      <descript source="nvd">CWE-404: Improper Resource Shutdown or Release</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" source="CONFIRM" patch="1" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7-1500_cpu_firmware">
+        <vers num="1.0.1"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers prev="1" num="1.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2254" published="2014-03-24" name="CVE-2014-2254" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets, a different vulnerability than CVE-2014-2255.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7_cpu-1211c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1212c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1214c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1215c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1217c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1200_firmware">
+        <vers num="3.0"/>
+        <vers prev="1" num="3.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2255" published="2014-03-16" name="CVE-2014-2255" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets.</descript>
+      <descript source="nvd">CWE-404: Improper Resource Shutdown or Release</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" source="CONFIRM" patch="1" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7-1500_cpu_firmware">
+        <vers num="1.0.1"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers prev="1" num="1.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2256" published="2014-03-24" name="CVE-2014-2256" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7_cpu-1211c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1212c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1214c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1215c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1217c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1200_firmware">
+        <vers num="3.0"/>
+        <vers prev="1" num="3.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2257" published="2014-03-16" name="CVE-2014-2257" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets.</descript>
+      <descript source="nvd">CWE-404: Improper Resource Shutdown or Release</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" source="CONFIRM" patch="1" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7-1500_cpu_firmware">
+        <vers num="1.0.1"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers prev="1" num="1.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2258" published="2014-03-24" name="CVE-2014-2258" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets, a different vulnerability than CVE-2014-2259.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-079-02</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-654382.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7_cpu-1211c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1212c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1214c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1215c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1217c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1200_firmware">
+        <vers num="3.0"/>
+        <vers prev="1" num="3.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2259" published="2014-03-16" name="CVE-2014-2259" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets.</descript>
+      <descript source="nvd">CWE-404: Improper Resource Shutdown or Release</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-073-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf" source="CONFIRM" patch="1" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7-1500_cpu_firmware">
+        <vers num="1.0.1"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers prev="1" num="1.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2260" published="2014-04-30" name="CVE-2014-2260" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310" source="MISC" patch="1">https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310</ref>
+      <ref url="https://github.com/Eugeny/ajenti/issues/233" source="CONFIRM">https://github.com/Eugeny/ajenti/issues/233</ref>
+      <ref url="http://www.securityfocus.com/bid/64982" source="BID">64982</ref>
+      <ref url="http://www.osvdb.org/102174" source="OSVDB">102174</ref>
+      <ref url="http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ajenti" name="ajenti">
+        <vers num="1.2.13"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2262" published="2014-02-28" name="CVE-2014-2262" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140227-0_SAS_Buffer_overflow_v10.txt" source="MISC">https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140227-0_SAS_Buffer_overflow_v10.txt</ref>
+      <ref url="http://www.securityfocus.com/bid/65853" source="BID">65853</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531283/100/0/threaded" source="BUGTRAQ">20140227 SEC Consult SA-20140227-0 :: Local Buffer Overflow vulnerability in SAS for Windows (Statistical Analysis System)</ref>
+      <ref url="http://support.sas.com/kb/51/701.html" source="CONFIRM" adv="1">http://support.sas.com/kb/51/701.html</ref>
+      <ref url="http://secunia.com/advisories/57029" source="SECUNIA" adv="1">57029</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sas" name="base_sas">
+        <vers num="9.2" edition="ts2m"/>
+        <vers num="9.3" edition="ts1m1"/>
+        <vers num="9.3" edition="ts1m2"/>
+        <vers num="9.4" edition="ts1m0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2263" published="2014-02-28" name="CVE-2014-2263" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://git.videolan.org/?p=ffmpeg.git;a=commit;h=842b6c14bc" source="CONFIRM" patch="1">http://git.videolan.org/?p=ffmpeg.git;a=commit;h=842b6c14bc</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91174" source="XF">ffmpeg-mpegtswritepmt-bo(91174)</ref>
+      <ref url="http://www.securityfocus.com/bid/65560" source="BID">65560</ref>
+      <ref url="http://secunia.com/advisories/56971" source="SECUNIA" adv="1">56971</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ffmpeg" name="ffmpeg">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers prev="1" num="2.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2264" published="2014-03-02" name="CVE-2014-2264" modified="2014-03-03" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:N/A:N)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/534284" source="CERT-VN">VU#534284</ref>
+      <ref url="http://forum.synology.com/enu/viewtopic.php?f=173&amp;t=77644" source="MISC">http://forum.synology.com/enu/viewtopic.php?f=173&amp;t=77644</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="synology" name="diskstation_manager">
+        <vers num="4.3-3810" edition="1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2265" published="2014-03-14" name="CVE-2014-2265" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://contactform7.com/2014/02/26/contact-form-7-372/" source="CONFIRM" patch="1" adv="1">http://contactform7.com/2014/02/26/contact-form-7-372/</ref>
+      <ref url="http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/" source="MISC">http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/</ref>
+      <ref url="http://wordpress.org/plugins/contact-form-7/changelog" source="CONFIRM">http://wordpress.org/plugins/contact-form-7/changelog</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="rocklobster" name="contact_form_7">
+        <vers num="3.6" edition=":~~~wordpress~~"/>
+        <vers num="3.7" edition=":~~~wordpress~~"/>
+        <vers prev="1" num="3.7.1" edition=":~~~wordpress~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2269" published="2014-04-22" name="CVE-2014-2269" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:P)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html" source="MLIST" patch="1">[Vtigercrm-developers] 20140316 IMP: forgot password and re-installation security fix</ref>
+      <ref url="http://www.securityfocus.com/bid/66758" source="BID">66758</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="vtiger" name="vtiger_crm">
+        <vers num="6.0.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2270" published="2014-03-14" name="CVE-2014-2270" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801" source="CONFIRM" patch="1">https://github.com/file/file/commit/447558595a3650db2886cd2f416ad0beba965801</ref>
+      <ref url="http://bugs.gw.com/view.php?id=313" source="CONFIRM" patch="1">http://bugs.gw.com/view.php?id=313</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2163-1" source="UBUNTU">USN-2163-1</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2162-1" source="UBUNTU">USN-2162-1</ref>
+      <ref url="http://www.php.net/ChangeLog-5.php" source="CONFIRM">http://www.php.net/ChangeLog-5.php</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2873" source="DEBIAN">DSA-2873</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/505" source="MLIST">[oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/504" source="MLIST">[oss-security] 20140305 Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/473" source="MLIST">[oss-security] 20140303 CVE Request: file: crashes when checking softmagic for some corrupt PE executables</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00084.html" source="SUSE">openSUSE-SU-2014:0435</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00037.html" source="SUSE">openSUSE-SU-2014:0367</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00034.html" source="SUSE">openSUSE-SU-2014:0364</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="christos_zoulas" name="file">
+        <vers num="5.00"/>
+        <vers num="5.01"/>
+        <vers num="5.02"/>
+        <vers num="5.03"/>
+        <vers num="5.04"/>
+        <vers num="5.05"/>
+        <vers num="5.06"/>
+        <vers num="5.07"/>
+        <vers num="5.08"/>
+        <vers num="5.09"/>
+        <vers num="5.10"/>
+        <vers num="5.11"/>
+        <vers num="5.12"/>
+        <vers num="5.13"/>
+        <vers num="5.14"/>
+        <vers num="5.15"/>
+        <vers prev="1" num="5.16"/>
+      </prod>
+      <prod vendor="tim_robbins" name="libmagic">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2276" published="2014-03-21" name="CVE-2014-2276" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91987" source="XF">connectrix-cve20142276-info-disc(91987)</ref>
+      <ref url="http://www.securitytracker.com/id/1029939" source="SECTRACK">1029939</ref>
+      <ref url="http://www.securityfocus.com/bid/66308" source="BID">66308</ref>
+      <ref url="http://secunia.com/advisories/57513" source="SECUNIA">57513</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0115.html" source="BUGTRAQ">20140318 ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="emc" name="connectrix_manager">
+        <vers prev="1" num="12.1.2" edition="-:~-~converged_network_edition~~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2280" published="2014-03-20" name="CVE-2014-2280" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91830" source="XF">seeddms-cve20142280-xss(91830)</ref>
+      <ref url="http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG" source="CONFIRM">http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG</ref>
+      <ref url="http://secunia.com/advisories/57475" source="SECUNIA" adv="1">57475</ref>
+      <ref url="http://packetstormsecurity.com/files/125726" source="MISC">http://packetstormsecurity.com/files/125726</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-03/0101.html" source="BUGTRAQ">20140314 Multiple Vulnerabilities in SeedDMS &lt; = 4.3.3</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="seeddms" name="seeddms">
+        <vers num="3.3.12"/>
+        <vers num="3.4.3"/>
+        <vers prev="1" num="4.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2281" published="2014-03-11" name="CVE-2014-2281" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672" source="CONFIRM" patch="1">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672</ref>
+      <ref url="http://anonsvn.wireshark.org/viewvc?view=revision&amp;revision=54875" source="CONFIRM" patch="1">http://anonsvn.wireshark.org/viewvc?view=revision&amp;revision=54875</ref>
+      <ref url="http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875&amp;r2=54874&amp;pathrev=54875" source="CONFIRM" patch="1">http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875&amp;r2=54874&amp;pathrev=54875</ref>
+      <ref url="http://www.wireshark.org/security/wnpa-sec-2014-01.html" source="CONFIRM" adv="1">http://www.wireshark.org/security/wnpa-sec-2014-01.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2871" source="DEBIAN">DSA-2871</ref>
+      <ref url="http://secunia.com/advisories/57489" source="SECUNIA">57489</ref>
+      <ref url="http://secunia.com/advisories/57480" source="SECUNIA">57480</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0342.html" source="REDHAT">RHSA-2014:0342</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0341.html" source="REDHAT">RHSA-2014:0341</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" source="SUSE">openSUSE-SU-2014:0383</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" source="SUSE">openSUSE-SU-2014:0382</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="wireshark" name="wireshark">
+        <vers num="1.10.0"/>
+        <vers num="1.10.1"/>
+        <vers num="1.10.2"/>
+        <vers num="1.10.3"/>
+        <vers num="1.10.4"/>
+        <vers num="1.10.5"/>
+        <vers num="1.8.0"/>
+        <vers num="1.8.1"/>
+        <vers num="1.8.10"/>
+        <vers num="1.8.11"/>
+        <vers num="1.8.12"/>
+        <vers num="1.8.2"/>
+        <vers num="1.8.3"/>
+        <vers num="1.8.4"/>
+        <vers num="1.8.5"/>
+        <vers num="1.8.6"/>
+        <vers num="1.8.7"/>
+        <vers num="1.8.8"/>
+        <vers num="1.8.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2282" published="2014-03-11" name="CVE-2014-2282" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://anonsvn.wireshark.org/viewvc?view=revision&amp;revision=51608" source="CONFIRM" patch="1">http://anonsvn.wireshark.org/viewvc?view=revision&amp;revision=51608</ref>
+      <ref url="http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-m3ua.c?r1=51608&amp;r2=51607&amp;pathrev=51608" source="CONFIRM" patch="1">http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-m3ua.c?r1=51608&amp;r2=51607&amp;pathrev=51608</ref>
+      <ref url="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699" source="CONFIRM">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699</ref>
+      <ref url="http://www.wireshark.org/security/wnpa-sec-2014-02.html" source="CONFIRM" adv="1">http://www.wireshark.org/security/wnpa-sec-2014-02.html</ref>
+      <ref url="http://secunia.com/advisories/57480" source="SECUNIA">57480</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" source="SUSE">openSUSE-SU-2014:0382</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="wireshark" name="wireshark">
+        <vers num="1.10.0"/>
+        <vers num="1.10.1"/>
+        <vers num="1.10.2"/>
+        <vers num="1.10.3"/>
+        <vers num="1.10.4"/>
+        <vers num="1.10.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2283" published="2014-03-11" name="CVE-2014-2283" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 uses inconsistent memory-management approaches, which allows remote attackers to cause a denial of service (use-after-free error and application crash) via a crafted UMTS Radio Link Control packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=217293ba4a0353bf5d657e74fe8623dd3c86fe08" source="CONFIRM" patch="1">https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=217293ba4a0353bf5d657e74fe8623dd3c86fe08</ref>
+      <ref url="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9802" source="CONFIRM">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9802</ref>
+      <ref url="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730" source="CONFIRM">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730</ref>
+      <ref url="http://www.wireshark.org/security/wnpa-sec-2014-03.html" source="CONFIRM" adv="1">http://www.wireshark.org/security/wnpa-sec-2014-03.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2871" source="DEBIAN">DSA-2871</ref>
+      <ref url="http://secunia.com/advisories/57489" source="SECUNIA">57489</ref>
+      <ref url="http://secunia.com/advisories/57480" source="SECUNIA">57480</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0342.html" source="REDHAT">RHSA-2014:0342</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" source="SUSE">openSUSE-SU-2014:0383</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" source="SUSE">openSUSE-SU-2014:0382</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="wireshark" name="wireshark">
+        <vers num="1.10.0"/>
+        <vers num="1.10.1"/>
+        <vers num="1.10.2"/>
+        <vers num="1.10.3"/>
+        <vers num="1.10.4"/>
+        <vers num="1.10.5"/>
+        <vers num="1.8.0"/>
+        <vers num="1.8.1"/>
+        <vers num="1.8.10"/>
+        <vers num="1.8.11"/>
+        <vers num="1.8.12"/>
+        <vers num="1.8.2"/>
+        <vers num="1.8.3"/>
+        <vers num="1.8.4"/>
+        <vers num="1.8.5"/>
+        <vers num="1.8.6"/>
+        <vers num="1.8.7"/>
+        <vers num="1.8.8"/>
+        <vers num="1.8.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2284" published="2014-03-24" name="CVE-2014-2284" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.ubuntu.com/usn/USN-2166-1" source="UBUNTU">USN-2166-1</ref>
+      <ref url="http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/" source="MLIST">[net-snmp-announce] 20140225 Multiple Security-fix Net-SNMP Releases: 5.5.2.1, 5.6.2.1, and 5.7.2.1</ref>
+      <ref url="http://secunia.com/advisories/57870" source="SECUNIA">57870</ref>
+      <ref url="http://secunia.com/advisories/57583" source="SECUNIA">57583</ref>
+      <ref url="http://secunia.com/advisories/57526" source="SECUNIA" adv="1">57526</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0321.html" source="REDHAT">RHSA-2014:0321</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html" source="SUSE">openSUSE-SU-2014:0399</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html" source="SUSE">openSUSE-SU-2014:0398</ref>
+      <ref url="http://comments.gmane.org/gmane.comp.security.oss.general/12284" source="MLIST">[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="net-snmp" name="net-snmp">
+        <vers num="5.5"/>
+        <vers num="5.5.0.1"/>
+        <vers num="5.5.0.2"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.1.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.6"/>
+        <vers num="5.6.1.1"/>
+        <vers num="5.6.2"/>
+        <vers num="5.7"/>
+        <vers num="5.7.1"/>
+        <vers num="5.7.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2285" published="2014-04-27" name="CVE-2014-2285" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1072778" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1072778</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1072044" source="CONFIRM" adv="1">https://bugzilla.redhat.com/show_bug.cgi?id=1072044</ref>
+      <ref url="http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html" source="MISC">http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html</ref>
+      <ref url="http://sourceforge.net/p/net-snmp/patches/1275/" source="CONFIRM">http://sourceforge.net/p/net-snmp/patches/1275/</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html" source="SUSE">openSUSE-SU-2014:0399</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html" source="SUSE">openSUSE-SU-2014:0398</ref>
+      <ref url="http://comments.gmane.org/gmane.comp.security.oss.general/12284" source="MLIST">[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="net-snmp" name="net-snmp">
+        <vers prev="1" num="5.7.3" edition="pre1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2286" published="2014-04-18" name="CVE-2014-2286" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://downloads.asterisk.org/pub/security/AST-2014-001.html" source="CONFIRM" patch="1" adv="1">http://downloads.asterisk.org/pub/security/AST-2014-001.html</ref>
+      <ref url="http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff" source="MISC" patch="1">http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff</ref>
+      <ref url="https://issues.asterisk.org/jira/browse/ASTERISK-23340" source="CONFIRM">https://issues.asterisk.org/jira/browse/ASTERISK-23340</ref>
+      <ref url="http://www.securityfocus.com/bid/66093" source="BID">66093</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:078" source="MANDRIVA">MDVSA-2014:078</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html" source="FEDORA">FEDORA-2014-3762</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html" source="FEDORA">FEDORA-2014-3779</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="digium" name="asterisk">
+        <vers num="1.8.0" edition="beta1"/>
+        <vers num="1.8.0" edition="beta2"/>
+        <vers num="1.8.0" edition="beta3"/>
+        <vers num="1.8.0" edition="beta4"/>
+        <vers num="1.8.0" edition="beta5"/>
+        <vers num="1.8.0" edition="rc2"/>
+        <vers num="1.8.0" edition="rc3"/>
+        <vers num="1.8.0" edition="rc4"/>
+        <vers num="1.8.0" edition="rc5"/>
+        <vers num="1.8.1" edition="rc1"/>
+        <vers num="1.8.1.1"/>
+        <vers num="1.8.1.2"/>
+        <vers num="1.8.10.0" edition="-"/>
+        <vers num="1.8.10.0" edition="rc1"/>
+        <vers num="1.8.10.0" edition="rc2"/>
+        <vers num="1.8.10.0" edition="rc3"/>
+        <vers num="1.8.10.0" edition="rc4"/>
+        <vers num="1.8.10.1"/>
+        <vers num="1.8.11.0" edition="-"/>
+        <vers num="1.8.11.0" edition="patch"/>
+        <vers num="1.8.11.0" edition="rc2"/>
+        <vers num="1.8.11.0" edition="rc3"/>
+        <vers num="1.8.11.1" edition="-"/>
+        <vers num="1.8.11.1" edition="patch"/>
+        <vers num="1.8.12"/>
+        <vers num="1.8.12.0" edition="-"/>
+        <vers num="1.8.12.0" edition="rc1"/>
+        <vers num="1.8.12.0" edition="rc2"/>
+        <vers num="1.8.12.0" edition="rc3"/>
+        <vers num="1.8.12.1"/>
+        <vers num="1.8.12.2"/>
+        <vers num="1.8.13.0" edition="rc1"/>
+        <vers num="1.8.13.0" edition="rc2"/>
+        <vers num="1.8.13.1"/>
+        <vers num="1.8.14.0" edition="-"/>
+        <vers num="1.8.14.0" edition="patch"/>
+        <vers num="1.8.14.0" edition="rc1"/>
+        <vers num="1.8.14.0" edition="rc2"/>
+        <vers num="1.8.14.1" edition="-"/>
+        <vers num="1.8.14.1" edition="patch"/>
+        <vers num="1.8.15.0" edition="-"/>
+        <vers num="1.8.15.0" edition="rc1"/>
+        <vers num="1.8.15.1"/>
+        <vers num="1.8.16.0" edition="-"/>
+        <vers num="1.8.16.0" edition="rc1"/>
+        <vers num="1.8.16.0" edition="rc2"/>
+        <vers num="1.8.17.0" edition="-"/>
+        <vers num="1.8.17.0" edition="patch"/>
+        <vers num="1.8.17.0" edition="rc1"/>
+        <vers num="1.8.17.0" edition="rc2"/>
+        <vers num="1.8.17.0" edition="rc3"/>
+        <vers num="1.8.18.0" edition="-"/>
+        <vers num="1.8.18.0" edition="rc1"/>
+        <vers num="1.8.18.1"/>
+        <vers num="1.8.19.0" edition="-"/>
+        <vers num="1.8.19.0" edition="rc1"/>
+        <vers num="1.8.19.0" edition="rc3"/>
+        <vers num="1.8.19.1"/>
+        <vers num="1.8.2"/>
+        <vers num="1.8.2.1"/>
+        <vers num="1.8.2.2"/>
+        <vers num="1.8.2.3"/>
+        <vers num="1.8.2.4"/>
+        <vers num="1.8.20.0" edition="-"/>
+        <vers num="1.8.20.0" edition="patch"/>
+        <vers num="1.8.20.0" edition="rc1"/>
+        <vers num="1.8.20.0" edition="rc2"/>
+        <vers num="1.8.20.1" edition="-"/>
+        <vers num="1.8.20.1" edition="patch"/>
+        <vers num="1.8.20.2" edition="-"/>
+        <vers num="1.8.20.2" edition="patch"/>
+        <vers num="1.8.21.0" edition="-"/>
+        <vers num="1.8.21.0" edition="rc1"/>
+        <vers num="1.8.21.0" edition="rc2"/>
+        <vers num="1.8.22.0" edition="-"/>
+        <vers num="1.8.22.0" edition="rc1"/>
+        <vers num="1.8.22.0" edition="rc2"/>
+        <vers num="1.8.23.0" edition="-"/>
+        <vers num="1.8.23.0" edition="patch"/>
+        <vers num="1.8.23.0" edition="rc1"/>
+        <vers num="1.8.23.0" edition="rc2"/>
+        <vers num="1.8.23.1"/>
+        <vers num="1.8.24.0" edition="-"/>
+        <vers num="1.8.24.0" edition="rc1"/>
+        <vers num="1.8.24.0" edition="rc2"/>
+        <vers num="1.8.24.1"/>
+        <vers num="1.8.25.0" edition="-"/>
+        <vers num="1.8.25.0" edition="rc1"/>
+        <vers num="1.8.25.0" edition="rc2"/>
+        <vers num="1.8.26.0" edition="-"/>
+        <vers num="1.8.26.0" edition="rc1"/>
+        <vers num="1.8.3" edition="rc1"/>
+        <vers num="1.8.3" edition="rc2"/>
+        <vers num="1.8.3" edition="rc3"/>
+        <vers num="1.8.3.1"/>
+        <vers num="1.8.3.2"/>
+        <vers num="1.8.3.3"/>
+        <vers num="1.8.4" edition="rc1"/>
+        <vers num="1.8.4" edition="rc2"/>
+        <vers num="1.8.4" edition="rc3"/>
+        <vers num="1.8.4.1"/>
+        <vers num="1.8.4.2"/>
+        <vers num="1.8.4.3"/>
+        <vers num="1.8.4.4"/>
+        <vers num="1.8.5" edition="rc1"/>
+        <vers num="1.8.5.0"/>
+        <vers num="1.8.6.0" edition="rc1"/>
+        <vers num="1.8.6.0" edition="rc2"/>
+        <vers num="1.8.6.0" edition="rc3"/>
+        <vers num="1.8.7.0" edition="rc1"/>
+        <vers num="1.8.7.0" edition="rc2"/>
+        <vers num="1.8.7.1"/>
+        <vers num="1.8.8.0" edition="-"/>
+        <vers num="1.8.8.0" edition="patch"/>
+        <vers num="1.8.8.0" edition="rc1"/>
+        <vers num="1.8.8.0" edition="rc2"/>
+        <vers num="1.8.8.0" edition="rc3"/>
+        <vers num="1.8.8.0" edition="rc4"/>
+        <vers num="1.8.8.0" edition="rc5"/>
+        <vers num="1.8.8.1"/>
+        <vers num="1.8.8.2"/>
+        <vers num="1.8.9.0" edition="-"/>
+        <vers num="1.8.9.0" edition="rc1"/>
+        <vers num="1.8.9.0" edition="rc2"/>
+        <vers num="1.8.9.0" edition="rc3"/>
+        <vers num="1.8.9.1"/>
+        <vers num="1.8.9.2"/>
+        <vers num="1.8.9.3"/>
+        <vers num="11.8.0" edition="-"/>
+        <vers num="11.8.0" edition="rc1"/>
+        <vers num="11.8.0" edition="rc2"/>
+        <vers num="11.8.0" edition="rc3"/>
+        <vers num="12.1.0" edition="-"/>
+        <vers num="12.1.0" edition="rc1"/>
+        <vers num="12.1.0" edition="rc2"/>
+        <vers num="12.1.0" edition="rc3"/>
+      </prod>
+      <prod vendor="digium" name="certified_asterisk">
+        <vers num="1.8.0.0" edition="-"/>
+        <vers num="1.8.0.0" edition="beta1"/>
+        <vers num="1.8.0.0" edition="beta2"/>
+        <vers num="1.8.0.0" edition="beta3"/>
+        <vers num="1.8.0.0" edition="beta4"/>
+        <vers num="1.8.0.0" edition="beta5"/>
+        <vers num="1.8.0.0" edition="rc1"/>
+        <vers num="1.8.0.0" edition="rc2"/>
+        <vers num="1.8.0.0" edition="rc3"/>
+        <vers num="1.8.0.0" edition="rc4"/>
+        <vers num="1.8.0.0" edition="rc5"/>
+        <vers num="1.8.1.0" edition="-"/>
+        <vers num="1.8.1.0" edition="rc1"/>
+        <vers num="1.8.10.0" edition="-"/>
+        <vers num="1.8.10.0" edition="rc1"/>
+        <vers num="1.8.10.0" edition="rc2"/>
+        <vers num="1.8.10.0" edition="rc3"/>
+        <vers num="1.8.10.0" edition="rc4"/>
+        <vers num="1.8.11.0" edition="-"/>
+        <vers num="1.8.11.0" edition="rc1"/>
+        <vers num="1.8.11.0" edition="rc2"/>
+        <vers num="1.8.11.0" edition="rc3"/>
+        <vers num="1.8.12.0" edition="-"/>
+        <vers num="1.8.12.0" edition="rc1"/>
+        <vers num="1.8.12.0" edition="rc2"/>
+        <vers num="1.8.12.0" edition="rc3"/>
+        <vers num="1.8.13.0" edition="-"/>
+        <vers num="1.8.13.0" edition="rc1"/>
+        <vers num="1.8.13.0" edition="rc2"/>
+        <vers num="1.8.14.0" edition="rc1"/>
+        <vers num="1.8.14.0" edition="rc2"/>
+        <vers num="1.8.15" edition="-"/>
+        <vers num="1.8.15" edition="cert1"/>
+        <vers num="1.8.15" edition="cert1_rc1"/>
+        <vers num="1.8.15" edition="cert1_rc2"/>
+        <vers num="1.8.15" edition="cert1_rc3"/>
+        <vers num="1.8.15" edition="cert2"/>
+        <vers num="1.8.15" edition="cert3"/>
+        <vers num="1.8.15" edition="cert4"/>
+        <vers num="1.8.2.0" edition="-"/>
+        <vers num="1.8.2.0" edition="rc1"/>
+        <vers num="1.8.3.0" edition="-"/>
+        <vers num="1.8.3.0" edition="rc1"/>
+        <vers num="1.8.3.0" edition="rc2"/>
+        <vers num="1.8.3.0" edition="rc3"/>
+        <vers num="1.8.4.0" edition="-"/>
+        <vers num="1.8.4.0" edition="rc1"/>
+        <vers num="1.8.4.0" edition="rc2"/>
+        <vers num="1.8.4.0" edition="rc3"/>
+        <vers num="1.8.5.0" edition="-"/>
+        <vers num="1.8.5.0" edition="rc1"/>
+        <vers num="1.8.6.0" edition="-"/>
+        <vers num="1.8.6.0" edition="rc1"/>
+        <vers num="1.8.6.0" edition="rc2"/>
+        <vers num="1.8.6.0" edition="rc3"/>
+        <vers num="1.8.7.0" edition="-"/>
+        <vers num="1.8.7.0" edition="rc1"/>
+        <vers num="1.8.7.0" edition="rc2"/>
+        <vers num="1.8.8.0" edition="-"/>
+        <vers num="1.8.8.0" edition="rc1"/>
+        <vers num="1.8.8.0" edition="rc2"/>
+        <vers num="1.8.8.0" edition="rc3"/>
+        <vers num="1.8.8.0" edition="rc4"/>
+        <vers num="1.8.8.0" edition="rc5"/>
+        <vers num="1.8.9.0" edition="-"/>
+        <vers num="1.8.9.0" edition="rc1"/>
+        <vers num="1.8.9.0" edition="rc2"/>
+        <vers num="1.8.9.0" edition="rc3"/>
+        <vers num="11.6" edition="cert1"/>
+        <vers num="11.6" edition="cert1_rc1"/>
+        <vers num="11.6" edition="cert1_rc2"/>
+        <vers num="11.6.0" edition="-"/>
+        <vers num="11.6.0" edition="rc1"/>
+        <vers num="11.6.0" edition="rc2"/>
+      </prod>
+      <prod vendor="fedoraproject" name="fedora">
+        <vers num="19"/>
+        <vers num="20"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2287" published="2014-04-18" name="CVE-2014-2287" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:N/A:P)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://downloads.asterisk.org/pub/security/AST-2014-002.html" source="CONFIRM" patch="1" adv="1">http://downloads.asterisk.org/pub/security/AST-2014-002.html</ref>
+      <ref url="http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff" source="MISC" patch="1">http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diff</ref>
+      <ref url="https://issues.asterisk.org/jira/browse/ASTERISK-23373" source="CONFIRM">https://issues.asterisk.org/jira/browse/ASTERISK-23373</ref>
+      <ref url="http://www.securityfocus.com/bid/66094" source="BID">66094</ref>
+      <ref url="http://www.mandriva.com/security/advisories?name=MDVSA-2014:078" source="MANDRIVA">MDVSA-2014:078</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html" source="FEDORA">FEDORA-2014-3762</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html" source="FEDORA">FEDORA-2014-3779</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="digium" name="asterisk">
+        <vers num="1.8.0" edition="beta1"/>
+        <vers num="1.8.0" edition="beta2"/>
+        <vers num="1.8.0" edition="beta3"/>
+        <vers num="1.8.0" edition="beta4"/>
+        <vers num="1.8.0" edition="beta5"/>
+        <vers num="1.8.0" edition="rc2"/>
+        <vers num="1.8.0" edition="rc3"/>
+        <vers num="1.8.0" edition="rc4"/>
+        <vers num="1.8.0" edition="rc5"/>
+        <vers num="1.8.1" edition="rc1"/>
+        <vers num="1.8.1.1"/>
+        <vers num="1.8.1.2"/>
+        <vers num="1.8.10.0" edition="-"/>
+        <vers num="1.8.10.0" edition="rc1"/>
+        <vers num="1.8.10.0" edition="rc2"/>
+        <vers num="1.8.10.0" edition="rc3"/>
+        <vers num="1.8.10.0" edition="rc4"/>
+        <vers num="1.8.10.1"/>
+        <vers num="1.8.11.0" edition="-"/>
+        <vers num="1.8.11.0" edition="patch"/>
+        <vers num="1.8.11.0" edition="rc2"/>
+        <vers num="1.8.11.0" edition="rc3"/>
+        <vers num="1.8.11.1" edition="-"/>
+        <vers num="1.8.11.1" edition="patch"/>
+        <vers num="1.8.12"/>
+        <vers num="1.8.12.0" edition="-"/>
+        <vers num="1.8.12.0" edition="rc1"/>
+        <vers num="1.8.12.0" edition="rc2"/>
+        <vers num="1.8.12.0" edition="rc3"/>
+        <vers num="1.8.12.1"/>
+        <vers num="1.8.12.2"/>
+        <vers num="1.8.13.0" edition="rc1"/>
+        <vers num="1.8.13.0" edition="rc2"/>
+        <vers num="1.8.13.1"/>
+        <vers num="1.8.14.0" edition="-"/>
+        <vers num="1.8.14.0" edition="patch"/>
+        <vers num="1.8.14.0" edition="rc1"/>
+        <vers num="1.8.14.0" edition="rc2"/>
+        <vers num="1.8.14.1" edition="-"/>
+        <vers num="1.8.14.1" edition="patch"/>
+        <vers num="1.8.15.0" edition="-"/>
+        <vers num="1.8.15.0" edition="rc1"/>
+        <vers num="1.8.15.1"/>
+        <vers num="1.8.16.0" edition="-"/>
+        <vers num="1.8.16.0" edition="rc1"/>
+        <vers num="1.8.16.0" edition="rc2"/>
+        <vers num="1.8.17.0" edition="-"/>
+        <vers num="1.8.17.0" edition="patch"/>
+        <vers num="1.8.17.0" edition="rc1"/>
+        <vers num="1.8.17.0" edition="rc2"/>
+        <vers num="1.8.17.0" edition="rc3"/>
+        <vers num="1.8.18.0" edition="-"/>
+        <vers num="1.8.18.0" edition="rc1"/>
+        <vers num="1.8.18.1"/>
+        <vers num="1.8.19.0" edition="-"/>
+        <vers num="1.8.19.0" edition="rc1"/>
+        <vers num="1.8.19.0" edition="rc3"/>
+        <vers num="1.8.19.1"/>
+        <vers num="1.8.2"/>
+        <vers num="1.8.2.1"/>
+        <vers num="1.8.2.2"/>
+        <vers num="1.8.2.3"/>
+        <vers num="1.8.2.4"/>
+        <vers num="1.8.20.0" edition="-"/>
+        <vers num="1.8.20.0" edition="patch"/>
+        <vers num="1.8.20.0" edition="rc1"/>
+        <vers num="1.8.20.0" edition="rc2"/>
+        <vers num="1.8.20.1" edition="-"/>
+        <vers num="1.8.20.1" edition="patch"/>
+        <vers num="1.8.20.2" edition="-"/>
+        <vers num="1.8.20.2" edition="patch"/>
+        <vers num="1.8.21.0" edition="-"/>
+        <vers num="1.8.21.0" edition="rc1"/>
+        <vers num="1.8.21.0" edition="rc2"/>
+        <vers num="1.8.22.0" edition="-"/>
+        <vers num="1.8.22.0" edition="rc1"/>
+        <vers num="1.8.22.0" edition="rc2"/>
+        <vers num="1.8.23.0" edition="-"/>
+        <vers num="1.8.23.0" edition="patch"/>
+        <vers num="1.8.23.0" edition="rc1"/>
+        <vers num="1.8.23.0" edition="rc2"/>
+        <vers num="1.8.23.1"/>
+        <vers num="1.8.24.0" edition="-"/>
+        <vers num="1.8.24.0" edition="rc1"/>
+        <vers num="1.8.24.0" edition="rc2"/>
+        <vers num="1.8.24.1"/>
+        <vers num="1.8.25.0" edition="-"/>
+        <vers num="1.8.25.0" edition="rc1"/>
+        <vers num="1.8.25.0" edition="rc2"/>
+        <vers num="1.8.26.0" edition="-"/>
+        <vers num="1.8.26.0" edition="rc1"/>
+        <vers num="1.8.3" edition="rc1"/>
+        <vers num="1.8.3" edition="rc2"/>
+        <vers num="1.8.3" edition="rc3"/>
+        <vers num="1.8.3.1"/>
+        <vers num="1.8.3.2"/>
+        <vers num="1.8.3.3"/>
+        <vers num="1.8.4" edition="rc1"/>
+        <vers num="1.8.4" edition="rc2"/>
+        <vers num="1.8.4" edition="rc3"/>
+        <vers num="1.8.4.1"/>
+        <vers num="1.8.4.2"/>
+        <vers num="1.8.4.3"/>
+        <vers num="1.8.4.4"/>
+        <vers num="1.8.5" edition="rc1"/>
+        <vers num="1.8.5.0"/>
+        <vers num="1.8.6.0" edition="rc1"/>
+        <vers num="1.8.6.0" edition="rc2"/>
+        <vers num="1.8.6.0" edition="rc3"/>
+        <vers num="1.8.7.0" edition="rc1"/>
+        <vers num="1.8.7.0" edition="rc2"/>
+        <vers num="1.8.7.1"/>
+        <vers num="1.8.8.0" edition="-"/>
+        <vers num="1.8.8.0" edition="patch"/>
+        <vers num="1.8.8.0" edition="rc1"/>
+        <vers num="1.8.8.0" edition="rc2"/>
+        <vers num="1.8.8.0" edition="rc3"/>
+        <vers num="1.8.8.0" edition="rc4"/>
+        <vers num="1.8.8.0" edition="rc5"/>
+        <vers num="1.8.8.1"/>
+        <vers num="1.8.8.2"/>
+        <vers num="1.8.9.0" edition="-"/>
+        <vers num="1.8.9.0" edition="rc1"/>
+        <vers num="1.8.9.0" edition="rc2"/>
+        <vers num="1.8.9.0" edition="rc3"/>
+        <vers num="1.8.9.1"/>
+        <vers num="1.8.9.2"/>
+        <vers num="1.8.9.3"/>
+        <vers num="11.8.0" edition="-"/>
+        <vers num="11.8.0" edition="rc1"/>
+        <vers num="11.8.0" edition="rc2"/>
+        <vers num="11.8.0" edition="rc3"/>
+        <vers num="12.1.0" edition="-"/>
+        <vers num="12.1.0" edition="rc1"/>
+        <vers num="12.1.0" edition="rc2"/>
+        <vers num="12.1.0" edition="rc3"/>
+      </prod>
+      <prod vendor="digium" name="certified_asterisk">
+        <vers num="1.8.0.0" edition="-"/>
+        <vers num="1.8.0.0" edition="beta1"/>
+        <vers num="1.8.0.0" edition="beta2"/>
+        <vers num="1.8.0.0" edition="beta3"/>
+        <vers num="1.8.0.0" edition="beta4"/>
+        <vers num="1.8.0.0" edition="beta5"/>
+        <vers num="1.8.0.0" edition="rc1"/>
+        <vers num="1.8.0.0" edition="rc2"/>
+        <vers num="1.8.0.0" edition="rc3"/>
+        <vers num="1.8.0.0" edition="rc4"/>
+        <vers num="1.8.0.0" edition="rc5"/>
+        <vers num="1.8.1.0" edition="-"/>
+        <vers num="1.8.1.0" edition="rc1"/>
+        <vers num="1.8.10.0" edition="-"/>
+        <vers num="1.8.10.0" edition="rc1"/>
+        <vers num="1.8.10.0" edition="rc2"/>
+        <vers num="1.8.10.0" edition="rc3"/>
+        <vers num="1.8.10.0" edition="rc4"/>
+        <vers num="1.8.11.0" edition="-"/>
+        <vers num="1.8.11.0" edition="rc1"/>
+        <vers num="1.8.11.0" edition="rc2"/>
+        <vers num="1.8.11.0" edition="rc3"/>
+        <vers num="1.8.12.0" edition="-"/>
+        <vers num="1.8.12.0" edition="rc1"/>
+        <vers num="1.8.12.0" edition="rc2"/>
+        <vers num="1.8.12.0" edition="rc3"/>
+        <vers num="1.8.13.0" edition="-"/>
+        <vers num="1.8.13.0" edition="rc1"/>
+        <vers num="1.8.13.0" edition="rc2"/>
+        <vers num="1.8.14.0" edition="rc1"/>
+        <vers num="1.8.14.0" edition="rc2"/>
+        <vers num="1.8.15" edition="-"/>
+        <vers num="1.8.15" edition="cert1"/>
+        <vers num="1.8.15" edition="cert1_rc1"/>
+        <vers num="1.8.15" edition="cert1_rc2"/>
+        <vers num="1.8.15" edition="cert1_rc3"/>
+        <vers num="1.8.15" edition="cert2"/>
+        <vers num="1.8.15" edition="cert3"/>
+        <vers num="1.8.15" edition="cert4"/>
+        <vers num="1.8.2.0" edition="-"/>
+        <vers num="1.8.2.0" edition="rc1"/>
+        <vers num="1.8.3.0" edition="-"/>
+        <vers num="1.8.3.0" edition="rc1"/>
+        <vers num="1.8.3.0" edition="rc2"/>
+        <vers num="1.8.3.0" edition="rc3"/>
+        <vers num="1.8.4.0" edition="-"/>
+        <vers num="1.8.4.0" edition="rc1"/>
+        <vers num="1.8.4.0" edition="rc2"/>
+        <vers num="1.8.4.0" edition="rc3"/>
+        <vers num="1.8.5.0" edition="-"/>
+        <vers num="1.8.5.0" edition="rc1"/>
+        <vers num="1.8.6.0" edition="-"/>
+        <vers num="1.8.6.0" edition="rc1"/>
+        <vers num="1.8.6.0" edition="rc2"/>
+        <vers num="1.8.6.0" edition="rc3"/>
+        <vers num="1.8.7.0" edition="-"/>
+        <vers num="1.8.7.0" edition="rc1"/>
+        <vers num="1.8.7.0" edition="rc2"/>
+        <vers num="1.8.8.0" edition="-"/>
+        <vers num="1.8.8.0" edition="rc1"/>
+        <vers num="1.8.8.0" edition="rc2"/>
+        <vers num="1.8.8.0" edition="rc3"/>
+        <vers num="1.8.8.0" edition="rc4"/>
+        <vers num="1.8.8.0" edition="rc5"/>
+        <vers num="1.8.9.0" edition="-"/>
+        <vers num="1.8.9.0" edition="rc1"/>
+        <vers num="1.8.9.0" edition="rc2"/>
+        <vers num="1.8.9.0" edition="rc3"/>
+        <vers num="11.6" edition="cert1"/>
+        <vers num="11.6" edition="cert1_rc1"/>
+        <vers num="11.6" edition="cert1_rc2"/>
+        <vers num="11.6.0" edition="-"/>
+        <vers num="11.6.0" edition="rc1"/>
+        <vers num="11.6.0" edition="rc2"/>
+      </prod>
+      <prod vendor="fedoraproject" name="fedora">
+        <vers num="19"/>
+        <vers num="20"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2288" published="2014-04-18" name="CVE-2014-2288" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff" source="MISC" patch="1">http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff</ref>
+      <ref url="https://issues.asterisk.org/jira/browse/ASTERISK-23210" source="CONFIRM">https://issues.asterisk.org/jira/browse/ASTERISK-23210</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html" source="FEDORA">FEDORA-2014-3762</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html" source="FEDORA">FEDORA-2014-3779</ref>
+      <ref url="http://downloads.asterisk.org/pub/security/AST-2014-003.html" source="CONFIRM" adv="1">http://downloads.asterisk.org/pub/security/AST-2014-003.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="digium" name="asterisk">
+        <vers num="12.0.0"/>
+        <vers num="12.1.0" edition="-"/>
+        <vers num="12.1.0" edition="rc1"/>
+        <vers num="12.1.0" edition="rc2"/>
+        <vers num="12.1.0" edition="rc3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2289" published="2014-04-18" name="CVE-2014-2289" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:N/A:P)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://downloads.asterisk.org/pub/security/AST-2014-004.html" source="CONFIRM" patch="1" adv="1">http://downloads.asterisk.org/pub/security/AST-2014-004.html</ref>
+      <ref url="http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff" source="MISC" patch="1">http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff</ref>
+      <ref url="https://issues.asterisk.org/jira/browse/ASTERISK-23139" source="CONFIRM">https://issues.asterisk.org/jira/browse/ASTERISK-23139</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html" source="FEDORA">FEDORA-2014-3762</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html" source="FEDORA">FEDORA-2014-3779</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="digium" name="asterisk">
+        <vers num="12.0.0"/>
+        <vers num="12.1.0" edition="rc1"/>
+        <vers num="12.1.0" edition="rc2"/>
+        <vers num="12.1.0" edition="rc3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2291" published="2014-03-14" name="CVE-2014-2291" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10617" source="CONFIRM" adv="1">https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10617</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91770" source="XF">juniper-junos-cve20142291-xss(91770)</ref>
+      <ref url="http://secunia.com/advisories/57375" source="SECUNIA">57375</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="ive_os">
+        <vers num="7.1"/>
+        <vers num="7.3"/>
+        <vers num="7.4"/>
+        <vers num="8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2292" published="2014-03-14" name="CVE-2014-2292" modified="2014-03-17" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10616" source="CONFIRM" adv="1">https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10616</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="ive_os">
+        <vers num="7.1"/>
+        <vers num="7.3"/>
+        <vers num="7.4"/>
+        <vers num="8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2299" published="2014-03-11" name="CVE-2014-2299" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f567435ac7140c96a5de56dbce3d5e7659af4d09" source="CONFIRM" patch="1">https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f567435ac7140c96a5de56dbce3d5e7659af4d09</ref>
+      <ref url="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843" source="CONFIRM">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843</ref>
+      <ref url="http://www.wireshark.org/security/wnpa-sec-2014-04.html" source="CONFIRM" adv="1">http://www.wireshark.org/security/wnpa-sec-2014-04.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2871" source="DEBIAN">DSA-2871</ref>
+      <ref url="http://secunia.com/advisories/57489" source="SECUNIA">57489</ref>
+      <ref url="http://secunia.com/advisories/57480" source="SECUNIA">57480</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0342.html" source="REDHAT">RHSA-2014:0342</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0341.html" source="REDHAT">RHSA-2014:0341</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" source="SUSE">openSUSE-SU-2014:0383</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" source="SUSE">openSUSE-SU-2014:0382</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="wireshark" name="wireshark">
+        <vers num="1.10.0"/>
+        <vers num="1.10.1"/>
+        <vers num="1.10.2"/>
+        <vers num="1.10.3"/>
+        <vers num="1.10.4"/>
+        <vers num="1.10.5"/>
+        <vers num="1.8.0"/>
+        <vers num="1.8.1"/>
+        <vers num="1.8.10"/>
+        <vers num="1.8.11"/>
+        <vers num="1.8.12"/>
+        <vers num="1.8.2"/>
+        <vers num="1.8.3"/>
+        <vers num="1.8.4"/>
+        <vers num="1.8.5"/>
+        <vers num="1.8.6"/>
+        <vers num="1.8.7"/>
+        <vers num="1.8.8"/>
+        <vers num="1.8.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2309" published="2014-03-11" name="CVE-2014-2309" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="6.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.5" CVSS_base_score="6.1">
+    <desc>
+      <descript source="cve">The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39" source="CONFIRM" patch="1">http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39</ref>
+      <ref url="http://www.securitytracker.com/id/1029894" source="SECTRACK">1029894</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/08/1" source="MLIST">[oss-security] 20140307 Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding</ref>
+      <ref url="http://secunia.com/advisories/57250" source="SECUNIA">57250</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers prev="1" num="3.13.6"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2310" published="2014-04-17" name="CVE-2014-2310" modified="2014-04-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684388</ref>
+      <ref url="http://ubuntu.com/usn/usn-2166-1" source="UBUNTU">USN-2166-1</ref>
+      <ref url="http://sourceforge.net/p/net-snmp/patches/1113/" source="CONFIRM">http://sourceforge.net/p/net-snmp/patches/1113/</ref>
+      <ref url="http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/" source="CONFIRM">http://sourceforge.net/p/net-snmp/code/ci/eb816330a1887798d844d2fd5dc6482002123cbd/</ref>
+      <ref url="http://secunia.com/advisories/57870" source="SECUNIA" adv="1">57870</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/527" source="MLIST">[oss-security] 20140307 Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/513" source="MLIST">[oss-security] 20140306 CVE request: net-snmp agentx incorrect handling of multi-object requests DoS</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="net-snmp" name="net-snmp">
+        <vers prev="1" num="5.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2311" published="2014-03-11" name="CVE-2014-2311" modified="2014-03-12" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/09/3" source="MLIST">[oss-security] 20140308 Re: CVE request: SQL injection in MODX Revolution before 2.2.13</ref>
+      <ref url="http://modx.com/blog/2014/03/07/revolution-2.2.13/" source="CONFIRM" adv="1">http://modx.com/blog/2014/03/07/revolution-2.2.13/</ref>
+      <ref url="http://forums.modx.com/thread/89486/modx-revolution-2-x-sql-injection" source="CONFIRM">http://forums.modx.com/thread/89486/modx-revolution-2-x-sql-injection</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="modx" name="modx_revolution">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2" edition="pl1"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.2.0"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers num="2.2.11"/>
+        <vers num="2.2.12"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2313" published="2014-03-09" name="CVE-2014-2313" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors.</descript>
+    </desc>
+    <sols>
+      <sol source="nvd">Per: https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26
+
+"Issue 2: Path traversal in JIRA Importers plugin (Windows only)"</sol>
+    </sols>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26" source="CONFIRM" adv="1">https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="atlassian" name="jira">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers num="6.0.3"/>
+        <vers prev="1" num="6.0.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2314" published="2014-03-09" name="CVE-2014-2314" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.</descript>
+    </desc>
+    <sols>
+      <sol source="nvd">Per: https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26
+
+"Issue 1: Path traversal in JIRA Issue Collector plugin (Windows only)"</sol>
+    </sols>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26" source="CONFIRM" adv="1">https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="atlassian" name="jira">
+        <vers num="6.0"/>
+        <vers num="6.0.1"/>
+        <vers num="6.0.2"/>
+        <vers prev="1" num="6.0.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2315" published="2014-03-09" name="CVE-2014-2315" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91474" source="XF">thanks-you-wordpress-xss(91474)</ref>
+      <ref url="http://packetstormsecurity.com/files/125397" source="MISC">http://packetstormsecurity.com/files/125397</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="shinephp" name="thank_you_counter_button">
+        <vers num="1.8.7" edition=":~~~wordpress~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2316" published="2014-03-09" name="CVE-2014-2316" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://wordpress.org/plugins/search-everything/changelog/" source="CONFIRM">http://wordpress.org/plugins/search-everything/changelog/</ref>
+      <ref url="http://secunia.com/advisories/56820" source="SECUNIA" adv="1">56820</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="zemanta" name="search_everything">
+        <vers num="7.0.2" edition=":~~~wordpress~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2317" published="2014-03-09" name="CVE-2014-2317" modified="2014-03-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter.  NOTE: some of these details are obtained from third party information.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.opendocman.com/opendocman-v1-2-7-2-released" source="MISC" patch="1" adv="1">http://www.opendocman.com/opendocman-v1-2-7-2-released</ref>
+      <ref url="http://www.securityfocus.com/bid/65775" source="BID">65775</ref>
+      <ref url="http://secunia.com/advisories/56189" source="SECUNIA" adv="1">56189</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="opendocman" name="opendocman">
+        <vers num="1.2.6.2" edition="-"/>
+        <vers num="1.2.6.2" edition="a"/>
+        <vers num="1.2.6.2" edition="b"/>
+        <vers num="1.2.6.3" edition="-"/>
+        <vers num="1.2.6.3" edition="a"/>
+        <vers num="1.2.6.5"/>
+        <vers num="1.2.6.6"/>
+        <vers num="1.2.6.7" edition="-"/>
+        <vers num="1.2.6.7" edition="beta"/>
+        <vers num="1.2.6.8"/>
+        <vers num="1.2.7"/>
+        <vers prev="1" num="1.2.7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2318" published="2014-03-11" name="CVE-2014-2318" modified="2014-03-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91543" source="XF">netvolution-m-sql-injection(91543)</ref>
+      <ref url="http://www.securityfocus.com/bid/65942" source="BID">65942</ref>
+      <ref url="http://packetstormsecurity.com/files/125507" source="MISC">http://packetstormsecurity.com/files/125507</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="atcom" name="netvolution">
+        <vers num="3.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2319" published="2014-03-14" name="CVE-2014-2319" modified="2014-03-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/" source="CONFIRM" adv="1">http://www.powerarchiver.com/2014/03/12/powerarchiver-2013-14-02-05-released/</ref>
+      <ref url="http://int21.de/cve/CVE-2014-2319-powerarchiver.html" source="MISC">http://int21.de/cve/CVE-2014-2319-powerarchiver.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="powerarchiver" name="powerarchiver">
+        <vers num="14.00"/>
+        <vers num="14.01"/>
+        <vers num="14.02"/>
+        <vers prev="1" num="14.02.03"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2321" published="2014-03-11" name="CVE-2014-2321" modified="2014-03-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.</descript>
+    </desc>
+    <sols>
+      <sol source="nvd">Per: http://www.kb.cert.org/vuls/id/600724
+
+" It has been reported that the web_shell_cmd.gch script is sometimes accessible from the WAN interface making exploitation of this backdoor from the Internet possible in certain cases. "</sol>
+    </sols>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/600724" source="CERT-VN">VU#600724</ref>
+      <ref url="https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor" source="MISC">https://community.rapid7.com/community/infosec/blog/2014/03/03/disclosure-r7-2013-18-zte-f460-and-zte-f660-webshellcmdgch-backdoor</ref>
+      <ref url="http://www.myxzy.com/post-411.html" source="MISC">http://www.myxzy.com/post-411.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="zte" name="f460">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="zte" name="f660">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-2322" published="2014-05-02" name="CVE-2014-2322" modified="2014-05-02">
+    <desc>
+      <descript source="cve">lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.</descript>
+    </desc>
+    <refs>
+      <ref url="http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html" source="MISC">http://www.vapid.dhs.org/advisories/arabic-ruby-gem.html</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/12/6" source="MLIST">[oss-security] 20140312 Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/10/8" source="MLIST">[oss-security] 20140310 Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem</ref>
+    </refs>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2323" published="2014-03-14" name="CVE-2014-2323" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.lighttpd.net/2014/3/12/1.4.35/" source="CONFIRM" patch="1" adv="1">http://www.lighttpd.net/2014/3/12/1.4.35/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2877" source="DEBIAN">DSA-2877</ref>
+      <ref url="http://secunia.com/advisories/57514" source="SECUNIA">57514</ref>
+      <ref url="http://secunia.com/advisories/57404" source="SECUNIA">57404</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/564" source="MLIST">[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/561" source="MLIST">[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html" source="SUSE">openSUSE-SU-2014:0496</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html" source="SUSE">SUSE-SU-2014:0474</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html" source="SUSE">openSUSE-SU-2014:0449</ref>
+      <ref url="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt" source="CONFIRM" adv="1">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="lighttpd" name="lighttpd">
+        <vers num="1.3.16"/>
+        <vers num="1.4.10"/>
+        <vers num="1.4.11"/>
+        <vers num="1.4.12"/>
+        <vers num="1.4.13"/>
+        <vers num="1.4.14"/>
+        <vers num="1.4.15"/>
+        <vers num="1.4.16"/>
+        <vers num="1.4.17"/>
+        <vers num="1.4.18"/>
+        <vers num="1.4.19"/>
+        <vers num="1.4.20"/>
+        <vers num="1.4.21"/>
+        <vers num="1.4.22"/>
+        <vers num="1.4.23"/>
+        <vers num="1.4.24"/>
+        <vers num="1.4.25"/>
+        <vers num="1.4.26"/>
+        <vers num="1.4.27"/>
+        <vers num="1.4.28"/>
+        <vers num="1.4.29"/>
+        <vers num="1.4.3"/>
+        <vers num="1.4.30"/>
+        <vers num="1.4.31"/>
+        <vers num="1.4.32"/>
+        <vers num="1.4.33"/>
+        <vers prev="1" num="1.4.34"/>
+        <vers num="1.4.4"/>
+        <vers num="1.4.5"/>
+        <vers num="1.4.6"/>
+        <vers num="1.4.7"/>
+        <vers num="1.4.8"/>
+        <vers num="1.4.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2324" published="2014-03-14" name="CVE-2014-2324" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.lighttpd.net/2014/3/12/1.4.35/" source="CONFIRM" patch="1" adv="1">http://www.lighttpd.net/2014/3/12/1.4.35/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2877" source="DEBIAN">DSA-2877</ref>
+      <ref url="http://secunia.com/advisories/57514" source="SECUNIA">57514</ref>
+      <ref url="http://secunia.com/advisories/57404" source="SECUNIA">57404</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/564" source="MLIST">[oss-security] 20140312 Re: lighttpd 1.4.34 SQL injection and path traversal CVE request</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/561" source="MLIST">[oss-security] 20140312 lighttpd 1.4.34 SQL injection and path traversal CVE request</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00006.html" source="SUSE">openSUSE-SU-2014:0496</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00002.html" source="SUSE">SUSE-SU-2014:0474</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00023.html" source="SUSE">openSUSE-SU-2014:0449</ref>
+      <ref url="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt" source="CONFIRM" adv="1">http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="lighttpd" name="lighttpd">
+        <vers num="1.3.16"/>
+        <vers num="1.4.10"/>
+        <vers num="1.4.11"/>
+        <vers num="1.4.12"/>
+        <vers num="1.4.13"/>
+        <vers num="1.4.14"/>
+        <vers num="1.4.15"/>
+        <vers num="1.4.16"/>
+        <vers num="1.4.17"/>
+        <vers num="1.4.18"/>
+        <vers num="1.4.19"/>
+        <vers num="1.4.20"/>
+        <vers num="1.4.21"/>
+        <vers num="1.4.22"/>
+        <vers num="1.4.23"/>
+        <vers num="1.4.24"/>
+        <vers num="1.4.25"/>
+        <vers num="1.4.26"/>
+        <vers num="1.4.27"/>
+        <vers num="1.4.28"/>
+        <vers num="1.4.29"/>
+        <vers num="1.4.3"/>
+        <vers num="1.4.30"/>
+        <vers num="1.4.31"/>
+        <vers num="1.4.32"/>
+        <vers num="1.4.33"/>
+        <vers prev="1" num="1.4.34"/>
+        <vers num="1.4.4"/>
+        <vers num="1.4.5"/>
+        <vers num="1.4.6"/>
+        <vers num="1.4.7"/>
+        <vers num="1.4.8"/>
+        <vers num="1.4.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2325" published="2014-03-14" name="CVE-2014-2325" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://proxmox.com/news/archive/view/listid-1-proxmox-newsletter/mailid-48-proxmox-newsletter-march-2014-proxmox-ve-3-2-released/tmpl-component" source="CONFIRM" patch="1" adv="1">http://proxmox.com/news/archive/view/listid-1-proxmox-newsletter/mailid-48-proxmox-newsletter-march-2014-proxmox-ve-3-2-released/tmpl-component</ref>
+      <ref url="http://www.securityfocus.com/bid/66169" source="BID">66169</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/110" source="FULLDISC">20140312 Multiplus XSS in Proxmox Mail Gateway 3.1 (CVE-2014-2325)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="proxmox" name="mail_gateway">
+        <vers num="3.0"/>
+        <vers num="3.1"/>
+        <vers num="3.1-5670"/>
+        <vers num="3.1-5673"/>
+        <vers prev="1" num="3.1-5741"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2326" published="2014-03-27" name="CVE-2014-2326" modified="2014-03-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Cacti 0.8.7g allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/66390" source="BID">66390</ref>
+      <ref url="http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html" source="MISC">http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cacti" name="cacti">
+        <vers num="0.8.7g"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2327" published="2014-04-23" name="CVE-2014-2327" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768</ref>
+      <ref url="http://www.securityfocus.com/bid/66392" source="BID">66392</ref>
+      <ref url="http://www.securityfocus.com/archive/1/531588" source="BUGTRAQ">20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cacti" name="cacti">
+        <vers num="0.8.7"/>
+        <vers num="0.8.7a"/>
+        <vers num="0.8.7b"/>
+        <vers num="0.8.7c"/>
+        <vers num="0.8.7d"/>
+        <vers num="0.8.7e"/>
+        <vers num="0.8.7f"/>
+        <vers prev="1" num="0.8.7g"/>
+        <vers num="0.8.8"/>
+        <vers num="0.8.8a"/>
+        <vers prev="1" num="0.8.8b"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2328" published="2014-04-23" name="CVE-2014-2328" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.</descript>
+      <descript source="nvd">Per: https://cwe.mitre.org/data/definitions/77.html
+
+"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://svn.cacti.net/viewvc?view=rev&amp;revision=7442" source="CONFIRM" patch="1">http://svn.cacti.net/viewvc?view=rev&amp;revision=7442</ref>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768</ref>
+      <ref url="http://www.securityfocus.com/bid/66387" source="BID">66387</ref>
+      <ref url="http://www.securityfocus.com/archive/1/531588" source="BUGTRAQ">20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html" source="FEDORA">FEDORA-2014-4892</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html" source="FEDORA">FEDORA-2014-4928</ref>
+      <ref url="http://bugs.cacti.net/view.php?id=2433" source="CONFIRM">http://bugs.cacti.net/view.php?id=2433</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cacti" name="cacti">
+        <vers num="0.8.7"/>
+        <vers num="0.8.7a"/>
+        <vers num="0.8.7b"/>
+        <vers num="0.8.7c"/>
+        <vers num="0.8.7d"/>
+        <vers num="0.8.7e"/>
+        <vers num="0.8.7f"/>
+        <vers prev="1" num="0.8.7g"/>
+        <vers num="0.8.8"/>
+        <vers num="0.8.8a"/>
+        <vers prev="1" num="0.8.8b"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2333" published="2014-04-11" name="CVE-2014-2333" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:P/A:N)" CVSS_score="2.6" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag.  NOTE: some of these details are obtained from third party information.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/66756" source="BID">66756</ref>
+      <ref url="http://wordpress.org/plugins/lazyest-gallery/changelog" source="CONFIRM">http://wordpress.org/plugins/lazyest-gallery/changelog</ref>
+      <ref url="http://secunia.com/advisories/57746" source="SECUNIA" adv="1">57746</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="marcel_brinkkemper" name="lazyest-gallery">
+        <vers num="1.1" edition=":~~~wordpress~~"/>
+        <vers num="1.1.1" edition=":~~~wordpress~~"/>
+        <vers num="1.1.1.1" edition=":~~~wordpress~~"/>
+        <vers num="1.1.10" edition=":~~~wordpress~~"/>
+        <vers num="1.1.10.1" edition=":~~~wordpress~~"/>
+        <vers num="1.1.11" edition=":~~~wordpress~~"/>
+        <vers num="1.1.12" edition=":~~~wordpress~~"/>
+        <vers num="1.1.13" edition=":~~~wordpress~~"/>
+        <vers num="1.1.14" edition=":~~~wordpress~~"/>
+        <vers num="1.1.15" edition=":~~~wordpress~~"/>
+        <vers num="1.1.16" edition=":~~~wordpress~~"/>
+        <vers num="1.1.17.1" edition=":~~~wordpress~~"/>
+        <vers num="1.1.17.2" edition=":~~~wordpress~~"/>
+        <vers num="1.1.17.4" edition=":~~~wordpress~~"/>
+        <vers num="1.1.18" edition=":~~~wordpress~~"/>
+        <vers num="1.1.19" edition=":~~~wordpress~~"/>
+        <vers num="1.1.19.1" edition=":~~~wordpress~~"/>
+        <vers num="1.1.2.1" edition=":~~~wordpress~~"/>
+        <vers prev="1" num="1.1.20" edition=":~~~wordpress~~"/>
+        <vers num="1.1.3" edition=":~~~wordpress~~"/>
+        <vers num="1.1.3.1" edition=":~~~wordpress~~"/>
+        <vers num="1.1.3.2" edition=":~~~wordpress~~"/>
+        <vers num="1.1.3.3" edition=":~~~wordpress~~"/>
+        <vers num="1.1.4" edition=":~~~wordpress~~"/>
+        <vers num="1.1.5" edition=":~~~wordpress~~"/>
+        <vers num="1.1.6" edition=":~~~wordpress~~"/>
+        <vers num="1.1.7" edition=":~~~wordpress~~"/>
+        <vers num="1.1.7.1" edition=":~~~wordpress~~"/>
+        <vers num="1.1.8" edition=":~~~wordpress~~"/>
+        <vers num="1.1.8.1" edition=":~~~wordpress~~"/>
+        <vers num="1.1.9" edition=":~~~wordpress~~"/>
+        <vers num="1.1.9.1" edition=":~~~wordpress~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2338" published="2014-04-16" name="CVE-2014-2338" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html" source="CONFIRM" adv="1">http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2903" source="DEBIAN">DSA-2903</ref>
+      <ref url="http://secunia.com/advisories/57823" source="SECUNIA">57823</ref>
+      <ref url="http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00010.html" source="SUSE">SUSE-SU-2014:0529</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="strongswan" name="strongswan">
+        <vers num="4.0.7"/>
+        <vers num="4.1.0"/>
+        <vers num="4.1.1"/>
+        <vers num="4.1.10"/>
+        <vers num="4.1.11"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.3"/>
+        <vers num="4.1.4"/>
+        <vers num="4.1.5"/>
+        <vers num="4.1.6"/>
+        <vers num="4.1.7"/>
+        <vers num="4.1.8"/>
+        <vers num="4.1.9"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.10"/>
+        <vers num="4.2.11"/>
+        <vers num="4.2.12"/>
+        <vers num="4.2.13"/>
+        <vers num="4.2.14"/>
+        <vers num="4.2.15"/>
+        <vers num="4.2.16"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.2.4"/>
+        <vers num="4.2.5"/>
+        <vers num="4.2.6"/>
+        <vers num="4.2.7"/>
+        <vers num="4.2.8"/>
+        <vers num="4.2.9"/>
+        <vers num="4.3.0"/>
+        <vers num="4.3.1"/>
+        <vers num="4.3.2"/>
+        <vers num="4.3.3"/>
+        <vers num="4.3.4"/>
+        <vers num="4.3.5"/>
+        <vers num="4.3.6"/>
+        <vers num="4.3.7"/>
+        <vers num="4.4.0"/>
+        <vers num="4.4.1"/>
+        <vers num="4.5.0"/>
+        <vers num="4.5.1"/>
+        <vers num="4.5.2"/>
+        <vers num="4.5.3"/>
+        <vers num="4.6.0"/>
+        <vers num="4.6.1"/>
+        <vers num="4.6.2"/>
+        <vers num="4.6.3"/>
+        <vers num="4.6.4"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.0.3"/>
+        <vers num="5.0.4"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2339" published="2014-03-19" name="CVE-2014-2339" modified="2014-03-20" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91814" source="XF">gnuboard-cve20142339-sql-injection(91814)</ref>
+      <ref url="http://www.securityfocus.com/bid/66228" source="BID">66228</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/299" source="FULLDISC">20140317 [CVE-2014-2339] GNUboard SQL Injection Vulnerability</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sir" name="gnuboard">
+        <vers num="4.31.3"/>
+        <vers num="4.31.4"/>
+        <vers num="4.33.2"/>
+        <vers num="4.34.20"/>
+        <vers num="4.34.21"/>
+        <vers prev="1" num="5.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2340" published="2014-04-03" name="CVE-2014-2340" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23206" source="MISC">https://www.htbridge.com/advisory/HTB23206</ref>
+      <ref url="http://www.securityfocus.com/bid/66280" source="BID">66280</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531712/100/0/threaded" source="BUGTRAQ">20140402 &amp;ETH;&amp;iexcl;ross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin</ref>
+      <ref url="http://www.exploit-db.com/exploits/32701" source="EXPLOIT-DB">32701</ref>
+      <ref url="http://wordpress.org/plugins/xcloner-backup-and-restore/changelog/" source="CONFIRM">http://wordpress.org/plugins/xcloner-backup-and-restore/changelog/</ref>
+      <ref url="http://secunia.com/advisories/57362" source="SECUNIA" adv="1">57362</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xcloner" name="xcloner">
+        <vers num="2.1" edition=":~~~wordpress~~"/>
+        <vers num="2.1.2" edition=":~~~wordpress~~"/>
+        <vers num="2.2.1" edition=":~~~wordpress~~"/>
+        <vers num="3.0" edition=":~~~wordpress~~"/>
+        <vers num="3.0.1" edition=":~~~wordpress~~"/>
+        <vers num="3.0.2" edition=":~~~wordpress~~"/>
+        <vers num="3.0.3" edition=":~~~wordpress~~"/>
+        <vers num="3.0.4" edition=":~~~wordpress~~"/>
+        <vers num="3.0.5" edition=":~~~wordpress~~"/>
+        <vers num="3.0.6" edition=":~~~wordpress~~"/>
+        <vers num="3.0.7" edition=":~~~wordpress~~"/>
+        <vers num="3.0.8" edition=":~~~wordpress~~"/>
+        <vers prev="1" num="3.1.0" edition=":~~~wordpress~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2341" published="2014-04-22" name="CVE-2014-2341" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92526" source="XF">cubecart-cve20142341-session-hijacking(92526)</ref>
+      <ref url="http://www.securitytracker.com/id/1030086" source="SECTRACK">1030086</ref>
+      <ref url="http://www.securityfocus.com/bid/66805" source="BID">66805</ref>
+      <ref url="http://www.osvdb.org/105784" source="OSVDB">105784</ref>
+      <ref url="http://www.exploit-db.com/exploits/32830" source="EXPLOIT-DB">32830</ref>
+      <ref url="http://secunia.com/advisories/57856" source="SECUNIA">57856</ref>
+      <ref url="http://forums.cubecart.com/topic/48427-cubecart-529-relased/" source="CONFIRM">http://forums.cubecart.com/topic/48427-cubecart-529-relased/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cubecart" name="cubecart">
+        <vers num="5.2.0"/>
+        <vers num="5.2.1"/>
+        <vers num="5.2.2"/>
+        <vers num="5.2.3"/>
+        <vers num="5.2.4"/>
+        <vers num="5.2.5"/>
+        <vers num="5.2.6"/>
+        <vers num="5.2.7"/>
+        <vers prev="1" num="5.2.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2383" published="2014-04-28" name="CVE-2014-2383" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/" source="MISC">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/</ref>
+      <ref url="https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028" source="CONFIRM">https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531912/100/0/threaded" source="BUGTRAQ">20140423 CVE-2014-2383 - Arbitrary file read in dompdf</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/258" source="FULLDISC">20140423 CVE-2014-2383 - Arbitrary file read in dompdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="dompdf" name="dompdf">
+        <vers prev="1" num="0.6.0" edition="beta3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2384" published="2014-04-15" name="CVE-2014-2384" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="4.9" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.9" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player 6.0.1 build 1379776 on Windows might allow local users to cause a denial of service (read access violation and system crash) via a crafted buffer in an IOCTL call.  NOTE: the researcher reports "Vendor rated issue as non-exploitable."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/" source="MISC">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2384/</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/163" source="FULLDISC">20140411 CVE-2014-2384 - Invalid Pointer Dereference in VMware Workstation and Player</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="vmware" name="player">
+        <vers num="6.0.1_build_1379776"/>
+      </prod>
+      <prod vendor="vmware" name="workstation">
+        <vers num="10.0.1_build_1379776"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2386" published="2014-03-25" name="CVE-2014-2386" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d" source="CONFIRM" patch="1">https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d</ref>
+      <ref url="https://dev.icinga.org/issues/5663" source="CONFIRM">https://dev.icinga.org/issues/5663</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-03/msg00072.html" source="SUSE">openSUSE-SU-2014:0420</ref>
+      <ref url="http://comments.gmane.org/gmane.comp.security.oss.general/12355" source="MLIST">[oss-security] 20140313 CVE request for icinga 1 byte \0 overflows</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="icinga" name="icinga">
+        <vers num="1.10.0"/>
+        <vers num="1.10.1"/>
+        <vers prev="1" num="1.10.2"/>
+      </prod>
+      <prod vendor="novell" name="opensuse">
+        <vers num="12.3"/>
+        <vers num="13.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2389" published="2014-04-12" name="CVE-2014-2389" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in a certain decryption function in qconnDoor on Blackberry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0036.html" source="BUGTRAQ">20140408 BlackBerry Z 10 - Buffer Overflow in qconnDoor [MZ-13-05]</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="blackberry" name="blackberry_z10">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="blackberry" name="blackberry_os">
+        <vers num="10.1.0.2312"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2391" published="2014-04-24" name="CVE-2014-2391" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potentially useful password-pattern information by reading (1) a web-server access log, (2) a web-server Referer log, or (3) browser history that contains this string because of its presence in a GET request.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/531762" source="BUGTRAQ">20140408 Open-Xchange Security Advisory 2014-04-08</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="open-xchange" name="open-xchange_appsuite">
+        <vers num="7.2.0"/>
+        <vers num="7.2.1"/>
+        <vers prev="1" num="7.2.2"/>
+        <vers num="7.4.1"/>
+        <vers num="7.4.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2392" published="2014-04-24" name="CVE-2014-2392" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/531762" source="BUGTRAQ">20140408 Open-Xchange Security Advisory 2014-04-08</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="open-xchange" name="open-xchange_appsuite">
+        <vers num="7.2.0"/>
+        <vers num="7.2.1"/>
+        <vers prev="1" num="7.2.2"/>
+        <vers num="7.4.1"/>
+        <vers num="7.4.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2393" published="2014-04-24" name="CVE-2014-2393" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/531762" source="BUGTRAQ">20140408 Open-Xchange Security Advisory 2014-04-08</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="open-xchange" name="open-xchange_appsuite">
+        <vers num="7.2.0"/>
+        <vers num="7.2.1"/>
+        <vers prev="1" num="7.2.2"/>
+        <vers num="7.4.1"/>
+        <vers num="7.4.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2397" published="2014-04-15" name="CVE-2014-2397" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2398" published="2014-04-15" name="CVE-2014-2398" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="javafx">
+        <vers num="2.2.51"/>
+      </prod>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jrockit">
+        <vers num="r27.8.1"/>
+        <vers num="r28.3.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2399" published="2014-04-15" name="CVE-2014-2399" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+"Please refer to My Oracle Support Note 1629648.1 for instructions on how to address this issue."</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="2.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2400" published="2014-04-15" name="CVE-2014-2400" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2399.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+"Please refer to My Oracle Support Note 1629648.1 for instructions on how to address this issue."</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="2.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2401" published="2014-04-15" name="CVE-2014-2401" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="javafx">
+        <vers num="2.2.51"/>
+      </prod>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2402" published="2014-04-15" name="CVE-2014-2402" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455.</descript>
+      <descript source="nvd">per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+
+Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2403" published="2014-04-15" name="CVE-2014-2403" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP.</descript>
+      <descript source="nvd">per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+
+Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2404" published="2014-04-15" name="CVE-2014-2404" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to WebGate.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+"Please refer to My Oracle Support Note 1643382.1 for instructions on how to address this issue."</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="10.1.4.3"/>
+        <vers num="11.1.1.3.0"/>
+        <vers num="11.1.1.5.0"/>
+        <vers num="11.1.1.7.0"/>
+        <vers num="11.1.2.0"/>
+        <vers num="11.1.2.1.0"/>
+        <vers num="11.1.2.2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2406" published="2014-04-15" name="CVE-2014-2406" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:C/I:C/A:C)" CVSS_score="8.5" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="6.8" CVSS_base_score="8.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to "Advisor" and "Select Any Dictionary" privileges.</descript>
+      <descript source="nvd">Per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+"The CVSS Base Score is 8.5 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.0, and the impacts for Confidentiality, Integrity and Availability are Partial+."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="database_server">
+        <vers num="11.1.0.7"/>
+        <vers num="11.2.0.3"/>
+        <vers num="11.2.0.4"/>
+        <vers num="12.1.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2407" published="2014-04-15" name="CVE-2014-2407" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2415, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="11.1.1.3.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2408" published="2014-04-15" name="CVE-2014-2408" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:S/C:C/I:C/A:N)" CVSS_score="6.6" CVSS_impact_subscore="9.2" CVSS_exploit_subscore="3.9" CVSS_base_score="6.6">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to the "Grant Any Object Privilege."</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="database_server">
+        <vers num="11.1.0.7"/>
+        <vers num="11.2.0.3"/>
+        <vers num="11.2.0.4"/>
+        <vers num="12.1.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2409" published="2014-04-15" name="CVE-2014-2409" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2410" published="2014-04-15" name="CVE-2014-2410" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.</descript>
+      <descript source="nvd">per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2411" published="2014-04-15" name="CVE-2014-2411" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="identity_analytics">
+        <vers num="11.1.1.5"/>
+      </prod>
+      <prod vendor="oracle" name="sun_role_manager">
+        <vers num="5.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2412" published="2014-04-15" name="CVE-2014-2412" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2413" published="2014-04-15" name="CVE-2014-2413" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries.</descript>
+      <descript source="nvd">per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+
+Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.
+</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2414" published="2014-04-15" name="CVE-2014-2414" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2415" published="2014-04-15" name="CVE-2014-2415" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="11.1.1.3.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2416" published="2014-04-15" name="CVE-2014-2416" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2417, and CVE-2014-2418.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="11.1.1.3.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2417" published="2014-04-15" name="CVE-2014-2417" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2418.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="11.1.1.3.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2418" published="2014-04-15" name="CVE-2014-2418" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2417.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="11.1.1.3.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2419" published="2014-04-15" name="CVE-2014-2419" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers num="5.5.33"/>
+        <vers num="5.5.34"/>
+        <vers prev="1" num="5.5.35"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers prev="1" num="5.6.15"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2420" published="2014-04-15" name="CVE-2014-2420" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:P/A:N)" CVSS_score="2.6" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2421" published="2014-04-15" name="CVE-2014-2421" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="javafx">
+        <vers num="2.2.51"/>
+      </prod>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2422" published="2014-04-15" name="CVE-2014-2422" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.</descript>
+      <descript source="nvd">per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="javafx">
+        <vers num="2.2.51"/>
+      </prod>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2423" published="2014-04-15" name="CVE-2014-2423" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2424" published="2014-04-15" name="CVE-2014-2424" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="11.1.1.7.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2425" published="2014-04-15" name="CVE-2014-2425" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect confidentiality via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="8.0" edition="update2_patch5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2426" published="2014-04-15" name="CVE-2014-2426" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:P)" CVSS_score="4.9" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="6.8" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors related to Admin Console.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="8.0" edition="update2_patch5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2427" published="2014-04-15" name="CVE-2014-2427" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.</descript>
+      <descript source="nvd">per: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
+
+
+Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.5.0" edition="update_61"/>
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2428" published="2014-04-15" name="CVE-2014-2428" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:C/I:C/A:C)" CVSS_score="7.6" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="4.9" CVSS_base_score="7.6">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="jdk">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+      <prod vendor="oracle" name="jre">
+        <vers num="1.6.0" edition="update_71"/>
+        <vers num="1.7.0" edition="update_51"/>
+        <vers num="1.8.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2429" published="2014-04-15" name="CVE-2014-2429" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self Service component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Campus Mobile.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="9.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2430" published="2014-04-15" name="CVE-2014-2430" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:N/A:P)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers num="5.5.33"/>
+        <vers num="5.5.34"/>
+        <vers num="5.5.35"/>
+        <vers prev="1" num="5.5.36"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers num="5.6.15"/>
+        <vers prev="1" num="5.6.16"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2431" published="2014-04-15" name="CVE-2014-2431" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:N/I:N/A:P)" CVSS_score="2.6" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.9" CVSS_base_score="2.6">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers num="5.5.33"/>
+        <vers num="5.5.34"/>
+        <vers num="5.5.35"/>
+        <vers prev="1" num="5.5.36"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers num="5.6.15"/>
+        <vers prev="1" num="5.6.16"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2432" published="2014-04-15" name="CVE-2014-2432" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:M/C:N/I:N/A:P)" CVSS_score="2.8" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="5.5" CVSS_base_score="2.8">
+    <desc>
+      <descript source="cve">Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers num="5.5.33"/>
+        <vers num="5.5.34"/>
+        <vers prev="1" num="5.5.35"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers prev="1" num="5.6.15"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2433" published="2014-04-15" name="CVE-2014-2433" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote attackers to affect availability via unknown vectors related to Integration Broker.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2434" published="2014-04-15" name="CVE-2014-2434" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers prev="1" num="5.6.15"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2435" published="2014-04-15" name="CVE-2014-2435" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers prev="1" num="5.6.15"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2436" published="2014-04-15" name="CVE-2014-2436" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="6.0" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.8" CVSS_base_score="6.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers num="5.5.33"/>
+        <vers num="5.5.34"/>
+        <vers num="5.5.35"/>
+        <vers prev="1" num="5.5.36"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers num="5.6.15"/>
+        <vers prev="1" num="5.6.16"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2437" published="2014-04-15" name="CVE-2014-2437" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker, a different vulnerability than CVE-2014-2447.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2438" published="2014-04-15" name="CVE-2014-2438" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:N/A:P)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers num="5.5.33"/>
+        <vers num="5.5.34"/>
+        <vers prev="1" num="5.5.35"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers prev="1" num="5.6.15"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2439" published="2014-04-15" name="CVE-2014-2439" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Workspace Web Application.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="virtualization">
+        <vers num="5.0"/>
+        <vers num="5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2440" published="2014-04-15" name="CVE-2014-2440" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:P)" CVSS_score="5.1" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="4.9" CVSS_base_score="5.1">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mysql" name="mysql">
+        <vers num="5.5.0"/>
+        <vers num="5.5.1"/>
+        <vers num="5.5.2"/>
+        <vers num="5.5.3"/>
+        <vers num="5.5.4"/>
+        <vers num="5.5.5"/>
+        <vers num="5.5.6"/>
+        <vers num="5.5.7"/>
+        <vers num="5.5.8"/>
+        <vers num="5.5.9"/>
+      </prod>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.5.10"/>
+        <vers num="5.5.11"/>
+        <vers num="5.5.12"/>
+        <vers num="5.5.13"/>
+        <vers num="5.5.14"/>
+        <vers num="5.5.15"/>
+        <vers num="5.5.16"/>
+        <vers num="5.5.17"/>
+        <vers num="5.5.18"/>
+        <vers num="5.5.19"/>
+        <vers num="5.5.20"/>
+        <vers num="5.5.21"/>
+        <vers num="5.5.22"/>
+        <vers num="5.5.23"/>
+        <vers num="5.5.24"/>
+        <vers num="5.5.25" edition="a"/>
+        <vers num="5.5.26"/>
+        <vers num="5.5.27"/>
+        <vers num="5.5.28"/>
+        <vers num="5.5.29"/>
+        <vers num="5.5.30"/>
+        <vers num="5.5.31"/>
+        <vers num="5.5.32"/>
+        <vers num="5.5.33"/>
+        <vers num="5.5.34"/>
+        <vers num="5.5.35"/>
+        <vers prev="1" num="5.5.36"/>
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers num="5.6.15"/>
+        <vers prev="1" num="5.6.16"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2441" published="2014-04-15" name="CVE-2014-2441" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="4.4" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.4" CVSS_base_score="4.4">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="vm_virtualbox">
+        <vers num="4.1.0"/>
+        <vers num="4.1.10"/>
+        <vers num="4.1.12"/>
+        <vers num="4.1.14"/>
+        <vers num="4.1.16"/>
+        <vers num="4.1.18"/>
+        <vers num="4.1.2"/>
+        <vers num="4.1.20"/>
+        <vers num="4.1.22"/>
+        <vers num="4.1.24"/>
+        <vers num="4.1.26"/>
+        <vers num="4.1.28"/>
+        <vers prev="1" num="4.1.30"/>
+        <vers num="4.1.4"/>
+        <vers num="4.1.6"/>
+        <vers num="4.1.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2442" published="2014-04-15" name="CVE-2014-2442" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers prev="1" num="5.6.15"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2443" published="2014-04-15" name="CVE-2014-2443" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2444" published="2014-04-15" name="CVE-2014-2444" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers prev="1" num="5.6.15"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2445" published="2014-04-15" name="CVE-2014-2445" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2467.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="9.3.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2446" published="2014-04-15" name="CVE-2014-2446" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via vectors related to QAS.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2447" published="2014-04-15" name="CVE-2014-2447" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Integration Broker, a different vulnerability than CVE-2014-2437.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2448" published="2014-04-15" name="CVE-2014-2448" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect confidentiality via unknown vectors related to Install and Packaging.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="8.52"/>
+        <vers num="8.53"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2449" published="2014-04-15" name="CVE-2014-2449" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise HRMS Talent Acquisition Manager component in Oracle PeopleSoft Products 9.0, 9.1, and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="peoplesoft_products">
+        <vers num="9.0"/>
+        <vers num="9.1"/>
+        <vers num="9.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2450" published="2014-04-15" name="CVE-2014-2450" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers prev="1" num="5.6.15"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2451" published="2014-04-15" name="CVE-2014-2451" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:N/A:P)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="mysql">
+        <vers num="5.6.0"/>
+        <vers num="5.6.1"/>
+        <vers num="5.6.10"/>
+        <vers num="5.6.11"/>
+        <vers num="5.6.12"/>
+        <vers num="5.6.13"/>
+        <vers num="5.6.14"/>
+        <vers prev="1" num="5.6.15"/>
+        <vers num="5.6.2"/>
+        <vers num="5.6.3"/>
+        <vers num="5.6.4"/>
+        <vers num="5.6.5"/>
+        <vers num="5.6.6"/>
+        <vers num="5.6.7"/>
+        <vers num="5.6.8"/>
+        <vers num="5.6.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2452" published="2014-04-15" name="CVE-2014-2452" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to affect availability via unknown vectors related to Webserver Plugin.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="11.1.1.5.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2453" published="2014-04-15" name="CVE-2014-2453" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to User Interface.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="hyperion">
+        <vers num="11.1.2.2"/>
+        <vers num="11.1.2.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2454" published="2014-04-15" name="CVE-2014-2454" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via unknown vectors related to User Interface.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="hyperion">
+        <vers num="11.1.2.2"/>
+        <vers num="11.1.2.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2455" published="2014-04-15" name="CVE-2014-2455" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:P)" CVSS_score="6.0" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.8" CVSS_base_score="6.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Hyperion Common Admin component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to User Interface.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="hyperion">
+        <vers num="11.1.2.2"/>
+        <vers num="11.1.2.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2457" published="2014-04-15" name="CVE-2014-2457" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.0 and 6.1.0 allows remote attackers to affect integrity via unknown vectors related to Install.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="6.0.0"/>
+        <vers num="6.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2458" published="2014-04-15" name="CVE-2014-2458" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.1.0.3 and 6.1.1.3 allows remote attackers to affect integrity via unknown vectors related to Install.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="6.1.0.3"/>
+        <vers num="6.1.1.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2459" published="2014-04-15" name="CVE-2014-2459" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:H/Au:N/C:P/I:P/A:P)" CVSS_score="3.7" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="1.9" CVSS_base_score="3.7">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.2 and 6.3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Security.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="6.3.2"/>
+        <vers num="6.3.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2460" published="2014-04-15" name="CVE-2014-2460" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2, and 6.3.3 allows remote authenticated users to affect confidentiality via vectors related to CSV Management.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="5.5.06"/>
+        <vers num="6.0.0"/>
+        <vers num="6.1.0"/>
+        <vers num="6.1.2.0"/>
+        <vers num="6.3.0"/>
+        <vers num="6.3.1"/>
+        <vers num="6.3.2"/>
+        <vers num="6.3.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2461" published="2014-04-15" name="CVE-2014-2461" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.3.2, and 6.3.3 allows remote attackers to affect confidentiality via unknown vectors related to Security.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="5.5.06"/>
+        <vers num="6.0.0"/>
+        <vers num="6.1.0"/>
+        <vers num="6.1.2.0"/>
+        <vers num="6.3.0"/>
+        <vers num="6.3.1"/>
+        <vers num="6.3.2"/>
+        <vers num="6.3.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2463" published="2014-04-15" name="CVE-2014-2463" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related to Workspace Web Application.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="virtualization">
+        <vers num="4.63"/>
+        <vers num="4.71"/>
+        <vers num="5.0"/>
+        <vers num="5.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2464" published="2014-04-15" name="CVE-2014-2464" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:N/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="9.3.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2465" published="2014-04-15" name="CVE-2014-2465" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="9.3.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2466" published="2014-04-15" name="CVE-2014-2466" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:S/C:P/I:N/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="9.3.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2467" published="2014-04-15" name="CVE-2014-2467" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2445.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="supply_chain_products_suite">
+        <vers num="9.3.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2468" published="2014-04-15" name="CVE-2014-2468" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="siebel_crm">
+        <vers num="8.1.1"/>
+        <vers num="8.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2469" published="2014-04-17" name="CVE-2014-2469" modified="2014-04-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Lighthttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://blogs.oracle.com/sunsecurity/entry/cve_2014_2469_denial_of" source="CONFIRM">https://blogs.oracle.com/sunsecurity/entry/cve_2014_2469_denial_of</ref>
+      <ref url="http://www.securityfocus.com/bid/66599" source="BID">66599</ref>
+      <ref url="http://www.osvdb.org/105298" source="OSVDB">105298</ref>
+      <ref url="http://securitytracker.com/id?1029999" source="SECTRACK">1029999</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="sunos">
+        <vers num="5.11.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2470" published="2014-04-15" name="CVE-2014-2470" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="fusion_middleware">
+        <vers num="10.0.2"/>
+        <vers num="10.3.6"/>
+        <vers num="12.1.1"/>
+        <vers num="12.1.2.0.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2471" published="2014-04-15" name="CVE-2014-2471" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Pages.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" source="CONFIRM" adv="1">http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="ilearning">
+        <vers num="6.0"/>
+        <vers num="6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2497" published="2014-03-21" name="CVE-2014-2497" modified="2014-03-27" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1076676" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1076676</ref>
+      <ref url="https://bugs.php.net/bug.php?id=66901" source="CONFIRM">https://bugs.php.net/bug.php?id=66901</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="php" name="php">
+        <vers num="5.0.0" edition="beta1"/>
+        <vers num="5.0.0" edition="beta2"/>
+        <vers num="5.0.0" edition="beta3"/>
+        <vers num="5.0.0" edition="beta4"/>
+        <vers num="5.0.0" edition="rc1"/>
+        <vers num="5.0.0" edition="rc2"/>
+        <vers num="5.0.0" edition="rc3"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.0.3"/>
+        <vers num="5.0.4"/>
+        <vers num="5.0.5"/>
+        <vers num="5.1.0"/>
+        <vers num="5.1.1"/>
+        <vers num="5.1.2"/>
+        <vers num="5.1.3"/>
+        <vers num="5.1.4"/>
+        <vers num="5.1.5"/>
+        <vers num="5.1.6"/>
+        <vers num="5.2.0"/>
+        <vers num="5.2.1"/>
+        <vers num="5.2.10"/>
+        <vers num="5.2.11"/>
+        <vers num="5.2.12"/>
+        <vers num="5.2.13"/>
+        <vers num="5.2.14"/>
+        <vers num="5.2.15"/>
+        <vers num="5.2.16"/>
+        <vers num="5.2.17"/>
+        <vers num="5.2.2"/>
+        <vers num="5.2.3"/>
+        <vers num="5.2.4"/>
+        <vers num="5.2.5"/>
+        <vers num="5.2.6"/>
+        <vers num="5.2.7"/>
+        <vers num="5.2.8"/>
+        <vers num="5.2.9"/>
+        <vers num="5.3.0"/>
+        <vers num="5.3.1"/>
+        <vers num="5.3.10"/>
+        <vers num="5.3.11"/>
+        <vers num="5.3.12"/>
+        <vers num="5.3.13"/>
+        <vers num="5.3.14"/>
+        <vers num="5.3.15"/>
+        <vers num="5.3.16"/>
+        <vers num="5.3.17"/>
+        <vers num="5.3.18"/>
+        <vers num="5.3.19"/>
+        <vers num="5.3.2"/>
+        <vers num="5.3.20"/>
+        <vers num="5.3.21"/>
+        <vers num="5.3.22"/>
+        <vers num="5.3.23"/>
+        <vers num="5.3.24"/>
+        <vers num="5.3.25"/>
+        <vers num="5.3.26"/>
+        <vers num="5.3.27"/>
+        <vers num="5.3.3"/>
+        <vers num="5.3.4"/>
+        <vers num="5.3.5"/>
+        <vers num="5.3.6"/>
+        <vers num="5.3.7"/>
+        <vers num="5.3.8"/>
+        <vers num="5.3.9"/>
+        <vers num="5.4.0"/>
+        <vers num="5.4.1"/>
+        <vers num="5.4.10"/>
+        <vers num="5.4.11"/>
+        <vers num="5.4.12" edition="rc1"/>
+        <vers num="5.4.12" edition="rc2"/>
+        <vers num="5.4.13" edition="rc1"/>
+        <vers num="5.4.14" edition="rc1"/>
+        <vers num="5.4.15" edition="rc1"/>
+        <vers num="5.4.16" edition="rc1"/>
+        <vers num="5.4.17"/>
+        <vers num="5.4.18"/>
+        <vers num="5.4.19"/>
+        <vers num="5.4.2"/>
+        <vers num="5.4.20"/>
+        <vers num="5.4.21"/>
+        <vers num="5.4.22"/>
+        <vers num="5.4.23"/>
+        <vers num="5.4.24"/>
+        <vers num="5.4.25"/>
+        <vers prev="1" num="5.4.26"/>
+        <vers num="5.4.3"/>
+        <vers num="5.4.4"/>
+        <vers num="5.4.5"/>
+        <vers num="5.4.6"/>
+        <vers num="5.4.7"/>
+        <vers num="5.4.8"/>
+        <vers num="5.4.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2522" published="2014-04-18" name="CVE-2014-2522" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="4.9" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">curl and libcurl 7.27.0 through 7.35.0, when runnning on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://curl.haxx.se/docs/adv_20140326D.html" source="CONFIRM" patch="1" adv="1">http://curl.haxx.se/docs/adv_20140326D.html</ref>
+      <ref url="http://www.securityfocus.com/bid/66296" source="BID">66296</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/</ref>
+      <ref url="http://secunia.com/advisories/57968" source="SECUNIA" adv="1">57968</ref>
+      <ref url="http://secunia.com/advisories/57966" source="SECUNIA" adv="1">57966</ref>
+      <ref url="http://secunia.com/advisories/57836" source="SECUNIA" adv="1">57836</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/586" source="MLIST">[oss-security] 20140317 Re: CVE request: flaw in curl's Windows SSL backend</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/585" source="MLIST">[oss-security] 20140317 CVE request: flaw in curl's Windows SSL backend</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="haxx" name="curl">
+        <vers num="7.27.0"/>
+        <vers num="7.28.0"/>
+        <vers num="7.28.1"/>
+        <vers num="7.29.0"/>
+        <vers num="7.30.0"/>
+        <vers num="7.31.0"/>
+        <vers num="7.32.0"/>
+        <vers num="7.33.0"/>
+        <vers num="7.34.0"/>
+        <vers num="7.35.0"/>
+      </prod>
+      <prod vendor="haxx" name="libcurl">
+        <vers num="7.27.0"/>
+        <vers num="7.28.0"/>
+        <vers num="7.28.1"/>
+        <vers num="7.29.0"/>
+        <vers num="7.30.0"/>
+        <vers num="7.31.0"/>
+        <vers num="7.32.0"/>
+        <vers num="7.33.0"/>
+        <vers num="7.34.0"/>
+        <vers num="7.35.0"/>
+        <vers num="7.36.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2523" published="2014-03-24" name="CVE-2014-2523" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92" source="CONFIRM">https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1077343" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1077343</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91910" source="XF">linux-kernel-cve20142523-code-exec(91910)</ref>
+      <ref url="http://www.securitytracker.com/id/1029945" source="SECTRACK">1029945</ref>
+      <ref url="http://www.securityfocus.com/bid/66279" source="BID">66279</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/17/7" source="MLIST">[oss-security] 20140317 Re: CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c</ref>
+      <ref url="http://twitter.com/grsecurity/statuses/445496197399461888" source="MISC" adv="1">http://twitter.com/grsecurity/statuses/445496197399461888</ref>
+      <ref url="http://secunia.com/advisories/57446" source="SECUNIA">57446</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92" source="CONFIRM">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers prev="1" num="3.13.6"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2525" published="2014-03-28" name="CVE-2014-2525" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.ocert.org/advisories/ocert-2014-003.html" source="MISC">http://www.ocert.org/advisories/ocert-2014-003.html</ref>
+      <ref url="https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048" source="CONFIRM" patch="1">https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2160-1" source="UBUNTU">USN-2160-1</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/</ref>
+      <ref url="http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" source="CONFIRM">http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2885" source="DEBIAN">DSA-2885</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2884" source="DEBIAN">DSA-2884</ref>
+      <ref url="http://secunia.com/advisories/57968" source="SECUNIA">57968</ref>
+      <ref url="http://secunia.com/advisories/57966" source="SECUNIA">57966</ref>
+      <ref url="http://secunia.com/advisories/57836" source="SECUNIA">57836</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0355.html" source="REDHAT">RHSA-2014:0355</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0354.html" source="REDHAT">RHSA-2014:0354</ref>
+      <ref url="http://rhn.redhat.com/errata/RHSA-2014-0353.html" source="REDHAT">RHSA-2014:0353</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html" source="SUSE">openSUSE-SU-2014:0500</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="pyyaml" name="libyaml">
+        <vers num="0.0.1"/>
+        <vers num="0.1.1"/>
+        <vers num="0.1.2"/>
+        <vers num="0.1.3"/>
+        <vers num="0.1.4"/>
+        <vers prev="1" num="0.1.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2526" published="2014-03-25" name="CVE-2014-2526" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to Forum/manage/ForumManager.lsp; (3) sHint, (4) sWord, or (5) nId parameter to Forum/manage/hangman.lsp; (6) user parameter to rtl/protected/admin/wizard/setuser.lsp; (7) name or (8) email parameter to feedback.lsp; (9) lname or (10) url parameter to private/manage/PageManager.lsp; (11) cmd parameter to fs; (12) newname, (13) description, (14) firstname, (15) lastname, or (16) id parameter to rtl/protected/mail/manage/list.lsp; or (17) PATH_INFO to fs/.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91920" source="XF">barracudadrive-multiple-scripts-xss(91920)</ref>
+      <ref url="http://secunia.com/advisories/57451" source="SECUNIA" adv="1">57451</ref>
+      <ref url="http://secpod.org/blog/?p=2158" source="MISC">http://secpod.org/blog/?p=2158</ref>
+      <ref url="http://secpod.org/advisories/SecPod_BarracudaDrive_Mult_XSS_Vuln.txt" source="MISC">http://secpod.org/advisories/SecPod_BarracudaDrive_Mult_XSS_Vuln.txt</ref>
+      <ref url="http://packetstormsecurity.com/files/125766" source="MISC">http://packetstormsecurity.com/files/125766</ref>
+      <ref url="http://barracudadrive.com/readme.txt" source="CONFIRM">http://barracudadrive.com/readme.txt</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="barracudadrive" name="barracudadrive">
+        <vers num="3.4"/>
+        <vers num="3.5"/>
+        <vers num="3.6"/>
+        <vers num="3.7"/>
+        <vers num="3.7.2"/>
+        <vers num="3.8"/>
+        <vers num="3.9"/>
+        <vers num="4.0"/>
+        <vers num="4.0.1"/>
+        <vers num="4.0.2"/>
+        <vers num="4.1"/>
+        <vers num="4.2"/>
+        <vers num="4.3"/>
+        <vers num="4.4"/>
+        <vers num="4.4.1"/>
+        <vers num="4.4.2"/>
+        <vers num="4.4.3"/>
+        <vers num="4.4.4"/>
+        <vers num="4.4.5"/>
+        <vers num="4.4.6"/>
+        <vers num="4.4.7"/>
+        <vers num="4.4.8"/>
+        <vers num="4.5"/>
+        <vers num="4.5.1"/>
+        <vers num="4.5.2"/>
+        <vers num="4.5.3"/>
+        <vers num="4.5.4"/>
+        <vers num="4.5.5"/>
+        <vers num="4.6"/>
+        <vers num="4.6.1"/>
+        <vers num="4.7"/>
+        <vers num="4.8"/>
+        <vers num="4.8.4"/>
+        <vers num="4.9"/>
+        <vers num="4.9.1"/>
+        <vers num="4.9.2"/>
+        <vers num="5.0"/>
+        <vers num="5.1"/>
+        <vers num="5.2"/>
+        <vers num="5.3"/>
+        <vers num="6.0"/>
+        <vers num="6.1"/>
+        <vers num="6.2"/>
+        <vers num="6.3"/>
+        <vers num="6.4"/>
+        <vers num="6.5"/>
+        <vers prev="1" num="6.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2532" published="2014-03-18" name="CVE-2014-2532" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91986" source="XF">openssh-cve20142532-sec-bypass(91986)</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2155-1" source="UBUNTU">USN-2155-1</ref>
+      <ref url="http://www.securitytracker.com/id/1029925" source="SECTRACK">1029925</ref>
+      <ref url="http://www.securityfocus.com/bid/66355" source="BID">66355</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2894" source="DEBIAN">DSA-2894</ref>
+      <ref url="http://secunia.com/advisories/57574" source="SECUNIA">57574</ref>
+      <ref url="http://secunia.com/advisories/57488" source="SECUNIA">57488</ref>
+      <ref url="http://marc.info/?l=openbsd-security-announce&amp;m=139492048027313&amp;w=2" source="MLIST">[security-announce] 20140315 Announce: OpenSSH 6.6 released</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openbsd" name="openssh">
+        <vers num="6.0"/>
+        <vers num="6.1"/>
+        <vers num="6.2"/>
+        <vers num="6.3"/>
+        <vers num="6.4"/>
+        <vers prev="1" num="6.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2533" published="2014-03-18" name="CVE-2014-2533" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
+    <desc>
+      <descript source="cve">/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.exploit-db.com/exploits/32153/" source="EXPLOIT-DB">32153</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/98" source="FULLDISC">20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/124" source="FULLDISC">20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS</ref>
+      <ref url="http://seclists.org/bugtraq/2014/Mar/88" source="BUGTRAQ">20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS</ref>
+      <ref url="http://seclists.org/bugtraq/2014/Mar/66" source="BUGTRAQ">20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="blackberry" name="qnx_neutrino_rtos">
+        <vers num="6.4.1"/>
+        <vers num="6.5.0" edition="sp1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2534" published="2014-03-18" name="CVE-2014-2534" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:N/A:N)" CVSS_score="4.9" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.9" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.exploit-db.com/exploits/32156/" source="EXPLOIT-DB">32156</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/98" source="FULLDISC">20140312 Medium severity flaw in BlackBerry QNX Neutrino RTOS</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/124" source="FULLDISC">20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS</ref>
+      <ref url="http://seclists.org/bugtraq/2014/Mar/88" source="BUGTRAQ">20140313 Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS</ref>
+      <ref url="http://seclists.org/bugtraq/2014/Mar/66" source="BUGTRAQ">20140311 Medium severity flaw in BlackBerry QNX Neutrino RTOS</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="blackberry" name="qnx_neutrino_rtos">
+        <vers num="6.4.1"/>
+        <vers num="6.5.0" edition="sp1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2535" published="2014-03-18" name="CVE-2014-2535" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x before 7.4.1, 7.3.x before 7.3.2.6, and 7.2.0.9 and earlier allows remote authenticated users to read arbitrary files via a crafted request to the web filtering port.</descript>
+    </desc>
+    <impacts>
+      <impact source="nvd">Per: https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10063
+
+"Affected versions
+
+    MWG 7.4.0 (and earlier)
+    MWG 7.3.2.4 (and earlier)
+    MWG 7.2.0.9 (and earlier)"
+</impact>
+    </impacts>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10063" source="CONFIRM" adv="1">https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10063</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91772" source="XF">mcafee-gateway-filtering-dir-traversal(91772)</ref>
+      <ref url="http://www.securityfocus.com/bid/66193" source="BID">66193</ref>
+      <ref url="http://secunia.com/advisories/56958" source="SECUNIA" adv="1">56958</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mcafee" name="web_gateway">
+        <vers prev="1" num="7.2.0.9"/>
+        <vers prev="1" num="7.3.2.4"/>
+        <vers prev="1" num="7.4.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2536" published="2014-03-18" name="CVE-2014-2536" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors.</descript>
+    </desc>
+    <impacts>
+      <impact source="nvd">Per: https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10066
+
+"Affected Versions:
+
+    Intel Expressway Cloud Access 360-SSO 2.1, 2.5
+    McAfee Cloud Identity Manager 3.0, 3.1, 3.5.1
+    McAfee Cloud Single Sign On 4.0.0"</impact>
+    </impacts>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10066" source="CONFIRM" adv="1">https://kc.mcafee.com/corporate/index?page=content&amp;id=SB10066</ref>
+      <ref url="http://www.securityfocus.com/bid/66181" source="BID">66181</ref>
+      <ref url="http://secunia.com/advisories/57381" source="SECUNIA" adv="1">57381</ref>
+      <ref url="http://secunia.com/advisories/57368" source="SECUNIA" adv="1">57368</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="intel" name="expressway_cloud_access_360">
+        <vers num="2.1"/>
+        <vers num="2.5"/>
+      </prod>
+      <prod vendor="mcafee" name="cloud_identity_manager">
+        <vers num="3.0"/>
+        <vers num="3.1"/>
+        <vers num="3.5.1"/>
+      </prod>
+      <prod vendor="mcafee" name="cloud_single_sign_on">
+        <vers num="4.0.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2537" published="2014-03-18" name="CVE-2014-2537" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/" source="CONFIRM" patch="1" adv="1">http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/</ref>
+      <ref url="http://www.securitytracker.com/id/1029920" source="SECTRACK">1029920</ref>
+      <ref url="http://www.securityfocus.com/bid/66231" source="BID">66231</ref>
+      <ref url="http://secunia.com/advisories/57344" source="SECUNIA" adv="1">57344</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sophos" name="unified_threat_management_software">
+        <vers num="8.3"/>
+        <vers num="9.007"/>
+        <vers num="9.107"/>
+        <vers prev="1" num="9.108"/>
+      </prod>
+      <prod vendor="sophos" name="unified_threat_management">
+        <vers num="110"/>
+        <vers num="120"/>
+        <vers num="220"/>
+        <vers num="320"/>
+        <vers num="425"/>
+        <vers num="525"/>
+        <vers num="625"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2538" published="2014-03-25" name="CVE-2014-2538" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b" source="CONFIRM" patch="1">https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/19/20" source="MLIST">[oss-security] 20140319 Re: CVE Request: rack-ssl rubygem: XSS in error page</ref>
+      <ref url="http://secunia.com/advisories/57466" source="SECUNIA" adv="1">57466</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-04/msg00032.html" source="SUSE">openSUSE-SU-2014:0515</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="joshua_peek" name="rack-ssl">
+        <vers num="1.0.0" edition=":~~~ruby~~"/>
+        <vers num="1.1.0" edition=":~~~ruby~~"/>
+        <vers num="1.2.0" edition=":~~~ruby~~"/>
+        <vers num="1.3.0" edition=":~~~ruby~~"/>
+        <vers num="1.3.1" edition=":~~~ruby~~"/>
+        <vers num="1.3.2" edition=":~~~ruby~~"/>
+        <vers num="1.3.3" edition=":~~~ruby~~"/>
+        <vers prev="1" num="1.3.4" edition=":~~~ruby~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2540" published="2014-04-11" name="CVE-2014-2540" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23208" source="MISC">https://www.htbridge.com/advisory/HTB23208</ref>
+      <ref url="http://www.securityfocus.com/bid/66667" source="BID">66667</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531781/100/0/threaded" source="BUGTRAQ">20140409 SQL Injection in Orbit Open Ad Server</ref>
+      <ref url="http://www.exploit-db.com/exploits/32792" source="EXPLOIT-DB">32792</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="orbitscripts" name="orbit_open_ad_server">
+        <vers prev="1" num="1.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2541" published="2014-04-08" name="CVE-2014-2541" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt" source="CONFIRM" adv="1">http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt</ref>
+      <ref url="http://www.tibco.com/mk/advisory.jsp" source="CONFIRM" adv="1">http://www.tibco.com/mk/advisory.jsp</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="tibco" name="rendezvous">
+        <vers num="7.4.11"/>
+        <vers num="7.5.1"/>
+        <vers num="7.5.2"/>
+        <vers num="7.5.3"/>
+        <vers num="7.5.4"/>
+        <vers num="8.10"/>
+        <vers num="8.2.1"/>
+        <vers num="8.3.0"/>
+        <vers num="8.3.1"/>
+        <vers prev="1" num="8.4.1"/>
+      </prod>
+      <prod vendor="tibco" name="substantiation_es">
+        <vers prev="1" num="2.8.0"/>
+      </prod>
+      <prod vendor="tibco" name="messaging_appliance">
+        <vers prev="1" num="8.7.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2542" published="2014-04-08" name="CVE-2014-2542" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt" source="CONFIRM" adv="1">http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt</ref>
+      <ref url="http://www.tibco.com/mk/advisory.jsp" source="CONFIRM" adv="1">http://www.tibco.com/mk/advisory.jsp</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="tibco" name="rendezvous">
+        <vers num="7.4.11"/>
+        <vers num="7.5.1"/>
+        <vers num="7.5.2"/>
+        <vers num="7.5.3"/>
+        <vers num="7.5.4"/>
+        <vers num="8.10"/>
+        <vers num="8.2.1"/>
+        <vers num="8.3.0"/>
+        <vers num="8.3.1"/>
+        <vers prev="1" num="8.4.1"/>
+      </prod>
+      <prod vendor="tibco" name="substantiation_es">
+        <vers prev="1" num="2.8.0"/>
+      </prod>
+      <prod vendor="tibco" name="messaging_appliance">
+        <vers prev="1" num="8.7.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2543" published="2014-04-08" name="CVE-2014-2543" modified="2014-04-09" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt" source="CONFIRM" adv="1">http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt</ref>
+      <ref url="http://www.tibco.com/mk/advisory.jsp" source="CONFIRM" adv="1">http://www.tibco.com/mk/advisory.jsp</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="tibco" name="rendezvous">
+        <vers num="7.4.11"/>
+        <vers num="7.5.1"/>
+        <vers num="7.5.2"/>
+        <vers num="7.5.3"/>
+        <vers num="7.5.4"/>
+        <vers num="8.10"/>
+        <vers num="8.2.1"/>
+        <vers num="8.3.0"/>
+        <vers num="8.3.1"/>
+        <vers prev="1" num="8.4.1"/>
+      </prod>
+      <prod vendor="tibco" name="substantiation_es">
+        <vers prev="1" num="2.8.0"/>
+      </prod>
+      <prod vendor="tibco" name="messaging_appliance">
+        <vers prev="1" num="8.7.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2544" published="2014-04-09" name="CVE-2014-2544" modified="2014-04-10" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt" source="CONFIRM" adv="1">http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt</ref>
+      <ref url="http://www.tibco.com/mk/advisory.jsp" source="CONFIRM" adv="1">http://www.tibco.com/mk/advisory.jsp</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="tibco" name="analyst">
+        <vers prev="1" num="6.0.0"/>
+      </prod>
+      <prod vendor="tibco" name="automation_services">
+        <vers prev="1" num="4.0.3"/>
+        <vers num="4.5.0"/>
+        <vers num="4.5.1"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.5.0"/>
+        <vers num="6.0.0"/>
+      </prod>
+      <prod vendor="tibco" name="deployment_kit">
+        <vers prev="1" num="4.0.3"/>
+        <vers num="4.5.0"/>
+        <vers num="4.5.1"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.5.0"/>
+        <vers num="6.0.0"/>
+      </prod>
+      <prod vendor="tibco" name="desktop">
+        <vers prev="1" num="6.0.0"/>
+      </prod>
+      <prod vendor="tibco" name="spotfire_professional">
+        <vers prev="1" num="4.0.3"/>
+        <vers num="4.5.0"/>
+        <vers num="4.5.1"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.5.0"/>
+        <vers num="6.0.0"/>
+      </prod>
+      <prod vendor="tibco" name="spotfire_server">
+        <vers prev="1" num="3.3.3"/>
+        <vers num="4.5.0"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.5.0"/>
+        <vers num="6.0.0"/>
+        <vers num="6.0.1"/>
+      </prod>
+      <prod vendor="tibco" name="web_player">
+        <vers prev="1" num="4.0.3"/>
+        <vers num="4.5.0"/>
+        <vers num="4.5.1"/>
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.5.0"/>
+        <vers num="6.0.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2545" published="2014-04-30" name="CVE-2014-2545" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.tibco.com/multimedia/mft_advisory_20140429_tcm8-21013.txt" source="CONFIRM" adv="1">http://www.tibco.com/multimedia/mft_advisory_20140429_tcm8-21013.txt</ref>
+      <ref url="http://www.tibco.com/mk/advisory.jsp" source="CONFIRM" adv="1">http://www.tibco.com/mk/advisory.jsp</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="tibco" name="managed_file_transfer_command_center">
+        <vers num="6.7"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.1.0"/>
+        <vers num="7.2.0"/>
+        <vers prev="1" num="7.2.1"/>
+      </prod>
+      <prod vendor="tibco" name="managed_file_transfer_internet_server">
+        <vers num="6.7"/>
+        <vers num="7.0"/>
+        <vers num="7.0.1"/>
+        <vers num="7.1.0"/>
+        <vers num="7.2.0"/>
+        <vers prev="1" num="7.2.1"/>
+      </prod>
+      <prod vendor="tibco" name="slingshot">
+        <vers num="1.7.0"/>
+        <vers num="1.8.0"/>
+        <vers num="1.8.1"/>
+        <vers prev="1" num="1.9.0"/>
+      </prod>
+      <prod vendor="tibco" name="vault">
+        <vers prev="1" num="1.0.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2553" published="2014-04-02" name="CVE-2014-2553" modified="2014-04-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://www.otrs.com/security-advisory-2014-04-xss-issue" source="CONFIRM" adv="1">https://www.otrs.com/security-advisory-2014-04-xss-issue</ref>
+      <ref url="http://secunia.com/advisories/57616" source="SECUNIA" adv="1">57616</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="otrs" name="otrs">
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.18"/>
+        <vers num="3.1.19"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.20"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.2.0" edition="beta1"/>
+        <vers num="3.2.0" edition="beta2"/>
+        <vers num="3.2.0" edition="beta3"/>
+        <vers num="3.2.0" edition="beta4"/>
+        <vers num="3.2.0" edition="beta5"/>
+        <vers num="3.2.0" edition="rc1"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3.0" edition="beta1"/>
+        <vers num="3.3.0" edition="beta2"/>
+        <vers num="3.3.0" edition="beta3"/>
+        <vers num="3.3.0" edition="beta4"/>
+        <vers num="3.3.0" edition="beta5"/>
+        <vers num="3.3.0" edition="rc1"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2554" published="2014-04-23" name="CVE-2014-2554" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/" source="CONFIRM" adv="1">http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/</ref>
+      <ref url="http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html" source="SUSE">openSUSE-SU-2014:0561</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="otrs" name="otrs">
+        <vers num="3.1.0"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.11"/>
+        <vers num="3.1.13"/>
+        <vers num="3.1.14"/>
+        <vers num="3.1.15"/>
+        <vers num="3.1.16"/>
+        <vers num="3.1.17"/>
+        <vers num="3.1.18"/>
+        <vers num="3.1.19"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.20"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.2.0" edition="beta1"/>
+        <vers num="3.2.0" edition="beta2"/>
+        <vers num="3.2.0" edition="beta3"/>
+        <vers num="3.2.0" edition="beta4"/>
+        <vers num="3.2.0" edition="beta5"/>
+        <vers num="3.2.0" edition="rc1"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.3.0" edition="beta1"/>
+        <vers num="3.3.0" edition="beta2"/>
+        <vers num="3.3.0" edition="beta3"/>
+        <vers num="3.3.0" edition="beta4"/>
+        <vers num="3.3.0" edition="beta5"/>
+        <vers num="3.3.0" edition="rc1"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+      </prod>
+      <prod vendor="novell" name="opensuse">
+        <vers num="12.3"/>
+        <vers num="13.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2565" published="2014-04-30" name="CVE-2014-2565" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:A/AC:H/Au:S/C:C/I:C/A:C)" CVSS_score="6.5" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="2.5" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="https://kb.bluecoat.com/index?page=content&amp;id=SA78&amp;actp=LIST" source="CONFIRM" adv="1">https://kb.bluecoat.com/index?page=content&amp;id=SA78&amp;actp=LIST</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="bluecoat" name="content_analysis_system_software">
+        <vers num="1.1"/>
+        <vers num="1.1.1.1"/>
+        <vers prev="1" num="1.1.2.1"/>
+      </prod>
+      <prod vendor="bluecoat" name="content_analysis_system">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2567" published="2014-03-21" name="CVE-2014-2567" modified="2014-03-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://github.com/jktjkt/trojita/commit/25fffa3e25cbad85bbca804193ad336b090a9ce1" source="CONFIRM">https://github.com/jktjkt/trojita/commit/25fffa3e25cbad85bbca804193ad336b090a9ce1</ref>
+      <ref url="http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html" source="CONFIRM" adv="1">http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="trojita_project" name="trojita">
+        <vers num="0.1"/>
+        <vers num="0.2"/>
+        <vers num="0.2.9"/>
+        <vers num="0.2.9.1"/>
+        <vers num="0.2.9.2"/>
+        <vers num="0.2.9.3"/>
+        <vers num="0.2.9.4"/>
+        <vers num="0.3"/>
+        <vers num="0.3.90"/>
+        <vers num="0.3.91"/>
+        <vers num="0.3.92"/>
+        <vers num="0.3.93"/>
+        <vers num="0.3.96"/>
+        <vers prev="1" num="0.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2568" published="2014-03-24" name="CVE-2014-2568" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="2.9" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="5.5" CVSS_base_score="2.9">
+    <desc>
+      <descript source="cve">Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/20/16" source="MLIST" patch="1">[oss-security] 20140320 Re: CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied</ref>
+      <ref url="https://lkml.org/lkml/2014/3/20/421" source="MLIST">[linux-kernel] 20140320 [PATCH v3] core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle errors</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1079012" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1079012</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91922" source="XF">linux-kernel-cve20142568-info-disclosure(91922)</ref>
+      <ref url="http://www.securityfocus.com/bid/66348" source="BID">66348</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q1/627" source="MLIST">[oss-sec] 20140320 CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers prev="1" num="3.13.6"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2571" published="2014-03-24" name="CVE-2014-2571" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://moodle.org/mod/forum/discuss.php?d=256416" source="CONFIRM" adv="1">https://moodle.org/mod/forum/discuss.php?d=256416</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/17/1" source="MLIST">[oss-security] 20140317 Moodle security notifications public</ref>
+      <ref url="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43690" source="CONFIRM">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43690</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="moodle" name="moodle">
+        <vers num="2.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.0.9"/>
+        <vers num="2.1"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.10"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.1.6"/>
+        <vers num="2.1.7"/>
+        <vers num="2.1.8"/>
+        <vers num="2.1.9"/>
+        <vers num="2.2"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers num="2.2.11"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.10"/>
+        <vers prev="1" num="2.3.11"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+        <vers num="2.3.7"/>
+        <vers num="2.3.8"/>
+        <vers num="2.3.9"/>
+        <vers num="2.4"/>
+        <vers num="2.4.1"/>
+        <vers num="2.4.2"/>
+        <vers num="2.4.3"/>
+        <vers num="2.4.4"/>
+        <vers num="2.4.5"/>
+        <vers num="2.4.6"/>
+        <vers num="2.4.7"/>
+        <vers num="2.4.8"/>
+        <vers num="2.5"/>
+        <vers num="2.5.1"/>
+        <vers num="2.5.2"/>
+        <vers num="2.5.3"/>
+        <vers num="2.5.4"/>
+        <vers num="2.6"/>
+        <vers num="2.6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2572" published="2014-03-24" name="CVE-2014-2572" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:P/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://moodle.org/mod/forum/discuss.php?d=256425" source="CONFIRM" adv="1">https://moodle.org/mod/forum/discuss.php?d=256425</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/17/1" source="MLIST">[oss-security] 20140317 Moodle security notifications public</ref>
+      <ref url="http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43468" source="CONFIRM">http://git.moodle.org/gw?p=moodle.git&amp;a=search&amp;h=HEAD&amp;st=commit&amp;s=MDL-43468</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="moodle" name="moodle">
+        <vers num="2.6"/>
+        <vers num="2.6.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2573" published="2014-03-25" name="CVE-2014-2573" modified="2014-03-26" CVSS_version="2.0" CVSS_vector="(AV:A/AC:M/Au:S/C:N/I:N/A:P)" CVSS_score="2.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="4.4" CVSS_base_score="2.3">
+    <desc>
+      <descript source="cve">The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="https://bugs.launchpad.net/nova/+bug/1269418" source="CONFIRM">https://bugs.launchpad.net/nova/+bug/1269418</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/21/2" source="MLIST">[oss-security] 20140321 Re: CVE request for vulnerability in OpenStack Nova</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/21/1" source="MLIST">[oss-security] 20140321 CVE request for vulnerability in OpenStack Nova</ref>
+      <ref url="http://secunia.com/advisories/57498" source="SECUNIA" adv="1">57498</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openstack" name="compute">
+        <vers num="2013.2"/>
+        <vers num="2013.2.1"/>
+        <vers num="2013.2.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2578" published="2014-04-02" name="CVE-2014-2578" modified="2014-04-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92126" source="XF">splunk-cve20142578-xss(92126)</ref>
+      <ref url="http://www.splunk.com/view/SP-CAAAKQX" source="CONFIRM" adv="1">http://www.splunk.com/view/SP-CAAAKQX</ref>
+      <ref url="http://www.securitytracker.com/id/1029966" source="SECTRACK">1029966</ref>
+      <ref url="http://secunia.com/advisories/57554" source="SECUNIA" adv="1">57554</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="splunk" name="splunk">
+        <vers num="5.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.2"/>
+        <vers num="5.0.3"/>
+        <vers num="5.0.4"/>
+        <vers num="5.0.5"/>
+        <vers num="5.0.6"/>
+        <vers prev="1" num="5.0.7"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2579" published="2014-04-25" name="CVE-2014-2579" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:N/C:C/I:C/A:C)" CVSS_score="7.6" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="4.9" CVSS_base_score="7.6">
+    <desc>
+      <descript source="cve">Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php.  NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin.  NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23207" source="MISC">https://www.htbridge.com/advisory/HTB23207</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531780/100/0/threaded" source="BUGTRAQ">20140409 &amp;ETH;&amp;iexcl;ross-Site Request Forgery (CSRF) in XCloner Standalone</ref>
+      <ref url="http://www.exploit-db.com/exploits/32790" source="EXPLOIT-DB">32790</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xcloner" name="xcloner">
+        <vers prev="1" num="3.5" edition=":standalone"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2580" published="2014-04-15" name="CVE-2014-2580" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:S/C:N/I:N/A:C)" CVSS_score="4.4" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="2.7" CVSS_base_score="4.4">
+    <desc>
+      <descript source="cve">The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" error and host crash) via a malformed packet, which causes a mutex to be taken when trying to disable the interface.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/advisory-90.html" source="CONFIRM" patch="1" adv="1">http://xenbits.xen.org/xsa/advisory-90.html</ref>
+      <ref url="http://www.securitytracker.com/id/1029949" source="SECTRACK">1029949</ref>
+      <ref url="http://www.securityfocus.com/bid/66386" source="BID">66386</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/24/8" source="MLIST">[oss-security] 20140324 Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/24/6" source="MLIST">[oss-security] 20140324 Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2583" published="2014-04-10" name="CVE-2014-2583" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create aribitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty funtion, which is used by the format_timestamp_name function.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8" source="CONFIRM" patch="1">https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8</ref>
+      <ref url="http://www.securityfocus.com/bid/66493" source="BID">66493</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/31/6" source="MLIST">[oss-security] 20140331 Re: pam_timestamp internals</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/26/10" source="MLIST">[oss-security] 20140326 Re: pam_timestamp internals</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/24/5" source="MLIST">[oss-security] 20140324 pam_timestamp internals</ref>
+      <ref url="http://secunia.com/advisories/57317" source="SECUNIA" adv="1">57317</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="kernel" name="linux-pam">
+        <vers num="1.1.8"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2585" published="2014-03-24" name="CVE-2014-2585" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:N)" CVSS_score="4.9" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="6.8" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://owncloud.org/about/security/advisories/oC-SA-2014-008/" source="CONFIRM" adv="1">http://owncloud.org/about/security/advisories/oC-SA-2014-008/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="owncloud" name="owncloud">
+        <vers num="5.0.0"/>
+        <vers num="5.0.1"/>
+        <vers num="5.0.10"/>
+        <vers num="5.0.11"/>
+        <vers num="5.0.12"/>
+        <vers num="5.0.13"/>
+        <vers prev="1" num="5.0.14" edition="a"/>
+        <vers num="5.0.2"/>
+        <vers num="5.0.3"/>
+        <vers num="5.0.4"/>
+        <vers num="5.0.5"/>
+        <vers num="5.0.6"/>
+        <vers num="5.0.7"/>
+        <vers num="5.0.8"/>
+        <vers num="5.0.9"/>
+        <vers num="6.0.0"/>
+        <vers num="6.0.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2586" published="2014-03-24" name="CVE-2014-2586" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://twitter.com/BrandonPrry/status/445969380656943104" source="MISC">https://twitter.com/BrandonPrry/status/445969380656943104</ref>
+      <ref url="http://www.securityfocus.com/bid/66302" source="BID">66302</ref>
+      <ref url="http://www.exploit-db.com/exploits/32368" source="EXPLOIT-DB">32368</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/325" source="FULLDISC">20140318 McAfee Cloud SSO and McAfee Asset Manager vulns</ref>
+      <ref url="http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html" source="MISC">http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mcafee" name="cloud_single_sign_on">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2587" published="2014-03-24" name="CVE-2014-2587" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91929" source="XF">mcafee-asset-reportsaudit-sql-injection(91929)</ref>
+      <ref url="http://www.securitytracker.com/id/1029927" source="SECTRACK">1029927</ref>
+      <ref url="http://www.securityfocus.com/bid/66302" source="BID">66302</ref>
+      <ref url="http://www.osvdb.org/104634" source="OSVDB">104634</ref>
+      <ref url="http://www.exploit-db.com/exploits/32368" source="EXPLOIT-DB">32368</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/325" source="FULLDISC">20140318 McAfee Cloud SSO and McAfee Asset Manager vulns</ref>
+      <ref url="http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html" source="MISC">http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mcafee" name="asset_manager">
+        <vers num="6.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2588" published="2014-03-24" name="CVE-2014-2588" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91930" source="XF">mcafee-asset-dir-traversal(91930)</ref>
+      <ref url="http://www.securitytracker.com/id/1029927" source="SECTRACK">1029927</ref>
+      <ref url="http://www.securityfocus.com/bid/66302" source="BID">66302</ref>
+      <ref url="http://www.osvdb.org/104633" source="OSVDB">104633</ref>
+      <ref url="http://www.exploit-db.com/exploits/32368" source="EXPLOIT-DB">32368</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/325" source="FULLDISC">20140318 McAfee Cloud SSO and McAfee Asset Manager vulns</ref>
+      <ref url="http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html" source="MISC">http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mcafee" name="asset_manager">
+        <vers num="6.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2589" published="2014-03-24" name="CVE-2014-2589" modified="2014-03-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/91766" source="XF">sonicwall-nsa-dashboard-xss(91766)</ref>
+      <ref url="http://www.vulnerability-lab.com/get_content.php?id=1100" source="MISC">http://www.vulnerability-lab.com/get_content.php?id=1100</ref>
+      <ref url="http://www.securitytracker.com/id/1029884" source="SECTRACK">1029884</ref>
+      <ref url="http://www.securityfocus.com/bid/66042" source="BID">66042</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531364/100/0/threaded" source="BUGTRAQ">20140306 SonicWall Dashboard Backend Server - Client Side Cross Site Scripting Web Vulnerability</ref>
+      <ref url="http://www.osvdb.org/104089" source="OSVDB">104089</ref>
+      <ref url="http://secunia.com/advisories/57275" source="SECUNIA" adv="1">57275</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="dell" name="sonicwall_network_security_appliance_2400">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2590" published="2014-04-01" name="CVE-2014-2590" modified="2014-04-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="ruggedcom_rugged_operating_system">
+        <vers num="3.10.1"/>
+        <vers num="3.11" edition=":~~~~rs950g~"/>
+        <vers num="3.12"/>
+        <vers num="3.2.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.4"/>
+        <vers num="3.6.6"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.5"/>
+        <vers num="3.9.3"/>
+        <vers num="4.0" edition=":~~~~rsg2488~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2597" published="2014-04-18" name="CVE-2014-2597" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="4.9" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.9" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled keyboard or crash) via a large input buffer to unspecified IOCTL requests in RACDriver.sys, which triggers a buffer over-read.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2597/" source="MISC">https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2597/</ref>
+      <ref url="http://secunia.com/advisories/58090" source="SECUNIA" adv="1">58090</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/221" source="FULLDISC">20140416 CVE-2014-2597 - Denial of Service in PCNetSoftware RAC Server</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="remote-rac" name="rac_server">
+        <vers num="4.0.4"/>
+        <vers num="4.0.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2599" published="2014-03-28" name="CVE-2014-2599" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="4.9" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.9" CVSS_base_score="4.9">
+    <desc>
+      <descript source="cve">The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveraging access to certain service domains for HVM guests and a large input.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/advisory-89.html" source="CONFIRM" patch="1" adv="1">http://xenbits.xen.org/xsa/advisory-89.html</ref>
+      <ref url="http://www.securitytracker.com/id/1029956" source="SECTRACK">1029956</ref>
+      <ref url="http://www.securityfocus.com/bid/66407" source="BID">66407</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/25/2" source="MLIST">[oss-security] 20140325 Re: Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/25/1" source="MLIST">[oss-security] 20140325 Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="4.1.0" edition=":~~x86~~~"/>
+        <vers num="4.1.1" edition=":~~x86~~~"/>
+        <vers num="4.1.2" edition=":~~x86~~~"/>
+        <vers num="4.1.3" edition=":~~x86~~~"/>
+        <vers num="4.1.4" edition=":~~x86~~~"/>
+        <vers num="4.1.5" edition=":~~x86~~~"/>
+        <vers num="4.1.6.1" edition=":~~x86~~~"/>
+        <vers num="4.2.0"/>
+        <vers num="4.2.1"/>
+        <vers num="4.2.2"/>
+        <vers num="4.2.3"/>
+        <vers num="4.3.0"/>
+        <vers num="4.3.1"/>
+        <vers num="4.3.2"/>
+        <vers num="4.4.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2600" published="2014-04-05" name="CVE-2014-2600" modified="2014-04-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04214298" source="HP" adv="1">SSRT101450</ref>
+      <ref url="http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04214298" source="HP" adv="1">HPSBGN02986</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="hp" name="icewall_identity_manager">
+        <vers num="4.0" edition="sp1"/>
+        <vers num="5.0"/>
+      </prod>
+      <prod vendor="hp" name="icewall_sso_password_reset_option">
+        <vers num="10.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2601" published="2014-04-24" name="CVE-2014-2601" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787" source="HP" patch="1" adv="1">SSRT101509</ref>
+      <ref url="https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787" source="HP" patch="1" adv="1">HPSBHF03006</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="hp" name="integrated_lights-out_2_firmware">
+        <vers num="1.00"/>
+        <vers num="1.10"/>
+        <vers num="1.20"/>
+        <vers num="1.30"/>
+        <vers num="1.70"/>
+        <vers num="1.75"/>
+        <vers num="2.12"/>
+        <vers num="2.15"/>
+        <vers num="2.20"/>
+        <vers num="2.22"/>
+        <vers prev="1" num="2.23"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2653" published="2014-03-27" name="CVE-2014-2653" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513</ref>
+      <ref url="http://www.ubuntu.com/usn/USN-2164-1" source="UBUNTU">USN-2164-1</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2894" source="DEBIAN">DSA-2894</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/26/7" source="MLIST">[oss-security] 20140326 CVE request: openssh client does not check SSHFP if server offers certificate</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openbsd" name="openssh">
+        <vers num="6.0"/>
+        <vers num="6.1"/>
+        <vers num="6.2"/>
+        <vers num="6.3"/>
+        <vers num="6.4"/>
+        <vers num="6.5"/>
+        <vers prev="1" num="6.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2654" published="2014-04-22" name="CVE-2014-2654" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23209" source="MISC">https://www.htbridge.com/advisory/HTB23209</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92545" source="XF">madserve-cve20142654-sql-injection(92545)</ref>
+      <ref url="http://www.securityfocus.com/bid/66661" source="BID">66661</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531848/100/0/threaded" source="BUGTRAQ">20140416 SQL Injection in mAdserve</ref>
+      <ref url="http://secunia.com/advisories/58003" source="SECUNIA" adv="1">58003</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mobfox" name="madserve">
+        <vers prev="1" num="2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2655" published="2014-04-02" name="CVE-2014-2655" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://sourceforge.net/p/postfixadmin/code/1650" source="CONFIRM" patch="1">http://sourceforge.net/p/postfixadmin/code/1650</ref>
+      <ref url="http://www.securityfocus.com/bid/66455" source="BID">66455</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/26/6" source="MLIST">[oss-security] 20140326 CVE request: postfixadmin SQL injection vulnerability</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/26/11" source="MLIST">[oss-security] 20140326 Re: CVE request: postfixadmin SQL injection vulnerability</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2889" source="DEBIAN">DSA-2889</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="postfix_admin_project" name="postfix_admin">
+        <vers num="2.2.1.1"/>
+        <vers num="2.3"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers prev="1" num="2.3.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2657" published="2014-04-28" name="CVE-2014-2657" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the print release functionality in PaperCut MF 14.1 (Build 26983) has unknown impact and remote vectors, related to embedded MFPs.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92650" source="XF">papercut-cve20142657-unspec(92650)</ref>
+      <ref url="http://www.papercut-mf.com/release-history/" source="CONFIRM" adv="1">http://www.papercut-mf.com/release-history/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="papercut" name="papercut_mf">
+        <vers num="14.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2658" published="2014-04-28" name="CVE-2014-2658" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a denial of service via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92649" source="XF">papercut-cve20142658-dos(92649)</ref>
+      <ref url="http://www.papercut.com/release-history/" source="CONFIRM" adv="1">http://www.papercut.com/release-history/</ref>
+      <ref url="http://www.papercut-mf.com/release-history/" source="CONFIRM" adv="1">http://www.papercut-mf.com/release-history/</ref>
+      <ref url="http://secunia.com/advisories/58037" source="SECUNIA" adv="1">58037</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="papercut" name="papercut_mf">
+        <vers num="12.0"/>
+        <vers num="12.1"/>
+        <vers num="12.2"/>
+        <vers num="12.3"/>
+        <vers num="12.4"/>
+        <vers num="12.5"/>
+        <vers num="13.0"/>
+        <vers num="13.1"/>
+        <vers num="13.2"/>
+        <vers num="13.3"/>
+        <vers num="13.4"/>
+        <vers num="13.5"/>
+        <vers num="14.0"/>
+        <vers prev="1" num="14.1"/>
+      </prod>
+      <prod vendor="papercut" name="papercut_ng">
+        <vers num="12.0"/>
+        <vers num="12.1"/>
+        <vers num="12.2"/>
+        <vers num="12.3"/>
+        <vers num="12.4"/>
+        <vers num="12.5"/>
+        <vers num="13.0"/>
+        <vers num="13.1"/>
+        <vers num="13.2"/>
+        <vers num="13.3"/>
+        <vers num="13.4"/>
+        <vers num="13.5"/>
+        <vers num="14.0"/>
+        <vers prev="1" num="14.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2659" published="2014-04-22" name="CVE-2014-2659" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92648" source="XF">papercut-cve20142659-csrf(92648)</ref>
+      <ref url="http://www.papercut.com/release-history/" source="CONFIRM">http://www.papercut.com/release-history/</ref>
+      <ref url="http://www.papercut-mf.com/release-history/" source="CONFIRM">http://www.papercut-mf.com/release-history/</ref>
+      <ref url="http://secunia.com/advisories/58037" source="SECUNIA" adv="1">58037</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="papercut" name="papercut_mf">
+        <vers num="12.0"/>
+        <vers num="12.1"/>
+        <vers num="12.2"/>
+        <vers num="12.3"/>
+        <vers num="12.4"/>
+        <vers num="12.5"/>
+        <vers num="13.0"/>
+        <vers num="13.1"/>
+        <vers num="13.2"/>
+        <vers num="13.3"/>
+        <vers num="13.4"/>
+        <vers num="13.5"/>
+        <vers num="14.0"/>
+        <vers prev="1" num="14.1"/>
+      </prod>
+      <prod vendor="papercut" name="papercut_ng">
+        <vers num="12.0"/>
+        <vers num="12.1"/>
+        <vers num="12.2"/>
+        <vers num="12.3"/>
+        <vers num="12.4"/>
+        <vers num="12.5"/>
+        <vers num="13.0"/>
+        <vers num="13.1"/>
+        <vers num="13.2"/>
+        <vers num="13.3"/>
+        <vers num="13.4"/>
+        <vers num="13.5"/>
+        <vers num="14.0"/>
+        <vers prev="1" num="14.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2665" published="2014-04-19" name="CVE-2014-2665" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account, as demonstrated by tracking the victim's activity, related to a "login CSRF" issue.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php" source="CONFIRM" patch="1">https://gerrit.wikimedia.org/r/#/c/121517/1/includes/specials/SpecialChangePassword.php</ref>
+      <ref url="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html" source="MLIST" patch="1" adv="1">[mediawiki-announce] 20140328 MediaWiki Security and Maintenance Releases: 1.22.5, 1.21.8 and 1.19.14</ref>
+      <ref url="https://bugzilla.wikimedia.org/show_bug.cgi?id=62497" source="CONFIRM">https://bugzilla.wikimedia.org/show_bug.cgi?id=62497</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/01/7" source="MLIST">[oss-security] 20140401 Re: CVE request: MediaWiki 1.22.5 login csrf</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/03/28/1" source="MLIST">[oss-security] 20140327 CVE request: MediaWiki 1.22.5 login csrf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mediawiki" name="mediawiki">
+        <vers num="1.19" edition="beta_1"/>
+        <vers num="1.19" edition="beta_2"/>
+        <vers num="1.19.0"/>
+        <vers num="1.19.1"/>
+        <vers num="1.19.10"/>
+        <vers num="1.19.11"/>
+        <vers num="1.19.12"/>
+        <vers prev="1" num="1.19.13"/>
+        <vers num="1.19.2"/>
+        <vers num="1.19.3"/>
+        <vers num="1.19.4"/>
+        <vers num="1.19.5"/>
+        <vers num="1.19.6"/>
+        <vers num="1.19.7"/>
+        <vers num="1.19.8"/>
+        <vers num="1.19.9"/>
+        <vers num="1.20"/>
+        <vers num="1.20.1"/>
+        <vers num="1.20.2"/>
+        <vers num="1.20.3"/>
+        <vers num="1.20.4"/>
+        <vers num="1.20.5"/>
+        <vers num="1.20.6"/>
+        <vers num="1.20.7"/>
+        <vers num="1.20.8"/>
+        <vers num="1.21"/>
+        <vers num="1.21.1"/>
+        <vers num="1.21.2"/>
+        <vers num="1.21.3"/>
+        <vers num="1.21.4"/>
+        <vers num="1.21.5"/>
+        <vers num="1.21.6"/>
+        <vers num="1.21.7"/>
+        <vers num="1.22.0"/>
+        <vers num="1.22.1"/>
+        <vers num="1.22.2"/>
+        <vers num="1.22.3"/>
+        <vers num="1.22.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2668" published="2014-03-28" name="CVE-2014-2668" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92161" source="XF">apache-couchdb-cve20142668-dos(92161)</ref>
+      <ref url="http://www.securitytracker.com/id/1029967" source="SECTRACK">1029967</ref>
+      <ref url="http://www.securityfocus.com/bid/66474" source="BID">66474</ref>
+      <ref url="http://www.exploit-db.com/exploits/32519" source="EXPLOIT-DB">32519</ref>
+      <ref url="http://secunia.com/advisories/57572" source="SECUNIA" adv="1">57572</ref>
+      <ref url="http://packetstormsecurity.com/files/125889" source="MISC">http://packetstormsecurity.com/files/125889</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apache" name="couchdb">
+        <vers prev="1" num="1.5.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2669" published="2014-03-31" name="CVE-2014-2669" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact via vectors related to the (1) hstore_recv, (2) hstore_from_arrays, and (3) hstore_from_array functions in contrib/hstore/hstore_io.c; and the (4) hstoreArrayToPairs function in contrib/hstore/hstore_op.c, which triggers a buffer overflow.  NOTE: this issue was SPLIT from CVE-2014-0064 because it has a different set of affected versions.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a" source="CONFIRM">https://github.com/postgres/postgres/commit/31400a673325147e1205326008e32135a78b4d8a</ref>
+      <ref url="http://www.postgresql.org/support/security/" source="CONFIRM">http://www.postgresql.org/support/security/</ref>
+      <ref url="http://www.postgresql.org/about/news/1506/" source="CONFIRM" adv="1">http://www.postgresql.org/about/news/1506/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2865" source="DEBIAN">DSA-2865</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2864" source="DEBIAN">DSA-2864</ref>
+      <ref url="http://wiki.postgresql.org/wiki/20140220securityrelease" source="CONFIRM" adv="1">http://wiki.postgresql.org/wiki/20140220securityrelease</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="postgresql" name="postgresql">
+        <vers num="9.0"/>
+        <vers num="9.0.1"/>
+        <vers num="9.0.10"/>
+        <vers num="9.0.11"/>
+        <vers num="9.0.12"/>
+        <vers num="9.0.13"/>
+        <vers num="9.0.14"/>
+        <vers num="9.0.15"/>
+        <vers num="9.0.2"/>
+        <vers num="9.0.3"/>
+        <vers num="9.0.4"/>
+        <vers num="9.0.5"/>
+        <vers num="9.0.6"/>
+        <vers num="9.0.7"/>
+        <vers num="9.0.8"/>
+        <vers num="9.0.9"/>
+        <vers num="9.1"/>
+        <vers num="9.1.1"/>
+        <vers num="9.1.10"/>
+        <vers num="9.1.11"/>
+        <vers num="9.1.2"/>
+        <vers num="9.1.3"/>
+        <vers num="9.1.4"/>
+        <vers num="9.1.5"/>
+        <vers num="9.1.6"/>
+        <vers num="9.1.7"/>
+        <vers num="9.1.8"/>
+        <vers num="9.1.9"/>
+        <vers num="9.2"/>
+        <vers num="9.2.1"/>
+        <vers num="9.2.2"/>
+        <vers num="9.2.3"/>
+        <vers num="9.2.4"/>
+        <vers num="9.2.5"/>
+        <vers num="9.3"/>
+        <vers num="9.3.1"/>
+        <vers num="9.3.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2670" published="2014-03-29" name="CVE-2014-2670" modified="2014-03-31" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/140886" source="CERT-VN">VU#140886</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="zohocorp" name="manageengine_opstor">
+        <vers prev="1" num="8.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2671" published="2014-03-31" name="CVE-2014-2671" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_score="6.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.6" CVSS_base_score="6.8">
+    <desc>
+      <descript source="cve">Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92080" source="XF">ms-media-player-wav-code-exec(92080)</ref>
+      <ref url="http://www.securityfocus.com/bid/66403" source="BID">66403</ref>
+      <ref url="http://www.exploit-db.com/exploits/32477/" source="EXPLOIT-DB">32477</ref>
+      <ref url="http://packetstormsecurity.com/files/125834" source="MISC">http://packetstormsecurity.com/files/125834</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="windows_media_player">
+        <vers num="11.0.5721.5230"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2672" published="2014-04-01" name="CVE-2014-2672" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/21f8aaee0c62708654988ce092838aa7df4d25d8" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/21f8aaee0c62708654988ce092838aa7df4d25d8</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21f8aaee0c62708654988ce092838aa7df4d25d8" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21f8aaee0c62708654988ce092838aa7df4d25d8</ref>
+      <ref url="https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15" source="CONFIRM">https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15</ref>
+      <ref url="https://bugzilla.kernel.org/show_bug.cgi?id=70551" source="CONFIRM">https://bugzilla.kernel.org/show_bug.cgi?id=70551</ref>
+      <ref url="http://www.securityfocus.com/bid/66492" source="BID">66492</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/30/5" source="MLIST">[oss-security] 20140330 Re: CVE request: Linux Kernel, two security issues</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7</ref>
+      <ref url="http://secunia.com/advisories/57468" source="SECUNIA">57468</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers prev="1" num="3.13.6"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2673" published="2014-04-01" name="CVE-2014-2673" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="4.7" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.4" CVSS_base_score="4.7">
+    <desc>
+      <descript source="cve">The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/621b5060e823301d0cba4cb52a7ee3491922d291" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/621b5060e823301d0cba4cb52a7ee3491922d291</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=621b5060e823301d0cba4cb52a7ee3491922d291" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=621b5060e823301d0cba4cb52a7ee3491922d291</ref>
+      <ref url="https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15" source="CONFIRM">https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92113" source="XF">linux-kernel-cve20142673-dos(92113)</ref>
+      <ref url="http://www.securityfocus.com/bid/66477" source="BID">66477</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/30/5" source="MLIST">[oss-security] 20140330 Re: CVE request: Linux Kernel, two security issues</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7</ref>
+      <ref url="http://secunia.com/advisories/57436" source="SECUNIA">57436</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers prev="1" num="3.13.6"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2678" published="2014-04-01" name="CVE-2014-2678" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="4.7" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.4" CVSS_base_score="4.7">
+    <desc>
+      <descript source="cve">The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://lkml.org/lkml/2014/3/29/188" source="MLIST">[linux-kernel] 20140329 [PATCH v2] rds: prevent dereference of a NULL device in rds_iw_laddr_check</ref>
+      <ref url="http://www.securityfocus.com/bid/66543" source="BID">66543</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/03/31/10" source="MLIST">[oss-security] 20140331 CVE-2013-7348 CVE-2014-2678 Linux kernel aio and rds issues</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131276.html" source="FEDORA">FEDORA-2014-4844</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers num="3.13.6"/>
+        <vers num="3.13.7"/>
+        <vers num="3.13.8"/>
+        <vers prev="1" num="3.14"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2690" published="2014-04-15" name="CVE-2014-2690" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="2.1" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.9" CVSS_base_score="2.1">
+    <desc>
+      <descript source="cve">Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1030068" source="SECTRACK">1030068</ref>
+      <ref url="http://support.citrix.com/article/CTX140106" source="CONFIRM" adv="1">http://support.citrix.com/article/CTX140106</ref>
+      <ref url="http://secunia.com/advisories/57734" source="SECUNIA" adv="1">57734</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="citrix" name="vdi-in-a-box">
+        <vers num="5.3.0"/>
+        <vers num="5.3.1"/>
+        <vers num="5.3.2"/>
+        <vers num="5.3.3"/>
+        <vers num="5.3.4"/>
+        <vers num="5.3.5"/>
+        <vers num="5.4.0"/>
+        <vers num="5.4.1"/>
+        <vers num="5.4.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2706" published="2014-04-14" name="CVE-2014-2706" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba" source="CONFIRM" patch="1">https://github.com/torvalds/linux/commit/1d147bfa64293b2723c4fec50922168658e613ba</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1d147bfa64293b2723c4fec50922168658e613ba" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1d147bfa64293b2723c4fec50922168658e613ba</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1083512" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1083512</ref>
+      <ref url="https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18" source="CONFIRM">https://bugzilla.kernel.org/show_bug.cgi?id=70551#c18</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/01/8" source="MLIST">[oss-security] 20140401 Re: CVE request: Linux Kernel, two security issues</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.14"/>
+        <vers num="3.12.15"/>
+        <vers num="3.12.16"/>
+        <vers num="3.12.17"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers prev="1" num="3.13.6"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2707" published="2014-04-17" name="CVE-2014-2707" modified="2014-04-18" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="6.5" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">cups-browsed in cups-filters 1.0.41 before 1.0.51 in allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1083326" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1083326</ref>
+      <ref url="http://secunia.com/advisories/57530" source="SECUNIA" adv="1">57530</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/13" source="MLIST">[oss-security] 20140402 Re: cups-browsed remote exploit</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131485.html" source="FEDORA">FEDORA-2014-4708</ref>
+      <ref url="http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS" source="CONFIRM">http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188#NEWS</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linuxfoundation" name="cups-filters">
+        <vers num="1.0.41"/>
+        <vers num="1.0.42"/>
+        <vers num="1.0.43"/>
+        <vers num="1.0.44"/>
+        <vers num="1.0.45"/>
+        <vers num="1.0.46"/>
+        <vers num="1.0.47"/>
+        <vers num="1.0.48"/>
+        <vers num="1.0.49"/>
+        <vers num="1.0.50"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2708" published="2014-04-10" name="CVE-2014-2708" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in graph_xport.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://svn.cacti.net/viewvc?view=rev&amp;revision=7439" source="CONFIRM" patch="1">http://svn.cacti.net/viewvc?view=rev&amp;revision=7439</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1084258" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1084258</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92278" source="XF">cacti-cve20142708-sql-injection(92278)</ref>
+      <ref url="http://www.securityfocus.com/bid/66555" source="BID">66555</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/2" source="MLIST">[oss-security] 20140401 CVE request: cacti "bug#0002405: SQL injection in graph_xport.php"</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/15" source="MLIST">[oss-security] 20140403 Re: CVE request: cacti "bug#0002405: SQL injection in graph_xport.php"</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cacti" name="cacti">
+        <vers num="0.8.8b"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2709" published="2014-04-23" name="CVE-2014-2709" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.</descript>
+      <descript source="nvd">Per: https://cwe.mitre.org/data/definitions/77.html
+
+"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://svn.cacti.net/viewvc?view=rev&amp;revision=7439" source="CONFIRM" patch="1">http://svn.cacti.net/viewvc?view=rev&amp;revision=7439</ref>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768" source="CONFIRM">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768</ref>
+      <ref url="http://www.securityfocus.com/bid/66630" source="BID">66630</ref>
+      <ref url="http://secunia.com/advisories/57647" source="SECUNIA" adv="1">57647</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/15" source="MLIST">[oss-security] 20140403 Re: CVE request: cacti "bug#0002405: SQL injection in graph_xport.php"</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html" source="FEDORA">FEDORA-2014-4892</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html" source="FEDORA">FEDORA-2014-4928</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="cacti" name="cacti">
+        <vers num="0.8.7"/>
+        <vers num="0.8.7a"/>
+        <vers num="0.8.7b"/>
+        <vers num="0.8.7c"/>
+        <vers num="0.8.7d"/>
+        <vers num="0.8.7e"/>
+        <vers num="0.8.7f"/>
+        <vers prev="1" num="0.8.7g"/>
+        <vers num="0.8.8"/>
+        <vers num="0.8.8a"/>
+        <vers prev="1" num="0.8.8b"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2711" published="2014-04-14" name="CVE-2014-2711" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10619" source="CONFIRM" adv="1">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10619</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="junos">
+        <vers num="11.4"/>
+        <vers num="11.4x27"/>
+        <vers num="12.1"/>
+        <vers num="12.1x44"/>
+        <vers num="12.1x45"/>
+        <vers num="12.1x46"/>
+        <vers num="12.2"/>
+        <vers num="12.3"/>
+        <vers num="13.1"/>
+        <vers num="13.2"/>
+        <vers num="13.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2712" published="2014-04-14" name="CVE-2014-2712" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10521" source="CONFIRM" adv="1">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10521</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="junos">
+        <vers num="10.0"/>
+        <vers num="10.4"/>
+        <vers num="11.4"/>
+        <vers num="12.1"/>
+        <vers num="12.1x44"/>
+        <vers num="12.1x45"/>
+        <vers num="12.1x46"/>
+        <vers num="12.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2713" published="2014-04-14" name="CVE-2014-2713" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, allows remote attackers to cause a denial of service (PFE restart) via a crafted IP packet to certain (1) Trio or (2) Cassis-based Packet Forwarding Engine (PFE) modules.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10621" source="CONFIRM" adv="1">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10621</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="junos">
+        <vers num="11.4"/>
+        <vers num="12.1"/>
+        <vers num="12.2"/>
+        <vers num="12.3"/>
+        <vers num="13.1"/>
+        <vers num="13.2"/>
+        <vers num="13.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2714" published="2014-04-14" name="CVE-2014-2714" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_score="7.1" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="8.6" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 before 11.4R9, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D10, and 12.1X46 before 12.1X46-D10, as used in the SRX Series services gateways, allows remote attackers to cause a denial of service (flow daemon crash and restart) via a crafted URL.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/66760" source="BID">66760</ref>
+      <ref url="http://securitytracker.com/id?1030060" source="SECTRACK">1030060</ref>
+      <ref url="http://secunia.com/advisories/57835" source="SECUNIA" adv="1">57835</ref>
+      <ref url="http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10622" source="CONFIRM" adv="1">http://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10622</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="junos">
+        <vers num="10.4"/>
+        <vers num="11.4"/>
+        <vers num="12.1"/>
+        <vers num="12.1x44"/>
+        <vers num="12.1x45"/>
+        <vers num="12.1x46"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2715" published="2014-04-28" name="CVE-2014-2715" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.php.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531935/100/0/threaded" source="BUGTRAQ">20140425 [CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="videowhisper" name="videowhisper">
+        <vers num="7.x-1.0" edition=":~~~drupal~~"/>
+        <vers num="7.x-1.1" edition=":~~~drupal~~"/>
+        <vers num="7.x-1.3" edition=":~~~drupal~~"/>
+        <vers num="7.x-1.x" edition="dev:~~~drupal~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2719" published="2014-04-22" name="CVE-2014-2719" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:C/I:N/A:N)" CVSS_score="6.3" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="6.8" CVSS_base_score="6.3">
+    <desc>
+      <descript source="cve">Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by reading the source code.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29" source="CONFIRM">http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/225" source="FULLDISC">20140416 ASUS RT-XXXX SOHO routers expose admin password, fixed in 3.0.0.4.374.5517</ref>
+      <ref url="http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html" source="MISC">http://dnlongen.blogspot.com/2014/04/CVE-2014-2719-Asus-RT-Password-Disclosure.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="asus" name="rt-ac68u">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="asus" name="rt-ac66u_firmware">
+        <vers num="3.0.0.4.140"/>
+        <vers num="3.0.0.4.220"/>
+        <vers num="3.0.0.4.246"/>
+        <vers num="3.0.0.4.260"/>
+        <vers num="3.0.0.4.270"/>
+        <vers num="3.0.0.4.354"/>
+      </prod>
+      <prod vendor="asus" name="rt-ac68u_firmware">
+        <vers num="3.0.0.4.374.4755"/>
+        <vers num="3.0.0.4.374_4561"/>
+        <vers num="3.0.0.4.374_4887"/>
+      </prod>
+      <prod vendor="asus" name="rt-n10e_firmware">
+        <vers num="2.0.0.10"/>
+        <vers num="2.0.0.16"/>
+        <vers num="2.0.0.19"/>
+        <vers num="2.0.0.20"/>
+        <vers num="2.0.0.24"/>
+        <vers num="2.0.0.25"/>
+        <vers num="2.0.0.7"/>
+      </prod>
+      <prod vendor="asus" name="rt-n14u_firmware">
+        <vers num="3.0.0.4.322"/>
+        <vers num="3.0.0.4.356"/>
+      </prod>
+      <prod vendor="asus" name="rt-n16_firmware">
+        <vers num="1.0.1.9"/>
+        <vers num="1.0.2.3"/>
+        <vers num="3.0.0.3.108"/>
+        <vers num="3.0.0.3.162"/>
+        <vers num="3.0.0.3.178"/>
+        <vers num="3.0.0.4.220"/>
+        <vers num="3.0.0.4.246"/>
+        <vers num="3.0.0.4.260"/>
+        <vers num="3.0.0.4.354"/>
+        <vers num="7.0.2.38b"/>
+      </prod>
+      <prod vendor="asus" name="rt-n56u_firmware">
+        <vers num="1.0.1.4"/>
+        <vers num="1.0.1.4o"/>
+        <vers num="1.0.1.7c"/>
+        <vers num="1.0.1.7f"/>
+        <vers num="1.0.1.8j"/>
+        <vers num="1.0.1.8l"/>
+        <vers num="1.0.1.8n"/>
+        <vers num="3.0.0.4.318"/>
+        <vers num="3.0.0.4.334"/>
+        <vers num="3.0.0.4.342"/>
+        <vers num="3.0.0.4.360"/>
+        <vers num="7.0.1.21"/>
+        <vers num="7.0.1.32"/>
+        <vers num="8.1.1.4"/>
+      </prod>
+      <prod vendor="asus" name="rt-n65u_firmware">
+        <vers num="3.0.0.3.134"/>
+        <vers num="3.0.0.3.176"/>
+        <vers num="3.0.0.4.260"/>
+        <vers num="3.0.0.4.334"/>
+        <vers num="3.0.0.4.342"/>
+        <vers num="3.0.0.4.346"/>
+      </prod>
+      <prod vendor="asus" name="rt-n66u_firmware">
+        <vers num="3.0.0.4.272"/>
+        <vers num="3.0.0.4.370"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2729" published="2014-04-25" name="CVE-2014-2729" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531853/100/0/threaded" source="BUGTRAQ">20140416 [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531852/100/0/threaded" source="BUGTRAQ">20140416 [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7</ref>
+      <ref url="http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/126187/Ektron-CMS-8.7-Cross-Site-Scripting.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ektron" name="ektron_content_management_system">
+        <vers num="8.7.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2730" published="2014-04-05" name="CVE-2014-2730" modified="2014-04-07" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013, and Office for Mac 2011, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption and persistent application hang) via a crafted XML document containing a large number of nested entity references, as demonstrated by a crafted text/plain e-mail message to Outlook, a similar issue to CVE-2003-1564.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531722/100/0/threaded" source="BUGTRAQ">20140403 [softScheck] Denial of Service in Microsoft Office 2007-2013</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="microsoft" name="office">
+        <vers num="2007" edition="sp3"/>
+        <vers num="2010" edition="sp1:x64"/>
+        <vers num="2010" edition="sp1:x86"/>
+        <vers num="2010" edition="sp2:x64"/>
+        <vers num="2010" edition="sp2:x86"/>
+        <vers num="2011" edition=":mac"/>
+        <vers num="2013" edition="-:~-~-~-~x64~"/>
+        <vers num="2013" edition="-:~-~-~-~x86~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2731" published="2014-04-19" name="CVE-2014-2731" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="9.3" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="8.6" CVSS_base_score="9.3">
+    <desc>
+      <descript source="cve">Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="sinema_server">
+        <vers prev="1" num="12.0" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2732" published="2014-04-19" name="CVE-2014-2732" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="sinema_server">
+        <vers prev="1" num="12.0" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2733" published="2014-04-19" name="CVE-2014-2733" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-107-01</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="sinema_server">
+        <vers prev="1" num="12.0" edition="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2734" published="2014-04-24" name="CVE-2014-2734" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://gist.github.com/10446549" source="MISC">https://gist.github.com/10446549</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/231" source="FULLDISC">20140416 Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC</ref>
+      <ref url="http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html" source="MISC">http://packetstormsecurity.com/files/126218/Ruby-OpenSSL-Private-Key-Spoofing.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="ruby-lang" name="ruby">
+        <vers num="2.0"/>
+        <vers num="2.0.0" edition="p0"/>
+        <vers num="2.0.0" edition="p195"/>
+        <vers num="2.0.0" edition="p247"/>
+        <vers num="2.0.0" edition="preview1"/>
+        <vers num="2.0.0" edition="preview2"/>
+        <vers num="2.0.0" edition="rc1"/>
+        <vers num="2.0.0" edition="rc2"/>
+        <vers num="2.1" edition="-"/>
+        <vers num="2.1" edition="preview1"/>
+        <vers num="2.1.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2735" published="2014-04-22" name="CVE-2014-2735" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531847/100/0/threaded" source="BUGTRAQ">20140416 CVE-2014-2735 - WinSCP: missing X.509 validation</ref>
+      <ref url="http://winscp.net/tracker/show_bug.cgi?id=1152" source="CONFIRM">http://winscp.net/tracker/show_bug.cgi?id=1152</ref>
+      <ref url="http://winscp.net/eng/docs/history" source="CONFIRM">http://winscp.net/eng/docs/history</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="winscp" name="winscp">
+        <vers num="5.5"/>
+        <vers num="5.5.1"/>
+        <vers prev="1" num="5.5.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2736" published="2014-04-24" name="CVE-2014-2736" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/66990" source="BID">66990</ref>
+      <ref url="http://secunia.com/advisories/58036" source="SECUNIA" adv="1">58036</ref>
+      <ref url="http://forums.modx.com/thread/90173/modx-revolution-2-2-13-and-prior-blind-sql-injection" source="CONFIRM" adv="1">http://forums.modx.com/thread/90173/modx-revolution-2-2-13-and-prior-blind-sql-injection</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/2014-04/0124.html" source="BUGTRAQ">20140419 Multiple Vulnerabilities in MODX Revolution &lt; = MODX 2.2.13-pl</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="modx" name="modx_revolution">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2" edition="pl1"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.0.5"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.7"/>
+        <vers num="2.0.8"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.2.0"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.10"/>
+        <vers num="2.2.11"/>
+        <vers num="2.2.12"/>
+        <vers prev="1" num="2.2.13"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.2.6"/>
+        <vers num="2.2.7"/>
+        <vers num="2.2.8"/>
+        <vers num="2.2.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2737" published="2014-04-22" name="CVE-2014-2737" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531886/100/0/threaded" source="BUGTRAQ">20140419 Blind SQL Injection Vulnerability in KnowledgeTree &lt;= 3.7.0.2</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="knowledgetree" name="knowledgetree">
+        <vers num="3.7"/>
+        <vers num="3.7.0.1"/>
+        <vers prev="1" num="3.7.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2739" published="2014-04-14" name="CVE-2014-2739" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:A/AC:H/Au:N/C:N/I:N/A:C)" CVSS_score="4.6" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="3.2" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/10/9" source="MLIST" patch="1">[oss-security] 20140410 Re: CVE request Linux kernel: IB/core: crash while resolving passive side RoCE L2 address in cma_req_handler</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b2853fd6c2d0f383dbdf7427e263eb576a633867" source="CONFIRM" patch="1">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b2853fd6c2d0f383dbdf7427e263eb576a633867</ref>
+      <ref url="https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867" source="CONFIRM">https://github.com/torvalds/linux/commit/b2853fd6c2d0f383dbdf7427e263eb576a633867</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1085415" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1085415</ref>
+      <ref url="http://www.securityfocus.com/bid/66716" source="BID">66716</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.14" edition="rc1"/>
+        <vers num="3.14" edition="rc2"/>
+        <vers num="3.14" edition="rc3"/>
+        <vers num="3.14" edition="rc4"/>
+        <vers num="3.14" edition="rc5"/>
+        <vers num="3.14" edition="rc6"/>
+        <vers num="3.14" edition="rc7"/>
+        <vers num="3.14" edition="rc8"/>
+        <vers num="3.14.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2741" published="2014-04-10" name="CVE-2014-2741" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" source="MISC">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/09/1" source="MLIST">[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/07/7" source="MLIST">[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="igniterealtime" name="openfire">
+        <vers prev="1" num="3.9.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2742" published="2014-04-10" name="CVE-2014-2742" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" source="MISC">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/09/1" source="MLIST">[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/07/7" source="MLIST">[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="isode" name="m-link">
+        <vers num="14.6"/>
+        <vers num="14.6.14"/>
+        <vers num="15.1"/>
+        <vers num="15.1.10"/>
+        <vers num="16.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2743" published="2014-04-10" name="CVE-2014-2743" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://code.lightwitch.org/metronome/rev/49f47277a411" source="CONFIRM" patch="1">http://code.lightwitch.org/metronome/rev/49f47277a411</ref>
+      <ref url="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" source="MISC">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/09/1" source="MLIST">[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/07/7" source="MLIST">[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="lightwitch" name="metronome">
+        <vers prev="1" num="3.4"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2744" published="2014-04-10" name="CVE-2014-2744" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://hg.prosody.im/0.9/rev/b3b1c9da38fb" source="CONFIRM" patch="1">http://hg.prosody.im/0.9/rev/b3b1c9da38fb</ref>
+      <ref url="http://code.lightwitch.org/metronome/rev/49f47277a411" source="CONFIRM" patch="1">http://code.lightwitch.org/metronome/rev/49f47277a411</ref>
+      <ref url="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" source="MISC">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2895" source="DEBIAN">DSA-2895</ref>
+      <ref url="http://secunia.com/advisories/57710" source="SECUNIA">57710</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/09/1" source="MLIST">[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/07/7" source="MLIST">[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</ref>
+      <ref url="http://blog.prosody.im/prosody-0-9-4-released/" source="CONFIRM" adv="1">http://blog.prosody.im/prosody-0-9-4-released/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="lightwitch" name="metronome">
+        <vers prev="1" num="3.4"/>
+      </prod>
+      <prod vendor="prosody" name="prosody">
+        <vers num="0.1.0"/>
+        <vers num="0.2.0"/>
+        <vers num="0.3.0"/>
+        <vers num="0.4.0"/>
+        <vers num="0.4.1"/>
+        <vers num="0.4.2"/>
+        <vers num="0.5.0"/>
+        <vers num="0.5.1"/>
+        <vers num="0.5.2"/>
+        <vers num="0.6.0"/>
+        <vers num="0.6.1"/>
+        <vers num="0.6.2"/>
+        <vers num="0.7.0"/>
+        <vers num="0.8.0"/>
+        <vers num="0.8.1"/>
+        <vers num="0.8.2"/>
+        <vers num="0.9.0"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers prev="1" num="0.9.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2745" published="2014-04-10" name="CVE-2014-2745" modified="2014-04-19" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" source="MISC">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2895" source="DEBIAN">DSA-2895</ref>
+      <ref url="http://secunia.com/advisories/57710" source="SECUNIA">57710</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/09/1" source="MLIST">[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/07/7" source="MLIST">[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</ref>
+      <ref url="http://hg.prosody.im/0.9/rev/a97591d2e1ad" source="CONFIRM">http://hg.prosody.im/0.9/rev/a97591d2e1ad</ref>
+      <ref url="http://hg.prosody.im/0.9/rev/1107d66d2ab2" source="CONFIRM">http://hg.prosody.im/0.9/rev/1107d66d2ab2</ref>
+      <ref url="http://blog.prosody.im/prosody-0-9-4-released/" source="CONFIRM">http://blog.prosody.im/prosody-0-9-4-released/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="prosody" name="prosody">
+        <vers num="0.1.0"/>
+        <vers num="0.2.0"/>
+        <vers num="0.3.0"/>
+        <vers num="0.4.0"/>
+        <vers num="0.4.1"/>
+        <vers num="0.4.2"/>
+        <vers num="0.5.0"/>
+        <vers num="0.5.1"/>
+        <vers num="0.5.2"/>
+        <vers num="0.6.0"/>
+        <vers num="0.6.1"/>
+        <vers num="0.6.2"/>
+        <vers num="0.7.0"/>
+        <vers num="0.8.0"/>
+        <vers num="0.8.1"/>
+        <vers num="0.8.2"/>
+        <vers num="0.9.0"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.2"/>
+        <vers prev="1" num="0.9.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2746" published="2014-04-10" name="CVE-2014-2746" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://projects.tigase.org/projects/tigase-server/repository/revisions/7f5af2f8c5b97bbf9def66fbb9dd47746a7ac292" source="CONFIRM" patch="1">https://projects.tigase.org/projects/tigase-server/repository/revisions/7f5af2f8c5b97bbf9def66fbb9dd47746a7ac292</ref>
+      <ref url="https://projects.tigase.org/issues/1780" source="CONFIRM">https://projects.tigase.org/issues/1780</ref>
+      <ref url="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" source="MISC">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</ref>
+      <ref url="http://www.tigase.org/content/uncontrolled-resource-consumption-highly-compressed-xmpp-messages" source="CONFIRM">http://www.tigase.org/content/uncontrolled-resource-consumption-highly-compressed-xmpp-messages</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/09/1" source="MLIST">[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/07/7" source="MLIST">[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="tigase" name="tigase">
+        <vers prev="1" num="5.2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2748" published="2014-04-10" name="CVE-2014-2748" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors.  NOTE: some of these details are obtained from third party information.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1926485" source="MISC">https://service.sap.com/sap/support/notes/1926485</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92334" source="XF">sap-ehp-log-sec-bypass(92334)</ref>
+      <ref url="http://www.onapsis.com/research-advisories.php" source="MISC">http://www.onapsis.com/research-advisories.php</ref>
+      <ref url="http://www.onapsis.com/get.php?resid=adv_onapsis-2014-002" source="MISC">http://www.onapsis.com/get.php?resid=adv_onapsis-2014-002</ref>
+      <ref url="http://secunia.com/advisories/57741" source="SECUNIA" adv="1">57741</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="enhancement_package">
+        <vers num="6.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2749" published="2014-04-10" name="CVE-2014-2749" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1914778" source="MISC">https://service.sap.com/sap/support/notes/1914778</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92325" source="XF">sap-hana-icm-info-disc(92325)</ref>
+      <ref url="http://www.securityfocus.com/bid/66675" source="BID">66675</ref>
+      <ref url="http://www.onapsis.com/research-advisories.php" source="MISC">http://www.onapsis.com/research-advisories.php</ref>
+      <ref url="http://www.onapsis.com/get.php?resid=adv_onapsis-2014-001" source="MISC">http://www.onapsis.com/get.php?resid=adv_onapsis-2014-001</ref>
+      <ref url="http://secunia.com/advisories/57443" source="SECUNIA" adv="1">57443</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="hana">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-2750" reject="1" published="2014-04-10" name="CVE-2014-2750" modified="2014-04-19">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-2744, CVE-2014-2745.  Reason: This candidate is a duplicate of CVE-2014-2744 and/or CVE-2014-2745.  Notes: All CVE users should reference CVE-2014-2744 and/or CVE-2014-2745 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
+    </desc>
+    <refs/>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2751" published="2014-04-10" name="CVE-2014-2751" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.onapsis.com/research-advisories.php" source="MISC">http://www.onapsis.com/research-advisories.php</ref>
+      <ref url="http://www.onapsis.com/get.php?resid=adv_onapsis-2014-004" source="MISC">http://www.onapsis.com/get.php?resid=adv_onapsis-2014-004</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="print_and_output_management">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2752" published="2014-04-10" name="CVE-2014-2752" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.onapsis.com/research-advisories.php" source="MISC">http://www.onapsis.com/research-advisories.php</ref>
+      <ref url="http://www.onapsis.com/get.php?resid=adv_onapsis-2014-003" source="MISC">http://www.onapsis.com/get.php?resid=adv_onapsis-2014-003</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="business_object_processing_framework_for_abap">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2828" published="2014-04-15" name="CVE-2014-2828" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugs.launchpad.net/keystone/+bug/1300274" source="CONFIRM">https://bugs.launchpad.net/keystone/+bug/1300274</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/10/20" source="MLIST">[oss-security] 20140410 [OSSA 2014-013] Keystone DoS through V3 API authentication chaining  (CVE-2014-2828)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openstack" name="keystone">
+        <vers num="2013.1"/>
+        <vers num="2013.1.1"/>
+        <vers num="2013.1.2"/>
+        <vers num="2013.1.3"/>
+        <vers num="2013.2"/>
+        <vers num="2013.2.1"/>
+        <vers num="2013.2.2"/>
+        <vers num="2013.2.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2829" published="2014-04-10" name="CVE-2014-2829" modified="2014-04-11" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/esl/MongooseIM/commit/586d96cc12ef218243a3466354b4d208b5472a6c" source="CONFIRM" patch="1">https://github.com/esl/MongooseIM/commit/586d96cc12ef218243a3466354b4d208b5472a6c</ref>
+      <ref url="http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" source="MISC">http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="erlang-solutions" name="mongooseim">
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.3.0"/>
+        <vers prev="1" num="1.3.1" edition="-"/>
+        <vers prev="1" num="1.3.1" edition="rev2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2842" published="2014-04-15" name="CVE-2014-2842" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_score="7.8" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="10.0" CVSS_base_score="7.8">
+    <desc>
+      <descript source="cve">Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a denial of service (crash and restart or failover) via a malformed SSL/TLS packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10624" source="CONFIRM" adv="1">https://kb.juniper.net/InfoCenter/index?page=content&amp;id=JSA10624</ref>
+      <ref url="http://www.securityfocus.com/bid/66802" source="BID">66802</ref>
+      <ref url="http://secunia.com/advisories/57910" source="SECUNIA" adv="1">57910</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="juniper" name="screenos">
+        <vers num="5.4.0"/>
+        <vers num="6.0.0"/>
+        <vers num="6.1.0"/>
+        <vers num="6.2.0"/>
+        <vers prev="1" num="6.3.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2844" published="2014-04-18" name="CVE-2014-2844" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_score="3.5" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="6.8" CVSS_base_score="3.5">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.f-secure.com/en/web/labs_global/fsc-2014-2" source="CONFIRM" adv="1">http://www.f-secure.com/en/web/labs_global/fsc-2014-2</ref>
+      <ref url="http://secunia.com/advisories/58038" source="SECUNIA" adv="1">58038</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/223" source="FULLDISC">20140416 Reflected XSS Attacks vulnerabilities F-Secure Messaging Security Gateway V7.5.0.892 (CVE-2014-2844)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="f-secure" name="secure_messaging_secure_gateway">
+        <vers num="7.5.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2846" published="2014-04-28" name="CVE-2014-2846" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531910/100/0/threaded" source="BUGTRAQ">20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/257" source="FULLDISC">20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="wdc" name="arkeia_virtual_appliance">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="wdc" name="arkeia_virtual_appliance_firmware">
+        <vers prev="1" num="10.2.7"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2847" published="2014-04-11" name="CVE-2014-2847" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/66590" source="BID">66590</ref>
+      <ref url="http://www.osvdb.org/105364" source="OSVDB">105364</ref>
+      <ref url="http://www.exploit-db.com/exploits/32660" source="EXPLOIT-DB">32660</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="construtiva" name="cis_manager_cms">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2848" published="2014-04-11" name="CVE-2014-2848" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp directory with a Trojan horse program.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://www.nccgroup.com/en/learning-and-research-centre/technical-advisories/nessus-authenticated-scan-local-privilege-escalation/" source="MISC">https://www.nccgroup.com/en/learning-and-research-centre/technical-advisories/nessus-authenticated-scan-local-privilege-escalation/</ref>
+      <ref url="https://discussions.nessus.org/thread/7195" source="CONFIRM" adv="1">https://discussions.nessus.org/thread/7195</ref>
+      <ref url="http://www.securitytracker.com/id/1029946" source="SECTRACK">1029946</ref>
+      <ref url="http://secunia.com/advisories/57403" source="SECUNIA" adv="1">57403</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="tenable" name="nessus">
+        <vers num="5.2.1"/>
+      </prod>
+      <prod vendor="tenable" name="plugin-set">
+        <vers prev="1" num="201402092115"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2849" published="2014-04-11" name="CVE-2014-2849" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:C/A:C)" CVSS_score="8.5" CVSS_impact_subscore="9.2" CVSS_exploit_subscore="8.0" CVSS_base_score="8.5">
+    <desc>
+      <descript source="cve">The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.zerodayinitiative.com/advisories/ZDI-14-069/" source="MISC">http://www.zerodayinitiative.com/advisories/ZDI-14-069/</ref>
+      <ref url="http://www.sophos.com/en-us/support/knowledgebase/120230.aspx" source="CONFIRM" adv="1">http://www.sophos.com/en-us/support/knowledgebase/120230.aspx</ref>
+      <ref url="http://www.securityfocus.com/bid/66734" source="BID">66734</ref>
+      <ref url="http://www.exploit-db.com/exploits/32789" source="EXPLOIT-DB">32789</ref>
+      <ref url="http://secunia.com/advisories/57706" source="SECUNIA" adv="1">57706</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sophos" name="web_appliance_firmware">
+        <vers num="3.7.8"/>
+      </prod>
+      <prod vendor="sophos" name="web_appliance">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="sophos" name="web_appliance_firmware">
+        <vers num="3.0.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.1.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.5.1"/>
+        <vers num="3.1.0"/>
+        <vers num="3.1.0.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.2.1"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.3.0"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.3.1"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.5.1"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.6.1"/>
+        <vers num="3.4.0"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.3.1"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.8"/>
+        <vers num="3.5.0"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.1.1"/>
+        <vers num="3.5.1.2"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.1.1"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.2.1"/>
+        <vers num="3.6.2.3"/>
+        <vers num="3.6.2.4.0"/>
+        <vers num="3.6.2.4.1"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.4.1"/>
+        <vers num="3.6.4.2"/>
+        <vers num="3.7.0"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8.1"/>
+        <vers num="3.7.8.2"/>
+        <vers num="3.7.9"/>
+        <vers num="3.7.9.1"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers prev="1" num="3.8.1.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2850" published="2014-04-11" name="CVE-2014-2850" modified="2014-04-14" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:S/C:C/I:C/A:C)" CVSS_score="8.5" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="6.8" CVSS_base_score="8.5">
+    <desc>
+      <descript source="cve">The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.zerodayinitiative.com/advisories/ZDI-14-069/" source="MISC">http://www.zerodayinitiative.com/advisories/ZDI-14-069/</ref>
+      <ref url="http://www.sophos.com/en-us/support/knowledgebase/120230.aspx" source="CONFIRM" adv="1">http://www.sophos.com/en-us/support/knowledgebase/120230.aspx</ref>
+      <ref url="http://www.securityfocus.com/bid/66734" source="BID">66734</ref>
+      <ref url="http://www.exploit-db.com/exploits/32789" source="EXPLOIT-DB">32789</ref>
+      <ref url="http://secunia.com/advisories/57706" source="SECUNIA" adv="1">57706</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sophos" name="web_appliance_firmware">
+        <vers num="3.7.8"/>
+      </prod>
+      <prod vendor="sophos" name="web_appliance">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="sophos" name="web_appliance_firmware">
+        <vers num="3.0.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.1.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.5.1"/>
+        <vers num="3.1.0"/>
+        <vers num="3.1.0.1"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.2.1"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.3.0"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.3.1"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.5.1"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.6.1"/>
+        <vers num="3.4.0"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.3.1"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.8"/>
+        <vers num="3.5.0"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.1.1"/>
+        <vers num="3.5.1.2"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.1.1"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.2.1"/>
+        <vers num="3.6.2.3"/>
+        <vers num="3.6.2.4.0"/>
+        <vers num="3.6.2.4.1"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.4.1"/>
+        <vers num="3.6.4.2"/>
+        <vers num="3.7.0"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8.1"/>
+        <vers num="3.7.8.2"/>
+        <vers num="3.7.9"/>
+        <vers num="3.7.9.1"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers prev="1" num="3.8.1.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2851" published="2014-04-14" name="CVE-2014-2851" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_score="6.9" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.4" CVSS_base_score="6.9">
+    <desc>
+      <descript source="cve">Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac" source="CONFIRM" patch="1">https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/11/4" source="MLIST" patch="1">[oss-security] 20140411 Re: CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() function</ref>
+      <ref url="https://lkml.org/lkml/2014/4/10/736" source="MLIST">[linux-kernel] 20140411 net: ipv4: current group_info should be put after using.</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1086730" source="CONFIRM">https://bugzilla.redhat.com/show_bug.cgi?id=1086730</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.10"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers num="3.1.7"/>
+        <vers num="3.1.8"/>
+        <vers num="3.1.9"/>
+        <vers num="3.10"/>
+        <vers num="3.10.1"/>
+        <vers num="3.10.10"/>
+        <vers num="3.10.11"/>
+        <vers num="3.10.12"/>
+        <vers num="3.10.13"/>
+        <vers num="3.10.14"/>
+        <vers num="3.10.15"/>
+        <vers num="3.10.16"/>
+        <vers num="3.10.17"/>
+        <vers num="3.10.18"/>
+        <vers num="3.10.19"/>
+        <vers num="3.10.2"/>
+        <vers num="3.10.20"/>
+        <vers num="3.10.21"/>
+        <vers num="3.10.22"/>
+        <vers num="3.10.23"/>
+        <vers num="3.10.24"/>
+        <vers num="3.10.25"/>
+        <vers num="3.10.26"/>
+        <vers num="3.10.27"/>
+        <vers num="3.10.28"/>
+        <vers num="3.10.29"/>
+        <vers num="3.10.3"/>
+        <vers num="3.10.4"/>
+        <vers num="3.10.5"/>
+        <vers num="3.10.6"/>
+        <vers num="3.10.7"/>
+        <vers num="3.10.8"/>
+        <vers num="3.10.9"/>
+        <vers num="3.11"/>
+        <vers num="3.11.1"/>
+        <vers num="3.11.10"/>
+        <vers num="3.11.2"/>
+        <vers num="3.11.3"/>
+        <vers num="3.11.4"/>
+        <vers num="3.11.5"/>
+        <vers num="3.11.6"/>
+        <vers num="3.11.7"/>
+        <vers num="3.11.8"/>
+        <vers num="3.11.9"/>
+        <vers num="3.12"/>
+        <vers num="3.12.1"/>
+        <vers num="3.12.10"/>
+        <vers num="3.12.11"/>
+        <vers num="3.12.12"/>
+        <vers num="3.12.13"/>
+        <vers num="3.12.14"/>
+        <vers num="3.12.15"/>
+        <vers num="3.12.16"/>
+        <vers num="3.12.17"/>
+        <vers num="3.12.2"/>
+        <vers num="3.12.3"/>
+        <vers num="3.12.4"/>
+        <vers num="3.12.5"/>
+        <vers num="3.12.6"/>
+        <vers num="3.12.7"/>
+        <vers num="3.12.8"/>
+        <vers num="3.12.9"/>
+        <vers num="3.13"/>
+        <vers num="3.13.1"/>
+        <vers num="3.13.2"/>
+        <vers num="3.13.3"/>
+        <vers num="3.13.4"/>
+        <vers num="3.13.5"/>
+        <vers num="3.13.6"/>
+        <vers num="3.13.7"/>
+        <vers num="3.13.8"/>
+        <vers num="3.13.9"/>
+        <vers prev="1" num="3.14.1"/>
+        <vers num="3.2" edition="rc2"/>
+        <vers num="3.2" edition="rc3"/>
+        <vers num="3.2" edition="rc4"/>
+        <vers num="3.2" edition="rc5"/>
+        <vers num="3.2" edition="rc6"/>
+        <vers num="3.2" edition="rc7"/>
+        <vers num="3.2.1"/>
+        <vers num="3.2.10"/>
+        <vers num="3.2.11"/>
+        <vers num="3.2.12"/>
+        <vers num="3.2.13"/>
+        <vers num="3.2.14"/>
+        <vers num="3.2.15"/>
+        <vers num="3.2.16"/>
+        <vers num="3.2.17"/>
+        <vers num="3.2.18"/>
+        <vers num="3.2.19"/>
+        <vers num="3.2.2"/>
+        <vers num="3.2.20"/>
+        <vers num="3.2.21"/>
+        <vers num="3.2.22"/>
+        <vers num="3.2.23"/>
+        <vers num="3.2.24"/>
+        <vers num="3.2.25"/>
+        <vers num="3.2.26"/>
+        <vers num="3.2.27"/>
+        <vers num="3.2.28"/>
+        <vers num="3.2.29"/>
+        <vers num="3.2.3"/>
+        <vers num="3.2.30"/>
+        <vers num="3.2.4"/>
+        <vers num="3.2.5"/>
+        <vers num="3.2.6"/>
+        <vers num="3.2.7"/>
+        <vers num="3.2.8"/>
+        <vers num="3.2.9"/>
+        <vers num="3.3" edition="rc1"/>
+        <vers num="3.3" edition="rc2"/>
+        <vers num="3.3" edition="rc3"/>
+        <vers num="3.3" edition="rc4"/>
+        <vers num="3.3" edition="rc5"/>
+        <vers num="3.3" edition="rc6"/>
+        <vers num="3.3" edition="rc7"/>
+        <vers num="3.3.1"/>
+        <vers num="3.3.2"/>
+        <vers num="3.3.3"/>
+        <vers num="3.3.4"/>
+        <vers num="3.3.5"/>
+        <vers num="3.3.6"/>
+        <vers num="3.3.7"/>
+        <vers num="3.3.8"/>
+        <vers num="3.4" edition="rc1"/>
+        <vers num="3.4" edition="rc2"/>
+        <vers num="3.4" edition="rc3"/>
+        <vers num="3.4" edition="rc4"/>
+        <vers num="3.4" edition="rc5"/>
+        <vers num="3.4" edition="rc6"/>
+        <vers num="3.4" edition="rc7"/>
+        <vers num="3.4.1"/>
+        <vers num="3.4.10"/>
+        <vers num="3.4.11"/>
+        <vers num="3.4.12"/>
+        <vers num="3.4.13"/>
+        <vers num="3.4.14"/>
+        <vers num="3.4.15"/>
+        <vers num="3.4.16"/>
+        <vers num="3.4.17"/>
+        <vers num="3.4.18"/>
+        <vers num="3.4.19"/>
+        <vers num="3.4.2"/>
+        <vers num="3.4.20"/>
+        <vers num="3.4.21"/>
+        <vers num="3.4.22"/>
+        <vers num="3.4.23"/>
+        <vers num="3.4.24"/>
+        <vers num="3.4.25"/>
+        <vers num="3.4.26"/>
+        <vers num="3.4.27"/>
+        <vers num="3.4.28"/>
+        <vers num="3.4.29"/>
+        <vers num="3.4.3"/>
+        <vers num="3.4.30"/>
+        <vers num="3.4.31"/>
+        <vers num="3.4.32"/>
+        <vers num="3.4.33"/>
+        <vers num="3.4.34"/>
+        <vers num="3.4.35"/>
+        <vers num="3.4.36"/>
+        <vers num="3.4.37"/>
+        <vers num="3.4.38"/>
+        <vers num="3.4.39"/>
+        <vers num="3.4.4"/>
+        <vers num="3.4.40"/>
+        <vers num="3.4.41"/>
+        <vers num="3.4.42"/>
+        <vers num="3.4.43"/>
+        <vers num="3.4.44"/>
+        <vers num="3.4.45"/>
+        <vers num="3.4.46"/>
+        <vers num="3.4.47"/>
+        <vers num="3.4.48"/>
+        <vers num="3.4.49"/>
+        <vers num="3.4.5"/>
+        <vers num="3.4.50"/>
+        <vers num="3.4.51"/>
+        <vers num="3.4.52"/>
+        <vers num="3.4.53"/>
+        <vers num="3.4.54"/>
+        <vers num="3.4.55"/>
+        <vers num="3.4.56"/>
+        <vers num="3.4.57"/>
+        <vers num="3.4.58"/>
+        <vers num="3.4.59"/>
+        <vers num="3.4.6"/>
+        <vers num="3.4.60"/>
+        <vers num="3.4.61"/>
+        <vers num="3.4.62"/>
+        <vers num="3.4.63"/>
+        <vers num="3.4.64"/>
+        <vers num="3.4.65"/>
+        <vers num="3.4.66"/>
+        <vers num="3.4.67"/>
+        <vers num="3.4.68"/>
+        <vers num="3.4.69"/>
+        <vers num="3.4.7"/>
+        <vers num="3.4.70"/>
+        <vers num="3.4.71"/>
+        <vers num="3.4.72"/>
+        <vers num="3.4.73"/>
+        <vers num="3.4.74"/>
+        <vers num="3.4.75"/>
+        <vers num="3.4.76"/>
+        <vers num="3.4.77"/>
+        <vers num="3.4.78"/>
+        <vers num="3.4.79"/>
+        <vers num="3.4.8"/>
+        <vers num="3.4.9"/>
+        <vers num="3.5.1"/>
+        <vers num="3.5.2"/>
+        <vers num="3.5.3"/>
+        <vers num="3.5.4"/>
+        <vers num="3.5.5"/>
+        <vers num="3.5.6"/>
+        <vers num="3.5.7"/>
+        <vers num="3.6"/>
+        <vers num="3.6.1"/>
+        <vers num="3.6.10"/>
+        <vers num="3.6.11"/>
+        <vers num="3.6.2"/>
+        <vers num="3.6.3"/>
+        <vers num="3.6.4"/>
+        <vers num="3.6.5"/>
+        <vers num="3.6.6"/>
+        <vers num="3.6.7"/>
+        <vers num="3.6.8"/>
+        <vers num="3.6.9"/>
+        <vers num="3.7"/>
+        <vers num="3.7.1"/>
+        <vers num="3.7.10"/>
+        <vers num="3.7.2"/>
+        <vers num="3.7.3"/>
+        <vers num="3.7.4"/>
+        <vers num="3.7.5"/>
+        <vers num="3.7.6"/>
+        <vers num="3.7.7"/>
+        <vers num="3.7.8"/>
+        <vers num="3.7.9"/>
+        <vers num="3.8.0"/>
+        <vers num="3.8.1"/>
+        <vers num="3.8.10"/>
+        <vers num="3.8.11"/>
+        <vers num="3.8.12"/>
+        <vers num="3.8.13"/>
+        <vers num="3.8.2"/>
+        <vers num="3.8.3"/>
+        <vers num="3.8.4"/>
+        <vers num="3.8.5"/>
+        <vers num="3.8.6"/>
+        <vers num="3.8.7"/>
+        <vers num="3.8.8"/>
+        <vers num="3.8.9"/>
+        <vers num="3.9" edition="rc1"/>
+        <vers num="3.9" edition="rc2"/>
+        <vers num="3.9" edition="rc3"/>
+        <vers num="3.9" edition="rc4"/>
+        <vers num="3.9" edition="rc5"/>
+        <vers num="3.9" edition="rc6"/>
+        <vers num="3.9" edition="rc7"/>
+        <vers num="3.9.0"/>
+        <vers num="3.9.1"/>
+        <vers num="3.9.10"/>
+        <vers num="3.9.11"/>
+        <vers num="3.9.2"/>
+        <vers num="3.9.3"/>
+        <vers num="3.9.4"/>
+        <vers num="3.9.5"/>
+        <vers num="3.9.6"/>
+        <vers num="3.9.7"/>
+        <vers num="3.9.8"/>
+        <vers num="3.9.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2852" published="2014-04-14" name="CVE-2014-2852" modified="2014-04-15" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckResponse fails, which allows remote attackers to cause a denial of service (performance degradation) via an invalid packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog" source="CONFIRM">http://www.openafs.org/frameset/dl/openafs/1.6.7/ChangeLog</ref>
+      <ref url="http://www.debian.org/security/2014/dsa-2899" source="DEBIAN">DSA-2899</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="openafs" name="openafs">
+        <vers num="1.6.0"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.2"/>
+        <vers num="1.6.2.1"/>
+        <vers num="1.6.3"/>
+        <vers num="1.6.4"/>
+        <vers num="1.6.5"/>
+        <vers num="1.6.5.1"/>
+        <vers num="1.6.5.2"/>
+        <vers prev="1" num="1.6.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2853" published="2014-04-29" name="CVE-2014-2853" modified="2014-04-30" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5" source="CONFIRM" adv="1">https://www.mediawiki.org/wiki/Release_notes/1.22#Changes_since_1.22.5</ref>
+      <ref url="https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8" source="CONFIRM" adv="1">https://www.mediawiki.org/wiki/Release_notes/1.21#Changes_since_1.21.8</ref>
+      <ref url="https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6" source="MISC">https://github.com/wikimedia/mediawiki-core/commit/0b695ae09aada343ab59be4a3c9963995a1143b6</ref>
+      <ref url="https://bugzilla.wikimedia.org/show_bug.cgi?id=63251" source="CONFIRM">https://bugzilla.wikimedia.org/show_bug.cgi?id=63251</ref>
+      <ref url="https://bugzilla.redhat.com/show_bug.cgi?id=1091967" source="MISC">https://bugzilla.redhat.com/show_bug.cgi?id=1091967</ref>
+      <ref url="http://www.securityfocus.com/bid/67068" source="BID">67068</ref>
+      <ref url="http://secunia.com/advisories/58262" source="SECUNIA" adv="1">58262</ref>
+      <ref url="http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-April/000149.html" source="MLIST">[MediaWiki-announce] 20140424 MediaWiki Security and Maintenance Releases: 1.22.6 and 1.21.9</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="mediawiki" name="mediawiki">
+        <vers num="1.1.0"/>
+        <vers num="1.10.0" edition="rc1"/>
+        <vers num="1.10.0" edition="rc2"/>
+        <vers num="1.10.1"/>
+        <vers num="1.10.2"/>
+        <vers num="1.10.3"/>
+        <vers num="1.10.4"/>
+        <vers num="1.11"/>
+        <vers num="1.11.0" edition="rc1"/>
+        <vers num="1.11.1"/>
+        <vers num="1.11.2"/>
+        <vers num="1.12.0" edition="rc1"/>
+        <vers num="1.12.1"/>
+        <vers num="1.12.2"/>
+        <vers num="1.12.3"/>
+        <vers num="1.12.4"/>
+        <vers num="1.13.0" edition="rc1"/>
+        <vers num="1.13.0" edition="rc2"/>
+        <vers num="1.13.1"/>
+        <vers num="1.13.2"/>
+        <vers num="1.13.3"/>
+        <vers num="1.13.4"/>
+        <vers num="1.14.0" edition="rc1"/>
+        <vers num="1.14.1"/>
+        <vers num="1.15.0" edition="rc1"/>
+        <vers num="1.15.1"/>
+        <vers num="1.15.2"/>
+        <vers num="1.15.3"/>
+        <vers num="1.15.4"/>
+        <vers num="1.15.5"/>
+        <vers num="1.16.0" edition="beta1"/>
+        <vers num="1.16.0" edition="beta2"/>
+        <vers num="1.16.0" edition="beta3"/>
+        <vers num="1.16.1"/>
+        <vers num="1.16.2"/>
+        <vers num="1.17" edition="beta_1"/>
+        <vers num="1.17.0" edition="rc1"/>
+        <vers num="1.17.1"/>
+        <vers num="1.17.2"/>
+        <vers num="1.17.3"/>
+        <vers num="1.17.4"/>
+        <vers num="1.18" edition="beta_1"/>
+        <vers num="1.18.0" edition="rc1"/>
+        <vers num="1.18.1"/>
+        <vers num="1.18.2"/>
+        <vers num="1.18.3"/>
+        <vers num="1.19" edition="beta_1"/>
+        <vers num="1.19" edition="beta_2"/>
+        <vers num="1.19.0"/>
+        <vers num="1.19.1"/>
+        <vers num="1.19.10"/>
+        <vers num="1.19.11"/>
+        <vers num="1.19.12"/>
+        <vers num="1.19.13"/>
+        <vers num="1.19.14"/>
+        <vers num="1.19.2"/>
+        <vers num="1.19.3"/>
+        <vers num="1.19.4"/>
+        <vers num="1.19.5"/>
+        <vers num="1.19.6"/>
+        <vers num="1.19.7"/>
+        <vers num="1.19.8"/>
+        <vers num="1.19.9"/>
+        <vers num="1.2.0"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5"/>
+        <vers num="1.2.6"/>
+        <vers num="1.20"/>
+        <vers num="1.20.1"/>
+        <vers num="1.20.2"/>
+        <vers num="1.20.3"/>
+        <vers num="1.20.4"/>
+        <vers num="1.20.5"/>
+        <vers num="1.20.6"/>
+        <vers num="1.20.7"/>
+        <vers num="1.20.8"/>
+        <vers num="1.21"/>
+        <vers num="1.21.1"/>
+        <vers num="1.21.2"/>
+        <vers num="1.21.3"/>
+        <vers num="1.21.4"/>
+        <vers num="1.21.5"/>
+        <vers num="1.21.6"/>
+        <vers num="1.21.7"/>
+        <vers prev="1" num="1.21.8"/>
+        <vers num="1.22.0"/>
+        <vers num="1.22.1"/>
+        <vers num="1.22.2"/>
+        <vers num="1.22.3"/>
+        <vers num="1.22.4"/>
+        <vers num="1.22.5"/>
+        <vers num="1.3"/>
+        <vers num="1.3.0"/>
+        <vers num="1.3.1"/>
+        <vers num="1.3.10"/>
+        <vers num="1.3.11"/>
+        <vers num="1.3.12"/>
+        <vers num="1.3.13"/>
+        <vers num="1.3.14"/>
+        <vers num="1.3.15"/>
+        <vers num="1.3.2"/>
+        <vers num="1.3.3"/>
+        <vers num="1.3.4"/>
+        <vers num="1.3.5"/>
+        <vers num="1.3.6"/>
+        <vers num="1.3.7"/>
+        <vers num="1.3.8"/>
+        <vers num="1.3.9"/>
+        <vers num="1.4" edition="beta1"/>
+        <vers num="1.4" edition="beta2"/>
+        <vers num="1.4" edition="beta3"/>
+        <vers num="1.4" edition="beta4"/>
+        <vers num="1.4" edition="beta5"/>
+        <vers num="1.4" edition="beta6"/>
+        <vers num="1.4.0"/>
+        <vers num="1.4.1"/>
+        <vers num="1.4.10"/>
+        <vers num="1.4.11"/>
+        <vers num="1.4.12"/>
+        <vers num="1.4.13"/>
+        <vers num="1.4.14"/>
+        <vers num="1.4.2"/>
+        <vers num="1.4.3"/>
+        <vers num="1.4.4"/>
+        <vers num="1.4.5"/>
+        <vers num="1.4.6"/>
+        <vers num="1.4.7"/>
+        <vers num="1.4.8"/>
+        <vers num="1.4.9"/>
+        <vers num="1.5" edition="alpha1"/>
+        <vers num="1.5" edition="alpha2"/>
+        <vers num="1.5" edition="beta1"/>
+        <vers num="1.5" edition="beta2"/>
+        <vers num="1.5" edition="beta3"/>
+        <vers num="1.5" edition="beta4"/>
+        <vers num="1.5" edition="rc2"/>
+        <vers num="1.5" edition="rc3"/>
+        <vers num="1.5" edition="rc4"/>
+        <vers num="1.5.0"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.5"/>
+        <vers num="1.5.6"/>
+        <vers num="1.5.7"/>
+        <vers num="1.5.8"/>
+        <vers num="1.6.0"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.10"/>
+        <vers num="1.6.11"/>
+        <vers num="1.6.12"/>
+        <vers num="1.6.2"/>
+        <vers num="1.6.3"/>
+        <vers num="1.6.4"/>
+        <vers num="1.6.5"/>
+        <vers num="1.6.6"/>
+        <vers num="1.6.7"/>
+        <vers num="1.6.8"/>
+        <vers num="1.6.9"/>
+        <vers num="1.7.0"/>
+        <vers num="1.7.1"/>
+        <vers num="1.7.2"/>
+        <vers num="1.7.3"/>
+        <vers num="1.8.0"/>
+        <vers num="1.8.1"/>
+        <vers num="1.8.2"/>
+        <vers num="1.8.3"/>
+        <vers num="1.8.4"/>
+        <vers num="1.8.5"/>
+        <vers num="1.9.0" edition="rc2"/>
+        <vers num="1.9.1"/>
+        <vers num="1.9.2"/>
+        <vers num="1.9.3"/>
+        <vers num="1.9.4"/>
+        <vers num="1.9.5"/>
+        <vers num="1.9.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2855" published="2014-04-23" name="CVE-2014-2855" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a" source="CONFIRM">https://git.samba.org/?p=rsync.git;a=commit;h=0dedfbce2c1b851684ba658861fe9d620636c56a</ref>
+      <ref url="https://bugzilla.samba.org/show_bug.cgi?id=10551" source="CONFIRM" adv="1">https://bugzilla.samba.org/show_bug.cgi?id=10551</ref>
+      <ref url="https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230" source="CONFIRM">https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/15/1" source="MLIST">[oss-security] 20140415 Re: CVE Request: rsync denial of service</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/14/5" source="MLIST">[oss-security] 20140414 CVE Request: rsync denial of service</ref>
+      <ref url="http://secunia.com/advisories/57948" source="SECUNIA" adv="1">57948</ref>
+      <ref url="http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131910.html" source="FEDORA">FEDORA-2014-5315</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="samba" name="rsync">
+        <vers num="2.6.9"/>
+        <vers num="2.7.0"/>
+        <vers num="2.7.1"/>
+        <vers num="2.7.2"/>
+        <vers num="2.7.3"/>
+        <vers num="2.7.4"/>
+        <vers num="2.7.5"/>
+        <vers num="2.7.6"/>
+        <vers num="2.7.7"/>
+        <vers num="2.7.8"/>
+        <vers num="2.7.9"/>
+        <vers num="2.8.0"/>
+        <vers num="2.8.1"/>
+        <vers num="2.8.2"/>
+        <vers num="2.8.3"/>
+        <vers num="2.8.4"/>
+        <vers num="2.8.5"/>
+        <vers num="2.8.6"/>
+        <vers num="2.8.7"/>
+        <vers num="2.8.8"/>
+        <vers num="2.8.9"/>
+        <vers num="2.9.0"/>
+        <vers num="2.9.1"/>
+        <vers num="2.9.2"/>
+        <vers num="2.9.3"/>
+        <vers num="2.9.4"/>
+        <vers num="2.9.5"/>
+        <vers num="2.9.6"/>
+        <vers num="2.9.7"/>
+        <vers num="2.9.8"/>
+        <vers num="2.9.9"/>
+        <vers num="3.0.0"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers prev="1" num="3.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2856" published="2014-04-18" name="CVE-2014-2856" modified="2014-04-21" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/15/3" source="MLIST">[oss-security] 20140415 Re: CVE request: cross-site scripting issue fixed in CUPS 1.7.2</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/14/2" source="MLIST">[oss-security] 20140414 CVE request: cross-site scripting issue fixed in CUPS 1.7.2</ref>
+      <ref url="http://www.cups.org/str.php?L4356" source="CONFIRM">http://www.cups.org/str.php?L4356</ref>
+      <ref url="http://www.cups.org/documentation.php/relnotes.html" source="CONFIRM">http://www.cups.org/documentation.php/relnotes.html</ref>
+      <ref url="http://secunia.com/advisories/57880" source="SECUNIA" adv="1">57880</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="apple" name="cups">
+        <vers num="1.1"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.10"/>
+        <vers num="1.1.10-1"/>
+        <vers num="1.1.11"/>
+        <vers num="1.1.12"/>
+        <vers num="1.1.13"/>
+        <vers num="1.1.14"/>
+        <vers num="1.1.15"/>
+        <vers num="1.1.16"/>
+        <vers num="1.1.17"/>
+        <vers num="1.1.18"/>
+        <vers num="1.1.19" edition="rc1"/>
+        <vers num="1.1.19" edition="rc2"/>
+        <vers num="1.1.19" edition="rc3"/>
+        <vers num="1.1.19" edition="rc4"/>
+        <vers num="1.1.19" edition="rc5"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.20" edition="rc1"/>
+        <vers num="1.1.20" edition="rc2"/>
+        <vers num="1.1.20" edition="rc3"/>
+        <vers num="1.1.20" edition="rc4"/>
+        <vers num="1.1.20" edition="rc5"/>
+        <vers num="1.1.20" edition="rc6"/>
+        <vers num="1.1.21" edition="rc1"/>
+        <vers num="1.1.21" edition="rc2"/>
+        <vers num="1.1.22" edition="rc1"/>
+        <vers num="1.1.22" edition="rc2"/>
+        <vers num="1.1.23" edition="rc1"/>
+        <vers num="1.1.3"/>
+        <vers num="1.1.4"/>
+        <vers num="1.1.5"/>
+        <vers num="1.1.5-1"/>
+        <vers num="1.1.5-2"/>
+        <vers num="1.1.6"/>
+        <vers num="1.1.6-1"/>
+        <vers num="1.1.6-2"/>
+        <vers num="1.1.6-3"/>
+        <vers num="1.1.7"/>
+        <vers num="1.1.8"/>
+        <vers num="1.1.9"/>
+        <vers num="1.1.9-1"/>
+        <vers num="1.2" edition="b1"/>
+        <vers num="1.2" edition="b2"/>
+        <vers num="1.2" edition="rc1"/>
+        <vers num="1.2" edition="rc2"/>
+        <vers num="1.2" edition="rc3"/>
+        <vers num="1.2.0"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.10"/>
+        <vers num="1.2.11"/>
+        <vers num="1.2.12"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5"/>
+        <vers num="1.2.6"/>
+        <vers num="1.2.7"/>
+        <vers num="1.2.8"/>
+        <vers num="1.2.9"/>
+        <vers num="1.3" edition="b1"/>
+        <vers num="1.3" edition="rc1"/>
+        <vers num="1.3" edition="rc2"/>
+        <vers num="1.3.0"/>
+        <vers num="1.3.1"/>
+        <vers num="1.3.10"/>
+        <vers num="1.3.11"/>
+        <vers num="1.3.2"/>
+        <vers num="1.3.3"/>
+        <vers num="1.3.4"/>
+        <vers num="1.3.5"/>
+        <vers num="1.3.6"/>
+        <vers num="1.3.7"/>
+        <vers num="1.3.8"/>
+        <vers num="1.3.9"/>
+        <vers num="1.4" edition="b1"/>
+        <vers num="1.4" edition="b2"/>
+        <vers num="1.4" edition="b3"/>
+        <vers num="1.4" edition="rc1"/>
+        <vers num="1.4.0"/>
+        <vers num="1.4.1"/>
+        <vers num="1.4.2"/>
+        <vers num="1.4.3"/>
+        <vers num="1.4.4"/>
+        <vers num="1.4.5"/>
+        <vers num="1.4.6"/>
+        <vers num="1.4.7"/>
+        <vers num="1.4.8"/>
+        <vers num="1.5" edition="b1"/>
+        <vers num="1.5" edition="b2"/>
+        <vers num="1.5" edition="rc1"/>
+        <vers num="1.5.0"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.5.4"/>
+        <vers num="1.6" edition="b1"/>
+        <vers num="1.6" edition="rc1"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.2"/>
+        <vers num="1.6.3"/>
+        <vers num="1.6.4"/>
+        <vers num="1.7" edition="rc1"/>
+        <vers num="1.7.0"/>
+        <vers prev="1" num="1.7.1" edition="b1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2857" published="2014-04-15" name="CVE-2014-2857" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request.  NOTE: this issue was SPLIT from CVE-2014-0053 due to different researchers per ADT5.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531281/100/0/threaded" source="BUGTRAQ">20140227 Update: CVE-2014-0053 Information Disclosure when using Grails</ref>
+      <ref url="http://www.gopivotal.com/security/cve-2014-0053" source="CONFIRM" adv="1">http://www.gopivotal.com/security/cve-2014-0053</ref>
+      <ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html" source="FULLDISC">20140227 Update: CVE-2014-0053 Information Disclosure when using Grails</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="gopivotal" name="grails">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.2.0"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.3.0"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+      </prod>
+      <prod vendor="gopivotal" name="grails-resources">
+        <vers num="1.0.0"/>
+        <vers num="1.0.2"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.4"/>
+        <vers num="1.1.5"/>
+        <vers num="1.1.6"/>
+        <vers num="1.2.0"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2858" published="2014-04-15" name="CVE-2014-2858" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors related to a "configured block." NOTE: this issue was SPLIT from CVE-2014-0053 per ADT2 due to different vulnerability types.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531281/100/0/threaded" source="BUGTRAQ">20140227 Update: CVE-2014-0053 Information Disclosure when using Grails</ref>
+      <ref url="http://www.gopivotal.com/security/cve-2014-0053" source="CONFIRM" adv="1">http://www.gopivotal.com/security/cve-2014-0053</ref>
+      <ref url="http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0267.html" source="FULLDISC">20140227 Update: CVE-2014-0053 Information Disclosure when using Grails</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="gopivotal" name="grails">
+        <vers num="2.0.0"/>
+        <vers num="2.0.1"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.3"/>
+        <vers num="2.0.4"/>
+        <vers num="2.1.0"/>
+        <vers num="2.1.1"/>
+        <vers num="2.1.2"/>
+        <vers num="2.1.3"/>
+        <vers num="2.1.4"/>
+        <vers num="2.1.5"/>
+        <vers num="2.2.0"/>
+        <vers num="2.2.1"/>
+        <vers num="2.2.2"/>
+        <vers num="2.2.3"/>
+        <vers num="2.2.4"/>
+        <vers num="2.2.5"/>
+        <vers num="2.3.0"/>
+        <vers num="2.3.1"/>
+        <vers num="2.3.2"/>
+        <vers num="2.3.3"/>
+        <vers num="2.3.4"/>
+        <vers num="2.3.5"/>
+        <vers num="2.3.6"/>
+      </prod>
+      <prod vendor="gopivotal" name="grails-resources">
+        <vers num="1.0.0"/>
+        <vers num="1.0.2"/>
+        <vers num="1.1.0"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.1.4"/>
+        <vers num="1.1.5"/>
+        <vers num="1.1.6"/>
+        <vers num="1.2.0"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.2.3"/>
+        <vers num="1.2.4"/>
+        <vers num="1.2.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2859" published="2014-04-15" name="CVE-2014-2859" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2860" published="2014-04-15" name="CVE-2014-2860" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request to a (1) ColdFusion or (2) JavaScript component.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2861" published="2014-04-15" name="CVE-2014-2861" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert" string.</descript>
+      <descript source="nvd">Per: https://cwe.mitre.org/data/definitions/184.html "CWE-184: Incomplete Blacklist"</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2862" published="2014-04-15" name="CVE-2014-2862" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check authorization in unspecified situations, which allows remote authenticated users to perform actions via unknown vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2863" published="2014-04-15" name="CVE-2014-2863" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2864" published="2014-04-15" name="CVE-2014-2864" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2865" published="2014-04-15" name="CVE-2014-2865" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a '\0' character, as demonstrated by using this character within a pathname on the drive containing the web root directory of a ColdFusion installation.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2866" published="2014-04-15" name="CVE-2014-2866" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2867" published="2014-04-15" name="CVE-2014-2867" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors.</descript>
+      <descript source="nvd">Per: http://cwe.mitre.org/data/definitions/434.html "CWE-434: Unrestricted Upload of File with Dangerous Type"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2868" published="2014-04-15" name="CVE-2014-2868" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.</descript>
+      <descript source="nvd">Per http://cwe.mitre.org/data/definitions/472.html "CWE-472: External Control of Assumed-Immutable Web Parameter"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2869" published="2014-04-15" name="CVE-2014-2869" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2870" published="2014-04-15" name="CVE-2014-2870" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2871" published="2014-04-15" name="CVE-2014-2871" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2872" published="2014-04-15" name="CVE-2014-2872" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2873" published="2014-04-15" name="CVE-2014-2873" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2874" published="2014-04-15" name="CVE-2014-2874" modified="2014-04-16" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.kb.cert.org/vuls/id/437385" source="CERT-VN">VU#437385</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="paperthin" name="commonspot_content_server">
+        <vers prev="1" num="7.0.1"/>
+        <vers num="8.0.0"/>
+        <vers num="8.0.1"/>
+        <vers num="8.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2879" published="2014-04-17" name="CVE-2014-2879" modified="2014-04-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.vulnerability-lab.com/get_content.php?id=1191" source="MISC">http://www.vulnerability-lab.com/get_content.php?id=1191</ref>
+      <ref url="http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf" source="CONFIRM" adv="1">http://www.sonicwall.com/us/shared/download/Support-Bulletin_Email-Security_Scripting_Vulnerability__Resolved_in__ES746.pdf</ref>
+      <ref url="http://www.securitytracker.com/id/1029965" source="SECTRACK">1029965</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Mar/409" source="FULLDISC">20140328 Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities (Bulletin)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="dell" name="sonicwall_email_security">
+        <vers prev="1" num="7.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2880" published="2014-04-17" name="CVE-2014-2880" modified="2014-04-18" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">Open redirect vulnerability in Oracle Identity Manager 11g R2 SP1 (11.1.2.1.0) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/66615" source="BID">66615</ref>
+      <ref url="http://www.osvdb.org/105384" source="OSVDB">105384</ref>
+      <ref url="http://www.exploit-db.com/exploits/32670" source="EXPLOIT-DB">32670</ref>
+      <ref url="http://packetstormsecurity.com/files/125992/Oracle-Identity-Manager-11g-R2-SP1-Unvalidated-Redirect.html" source="MISC">http://packetstormsecurity.com/files/125992/Oracle-Identity-Manager-11g-R2-SP1-Unvalidated-Redirect.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="oracle" name="identity_manager">
+        <vers num="11.1.2.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2881" published="2014-05-01" name="CVE-2014-2881" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1030180" source="SECTRACK">1030180</ref>
+      <ref url="http://support.citrix.com/article/CTX140651" source="CONFIRM" adv="1">http://support.citrix.com/article/CTX140651</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="citrix" name="netscaler_access_gateway_firmware">
+        <vers prev="1" num="10.1.e"/>
+        <vers num="9.3"/>
+      </prod>
+      <prod vendor="citrix" name="netscaler_application_delivery_controller_firmware">
+        <vers num="10.1"/>
+        <vers prev="1" num="9.3.e"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2882" published="2014-05-01" name="CVE-2014-2882" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1030180" source="SECTRACK">1030180</ref>
+      <ref url="http://support.citrix.com/article/CTX140651" source="CONFIRM" adv="1">http://support.citrix.com/article/CTX140651</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="citrix" name="netscaler_access_gateway_firmware">
+        <vers prev="1" num="10.1.e"/>
+        <vers num="9.3"/>
+      </prod>
+      <prod vendor="citrix" name="netscaler_application_delivery_controller_firmware">
+        <vers num="10.1"/>
+        <vers prev="1" num="9.3.e"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2888" published="2014-04-23" name="CVE-2014-2888" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.</descript>
+      <descript source="nvd">Per: https://cwe.mitre.org/data/definitions/77.html
+
+"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html" source="MISC">http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/18/4" source="MLIST">[oss-security] 20140418 Re: Remote Command Injection in Ruby Gem sfpagent 0.4.14</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/16/1" source="MLIST">[oss-security] 20140415 Remote Command Injection in Ruby Gem sfpagent 0.4.14</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="herry" name="sfpagent">
+        <vers num="0.0.1" edition=":~~~ruby~~"/>
+        <vers num="0.1.0" edition=":~~~ruby~~"/>
+        <vers num="0.1.1" edition=":~~~ruby~~"/>
+        <vers num="0.1.10" edition=":~~~ruby~~"/>
+        <vers num="0.1.11" edition=":~~~ruby~~"/>
+        <vers num="0.1.12" edition=":~~~ruby~~"/>
+        <vers num="0.1.13" edition=":~~~ruby~~"/>
+        <vers num="0.1.14" edition=":~~~ruby~~"/>
+        <vers num="0.1.2" edition=":~~~ruby~~"/>
+        <vers num="0.1.3" edition=":~~~ruby~~"/>
+        <vers num="0.1.4" edition=":~~~ruby~~"/>
+        <vers num="0.1.5" edition=":~~~ruby~~"/>
+        <vers num="0.1.6" edition=":~~~ruby~~"/>
+        <vers num="0.1.7" edition=":~~~ruby~~"/>
+        <vers num="0.1.8" edition=":~~~ruby~~"/>
+        <vers num="0.1.9" edition=":~~~ruby~~"/>
+        <vers num="0.2.0" edition=":~~~ruby~~"/>
+        <vers num="0.2.1" edition=":~~~ruby~~"/>
+        <vers num="0.2.10" edition=":~~~ruby~~"/>
+        <vers num="0.2.2" edition=":~~~ruby~~"/>
+        <vers num="0.2.3" edition=":~~~ruby~~"/>
+        <vers num="0.2.4" edition=":~~~ruby~~"/>
+        <vers num="0.2.5" edition=":~~~ruby~~"/>
+        <vers num="0.2.6" edition=":~~~ruby~~"/>
+        <vers num="0.2.7" edition=":~~~ruby~~"/>
+        <vers num="0.2.8" edition=":~~~ruby~~"/>
+        <vers num="0.2.9" edition=":~~~ruby~~"/>
+        <vers num="0.3.0" edition=":~~~ruby~~"/>
+        <vers num="0.3.1" edition=":~~~ruby~~"/>
+        <vers num="0.3.10" edition=":~~~ruby~~"/>
+        <vers num="0.3.2" edition=":~~~ruby~~"/>
+        <vers num="0.3.3" edition=":~~~ruby~~"/>
+        <vers num="0.3.4" edition=":~~~ruby~~"/>
+        <vers num="0.3.5" edition=":~~~ruby~~"/>
+        <vers num="0.3.6" edition=":~~~ruby~~"/>
+        <vers num="0.3.7" edition=":~~~ruby~~"/>
+        <vers num="0.3.8" edition=":~~~ruby~~"/>
+        <vers num="0.3.9" edition=":~~~ruby~~"/>
+        <vers num="0.4.0" edition=":~~~ruby~~"/>
+        <vers num="0.4.1" edition=":~~~ruby~~"/>
+        <vers num="0.4.10" edition=":~~~ruby~~"/>
+        <vers num="0.4.11" edition=":~~~ruby~~"/>
+        <vers num="0.4.12" edition=":~~~ruby~~"/>
+        <vers num="0.4.13" edition=":~~~ruby~~"/>
+        <vers prev="1" num="0.4.14" edition=":~~~ruby~~"/>
+        <vers num="0.4.2" edition=":~~~ruby~~"/>
+        <vers num="0.4.3" edition=":~~~ruby~~"/>
+        <vers num="0.4.4" edition=":~~~ruby~~"/>
+        <vers num="0.4.5" edition=":~~~ruby~~"/>
+        <vers num="0.4.6" edition=":~~~ruby~~"/>
+        <vers num="0.4.7" edition=":~~~ruby~~"/>
+        <vers num="0.4.8" edition=":~~~ruby~~"/>
+        <vers num="0.4.9" edition=":~~~ruby~~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2889" published="2014-04-26" name="CVE-2014-2889" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa" source="CONFIRM">https://github.com/torvalds/linux/commit/a03ffcf873fe0f2565386ca8ef832144c42e67fa</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/18/6" source="MLIST">[oss-security] 20140418 Re: CVE request Linux kernel: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target</ref>
+      <ref url="http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8" source="CONFIRM">http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.8</ref>
+      <ref url="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa" source="CONFIRM">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a03ffcf873fe0f2565386ca8ef832144c42e67fa</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="linux" name="linux_kernel">
+        <vers num="3.0" edition="rc1"/>
+        <vers num="3.0" edition="rc2"/>
+        <vers num="3.0" edition="rc3"/>
+        <vers num="3.0" edition="rc4"/>
+        <vers num="3.0" edition="rc5"/>
+        <vers num="3.0" edition="rc6"/>
+        <vers num="3.0" edition="rc7"/>
+        <vers num="3.0.1"/>
+        <vers num="3.0.10"/>
+        <vers num="3.0.11"/>
+        <vers num="3.0.12"/>
+        <vers num="3.0.13"/>
+        <vers num="3.0.14"/>
+        <vers num="3.0.15"/>
+        <vers num="3.0.16"/>
+        <vers num="3.0.17"/>
+        <vers num="3.0.18"/>
+        <vers num="3.0.19"/>
+        <vers num="3.0.2"/>
+        <vers num="3.0.20"/>
+        <vers num="3.0.21"/>
+        <vers num="3.0.22"/>
+        <vers num="3.0.23"/>
+        <vers num="3.0.24"/>
+        <vers num="3.0.25"/>
+        <vers num="3.0.26"/>
+        <vers num="3.0.27"/>
+        <vers num="3.0.28"/>
+        <vers num="3.0.29"/>
+        <vers num="3.0.3"/>
+        <vers num="3.0.30"/>
+        <vers num="3.0.31"/>
+        <vers num="3.0.32"/>
+        <vers num="3.0.33"/>
+        <vers num="3.0.34"/>
+        <vers num="3.0.35"/>
+        <vers num="3.0.36"/>
+        <vers num="3.0.37"/>
+        <vers num="3.0.38"/>
+        <vers num="3.0.39"/>
+        <vers num="3.0.4"/>
+        <vers num="3.0.40"/>
+        <vers num="3.0.41"/>
+        <vers num="3.0.42"/>
+        <vers num="3.0.43"/>
+        <vers num="3.0.44"/>
+        <vers num="3.0.45"/>
+        <vers num="3.0.46"/>
+        <vers num="3.0.47"/>
+        <vers num="3.0.48"/>
+        <vers num="3.0.49"/>
+        <vers num="3.0.5"/>
+        <vers num="3.0.50"/>
+        <vers num="3.0.51"/>
+        <vers num="3.0.52"/>
+        <vers num="3.0.53"/>
+        <vers num="3.0.54"/>
+        <vers num="3.0.55"/>
+        <vers num="3.0.56"/>
+        <vers num="3.0.57"/>
+        <vers num="3.0.58"/>
+        <vers num="3.0.59"/>
+        <vers num="3.0.6"/>
+        <vers num="3.0.60"/>
+        <vers num="3.0.61"/>
+        <vers num="3.0.62"/>
+        <vers num="3.0.63"/>
+        <vers num="3.0.64"/>
+        <vers num="3.0.65"/>
+        <vers num="3.0.66"/>
+        <vers num="3.0.67"/>
+        <vers num="3.0.68"/>
+        <vers num="3.0.7"/>
+        <vers num="3.0.8"/>
+        <vers num="3.0.9"/>
+        <vers num="3.1" edition="rc1"/>
+        <vers num="3.1" edition="rc2"/>
+        <vers num="3.1" edition="rc3"/>
+        <vers num="3.1" edition="rc4"/>
+        <vers num="3.1.1"/>
+        <vers num="3.1.2"/>
+        <vers num="3.1.3"/>
+        <vers num="3.1.4"/>
+        <vers num="3.1.5"/>
+        <vers num="3.1.6"/>
+        <vers prev="1" num="3.1.7"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2890" published="2014-04-22" name="CVE-2014-2890" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error message.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.securityfocus.com/bid/66665" source="BID">66665</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/141" source="MLIST">[oss-security] 20140418 Re: CVE Request - XXS in phpMyID (openid_error)</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/122" source="MLIST">[oss-security] 20140417 CVE Request - XXS in phpMyID (openid_error)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siege" name="phpmyid">
+        <vers num="0.9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2892" published="2014-04-22" name="CVE-2014-2892" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/18/14" source="MLIST" patch="1">[oss-security] 20140418 Re: libmms heap-based buffer overflow fix</ref>
+      <ref url="http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8" source="CONFIRM" patch="1">http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92640" source="XF">libmms-getanswer-bo(92640)</ref>
+      <ref url="http://www.securityfocus.com/bid/66933" source="BID">66933</ref>
+      <ref url="http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog" source="CONFIRM">http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog</ref>
+      <ref url="http://secunia.com/advisories/57875" source="SECUNIA" adv="1">57875</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="libmms_project" name="libmms">
+        <vers num="0.6"/>
+        <vers num="0.6.1"/>
+        <vers num="0.6.2"/>
+        <vers prev="1" num="0.6.3"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Low" seq="2014-2893" published="2014-04-23" name="CVE-2014-2893" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="1.9" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="3.4" CVSS_base_score="1.9">
+    <desc>
+      <descript source="cve">The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817" source="MISC">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744817</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/20/1" source="MLIST">[oss-security] 20140420 Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/16/2" source="MLIST">[oss-security] 20140416 CVE request: insecure temporary file handling in clang's scan-build utility</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="llvm" name="clang">
+        <vers prev="1" num="3.5"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2894" published="2014-04-23" name="CVE-2014-2894" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="7.2" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.2">
+    <desc>
+      <descript source="cve">Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html" source="MLIST">[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c</ref>
+      <ref url="https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html" source="MLIST">[Qemu-devel] 20140414 Re: [PATCH for 2.0] ide: Correct improper smart self test c</ref>
+      <ref url="https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html" source="MLIST">[Qemu-devel] 20140412 [PATCH for 2.0] ide: Correct improper smart self test c</ref>
+      <ref url="http://www.securityfocus.com/bid/66932" source="BID">66932</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/18/5" source="MLIST">[oss-security] 20140418 Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/15/4" source="MLIST">[oss-security] 20140415 CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART</ref>
+      <ref url="http://secunia.com/advisories/57945" source="SECUNIA" adv="1">57945</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="qemu" name="qemu">
+        <vers num="0.1"/>
+        <vers num="0.1.1"/>
+        <vers num="0.1.2"/>
+        <vers num="0.1.3"/>
+        <vers num="0.1.4"/>
+        <vers num="0.1.5"/>
+        <vers num="0.1.6"/>
+        <vers num="0.10.0"/>
+        <vers num="0.10.1"/>
+        <vers num="0.10.2"/>
+        <vers num="0.10.3"/>
+        <vers num="0.10.4"/>
+        <vers num="0.10.5"/>
+        <vers num="0.10.6"/>
+        <vers num="0.11.0" edition="rc0"/>
+        <vers num="0.11.0" edition="rc1"/>
+        <vers num="0.11.0" edition="rc2"/>
+        <vers num="0.11.0-rc0"/>
+        <vers num="0.11.0-rc1"/>
+        <vers num="0.11.0-rc2"/>
+        <vers num="0.11.1"/>
+        <vers num="0.12.0" edition="rc1"/>
+        <vers num="0.12.0" edition="rc2"/>
+        <vers num="0.12.1"/>
+        <vers num="0.12.2"/>
+        <vers num="0.12.3"/>
+        <vers num="0.12.4"/>
+        <vers num="0.12.5"/>
+        <vers num="0.13.0" edition="rc0"/>
+        <vers num="0.13.0" edition="rc1"/>
+        <vers num="0.14.0" edition="rc0"/>
+        <vers num="0.14.0" edition="rc1"/>
+        <vers num="0.14.0" edition="rc2"/>
+        <vers num="0.14.1"/>
+        <vers num="0.15.0" edition="rc1"/>
+        <vers num="0.15.0" edition="rc2"/>
+        <vers num="0.15.1"/>
+        <vers num="0.15.2"/>
+        <vers num="0.2"/>
+        <vers num="0.3"/>
+        <vers num="0.4"/>
+        <vers num="0.4.1"/>
+        <vers num="0.4.2"/>
+        <vers num="0.4.3"/>
+        <vers num="0.5.0"/>
+        <vers num="0.5.1"/>
+        <vers num="0.5.2"/>
+        <vers num="0.5.3"/>
+        <vers num="0.5.4"/>
+        <vers num="0.5.5"/>
+        <vers num="0.6.0"/>
+        <vers num="0.6.1"/>
+        <vers num="0.7.0"/>
+        <vers num="0.7.1"/>
+        <vers num="0.7.2"/>
+        <vers num="0.8.0"/>
+        <vers num="0.8.1"/>
+        <vers num="0.8.2"/>
+        <vers num="0.9.0"/>
+        <vers num="0.9.1"/>
+        <vers num="0.9.1-5"/>
+        <vers num="1.0" edition="rc1"/>
+        <vers num="1.0" edition="rc2"/>
+        <vers num="1.0" edition="rc3"/>
+        <vers num="1.0" edition="rc4"/>
+        <vers num="1.0.1"/>
+        <vers num="1.1" edition="rc1"/>
+        <vers num="1.1" edition="rc2"/>
+        <vers num="1.1" edition="rc3"/>
+        <vers num="1.1" edition="rc4"/>
+        <vers num="1.1.1"/>
+        <vers num="1.1.2"/>
+        <vers num="1.2.0" edition="rc0"/>
+        <vers num="1.2.0" edition="rc1"/>
+        <vers num="1.2.0" edition="rc2"/>
+        <vers num="1.2.0" edition="rc3"/>
+        <vers num="1.2.1"/>
+        <vers num="1.2.2"/>
+        <vers num="1.3.0" edition="rc0"/>
+        <vers num="1.3.0" edition="rc1"/>
+        <vers num="1.3.0" edition="rc2"/>
+        <vers num="1.3.1"/>
+        <vers num="1.4.0" edition="rc0"/>
+        <vers num="1.4.0" edition="rc1"/>
+        <vers num="1.4.1"/>
+        <vers num="1.4.2"/>
+        <vers num="1.5.0" edition="rc1"/>
+        <vers num="1.5.0" edition="rc2"/>
+        <vers num="1.5.0" edition="rc3"/>
+        <vers num="1.5.1"/>
+        <vers num="1.5.2"/>
+        <vers num="1.5.3"/>
+        <vers num="1.6.0" edition="rc1"/>
+        <vers num="1.6.0" edition="rc2"/>
+        <vers num="1.6.0" edition="rc3"/>
+        <vers num="1.6.1"/>
+        <vers num="1.6.2"/>
+        <vers prev="1" num="1.7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2899" published="2014-04-22" name="CVE-2014-2899" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html" source="CONFIRM">http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html</ref>
+      <ref url="http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html" source="CONFIRM" adv="1">http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html</ref>
+      <ref url="http://secunia.com/advisories/57743" source="SECUNIA" adv="1">57743</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/130" source="MLIST">[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/126" source="MLIST">[oss-security] 20140417 CVE ids for CyaSSL 2.9.4?</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="yassl" name="cyassl">
+        <vers num="0.2.0"/>
+        <vers num="0.3.0"/>
+        <vers num="0.4.0"/>
+        <vers num="0.5.0"/>
+        <vers num="0.5.5"/>
+        <vers num="0.6.0"/>
+        <vers num="0.6.2"/>
+        <vers num="0.6.3"/>
+        <vers num="0.8.0"/>
+        <vers num="0.9.0"/>
+        <vers num="0.9.6"/>
+        <vers num="0.9.8"/>
+        <vers num="0.9.9"/>
+        <vers num="1.0.0" edition="rc1"/>
+        <vers num="1.0.0" edition="rc2"/>
+        <vers num="1.0.0" edition="rc3"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.6"/>
+        <vers num="1.1.0"/>
+        <vers num="1.2.0"/>
+        <vers num="1.3.0"/>
+        <vers num="1.4.0"/>
+        <vers num="1.5.0"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.6"/>
+        <vers num="1.6.0"/>
+        <vers num="1.6.5"/>
+        <vers num="1.8.0"/>
+        <vers num="1.9.0"/>
+        <vers num="2.0.0" edition="rc1"/>
+        <vers num="2.0.0" edition="rc2"/>
+        <vers num="2.0.0" edition="rc3"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.8"/>
+        <vers num="2.2.0"/>
+        <vers num="2.3.0"/>
+        <vers num="2.4.0"/>
+        <vers num="2.4.6"/>
+        <vers num="2.5.0"/>
+        <vers num="2.6.0"/>
+        <vers num="2.7.0"/>
+        <vers num="2.8.0"/>
+        <vers prev="1" num="2.9.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2900" published="2014-04-22" name="CVE-2014-2900" modified="2014-04-23" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:N)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html" source="CONFIRM">http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html</ref>
+      <ref url="http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html" source="CONFIRM" adv="1">http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html</ref>
+      <ref url="http://secunia.com/advisories/57743" source="SECUNIA" adv="1">57743</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/130" source="MLIST">[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/126" source="MLIST">[oss-security] 20140417 CVE ids for CyaSSL 2.9.4?</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="yassl" name="cyassl">
+        <vers num="0.2.0"/>
+        <vers num="0.3.0"/>
+        <vers num="0.4.0"/>
+        <vers num="0.5.0"/>
+        <vers num="0.5.5"/>
+        <vers num="0.6.0"/>
+        <vers num="0.6.2"/>
+        <vers num="0.6.3"/>
+        <vers num="0.8.0"/>
+        <vers num="0.9.0"/>
+        <vers num="0.9.6"/>
+        <vers num="0.9.8"/>
+        <vers num="0.9.9"/>
+        <vers num="1.0.0" edition="rc1"/>
+        <vers num="1.0.0" edition="rc2"/>
+        <vers num="1.0.0" edition="rc3"/>
+        <vers num="1.0.2"/>
+        <vers num="1.0.3"/>
+        <vers num="1.0.6"/>
+        <vers num="1.1.0"/>
+        <vers num="1.2.0"/>
+        <vers num="1.3.0"/>
+        <vers num="1.4.0"/>
+        <vers num="1.5.0"/>
+        <vers num="1.5.4"/>
+        <vers num="1.5.6"/>
+        <vers num="1.6.0"/>
+        <vers num="1.6.5"/>
+        <vers num="1.8.0"/>
+        <vers num="1.9.0"/>
+        <vers num="2.0.0" edition="rc1"/>
+        <vers num="2.0.0" edition="rc2"/>
+        <vers num="2.0.0" edition="rc3"/>
+        <vers num="2.0.2"/>
+        <vers num="2.0.6"/>
+        <vers num="2.0.8"/>
+        <vers num="2.2.0"/>
+        <vers num="2.3.0"/>
+        <vers num="2.4.0"/>
+        <vers num="2.4.6"/>
+        <vers num="2.5.0"/>
+        <vers num="2.6.0"/>
+        <vers num="2.7.0"/>
+        <vers num="2.8.0"/>
+        <vers prev="1" num="2.9.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-2905" published="2014-05-02" name="CVE-2014-2905" modified="2014-05-02">
+    <desc>
+      <descript source="cve">fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.</descript>
+    </desc>
+    <refs>
+      <ref url="https://github.com/fish-shell/fish-shell/issues/1436" source="CONFIRM">https://github.com/fish-shell/fish-shell/issues/1436</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/28/4" source="MLIST">[oss-security] 20140428 Upcoming security release of fish 2.1.1</ref>
+    </refs>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2907" published="2014-04-24" name="CVE-2014-2907" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=30ba425e7e95f7b61b3a3e5ff0c46e4be9d3d8d7" source="CONFIRM" patch="1">https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=30ba425e7e95f7b61b3a3e5ff0c46e4be9d3d8d7</ref>
+      <ref url="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885" source="CONFIRM">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885</ref>
+      <ref url="http://www.wireshark.org/security/wnpa-sec-2014-06.html" source="CONFIRM" adv="1">http://www.wireshark.org/security/wnpa-sec-2014-06.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="wireshark" name="wireshark">
+        <vers num="1.10.0"/>
+        <vers num="1.10.1"/>
+        <vers num="1.10.2"/>
+        <vers num="1.10.3"/>
+        <vers num="1.10.4"/>
+        <vers num="1.10.5"/>
+        <vers num="1.10.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2908" published="2014-04-25" name="CVE-2014-2908" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7_cpu-1211c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1212c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1214c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1215c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1217c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1200_firmware">
+        <vers num="2.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2909" published="2014-04-25" name="CVE-2014-2909" modified="2014-04-25" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:P)" CVSS_score="5.8" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="8.6" CVSS_base_score="5.8">
+    <desc>
+      <descript source="cve">CRLF injection vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02" source="MISC">http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02</ref>
+      <ref url="http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf" source="CONFIRM" adv="1">http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="siemens" name="simatic_s7_cpu-1211c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1212c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1214c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1215c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1217c">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="siemens" name="simatic_s7_cpu_1200_firmware">
+        <vers num="2.0"/>
+        <vers num="3.0"/>
+        <vers num="3.0.2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2915" published="2014-04-24" name="CVE-2014-2915" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:S/C:N/I:N/A:C)" CVSS_score="5.5" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="5.1" CVSS_base_score="5.5">
+    <desc>
+      <descript source="cve">Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vectors, related to (1) cache control, (2) coprocessors, (3) debug registers, and (4) other unspecified registers.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/advisory-93.html" source="CONFIRM" adv="1">http://xenbits.xen.org/xsa/advisory-93.html</ref>
+      <ref url="http://www.securitytracker.com/id/1030135" source="SECTRACK">1030135</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/23/2" source="MLIST">[oss-security] 20140423 Xen Security Advisory 93 (CVE-2014-2915) - Hardware features  unintentionally exposed to guests on ARM</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/22/10" source="MLIST">[oss-security] 20140422 Re: Xen Security Advisory 93 - Hardware features unintentionally exposed to guests on ARM</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="4.4.0" edition="-"/>
+        <vers num="4.4.0" edition="rc1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2921" published="2014-04-21" name="CVE-2014-2921" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a Zend_Pdf_ElementFactory_Proxy object and a pathname with a trailing \0 character.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442" source="CONFIRM" patch="1" adv="1">http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442</ref>
+      <ref url="https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt" source="MISC">https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/21/1" source="MLIST">[oss-security] 20140421 Re: Remote code execution in Pimcore CMS</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="pimcore" name="pimcore">
+        <vers num="1.4.9"/>
+        <vers num="1.5.0"/>
+        <vers num="2.1.0"/>
+        <vers num="2.2.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2922" published="2014-04-21" name="CVE-2014-2922" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:P)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to conduct PHP object injection attacks and delete arbitrary files via vectors involving a Zend_Http_Response_Stream object.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt" source="MISC">https://github.com/pedrib/PoC/blob/master/pimcore-2.1.0.txt</ref>
+      <ref url="http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442" source="CONFIRM" adv="1">http://www.pimcore.org/en/resources/blog/pimcore+2.2+released_b442</ref>
+      <ref url="http://openwall.com/lists/oss-security/2014/04/21/1" source="MLIST">[oss-security] 20140421 Re: Remote code execution in Pimcore CMS</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="pimcore" name="pimcore">
+        <vers num="1.4.9"/>
+        <vers num="1.5.0"/>
+        <vers num="2.1.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2925" published="2014-04-22" name="CVE-2014-2925" modified="2014-04-22" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to apply.cgi.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/" source="CONFIRM">http://www.asus.com/Networking/RTAC68U/HelpDesk_Download/</ref>
+      <ref url="http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29" source="CONFIRM">http://support.asus.com/download.aspx?m=RT-N66U+%28VER.B1%29</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/59" source="FULLDISC">20140404 Reflected Cross-Site Scripting within the ASUS RT-AC68U Managing Web Interface</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="asus" name="rt-ac68u">
+        <vers num="-"/>
+      </prod>
+      <prod vendor="asus" name="rt-ac68u_firmware">
+        <vers num="3.0.0.4.374.4755"/>
+        <vers num="3.0.0.4.374_4887"/>
+        <vers prev="1" num="3.0.0.4.374_4983"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2976" published="2014-04-23" name="CVE-2014-2976" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://www.exploit-db.com/exploits/32973" source="EXPLOIT-DB">32973</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sixnet" name="sixview_manager">
+        <vers num="2.4.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2980" published="2014-04-28" name="CVE-2014-2980" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&amp;r2=37755&amp;pathrev=37756" source="CONFIRM" patch="1">http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&amp;r2=37755&amp;pathrev=37756</ref>
+      <ref url="https://savannah.gnu.org/bugs/?41751" source="CONFIRM">https://savannah.gnu.org/bugs/?41751</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92688" source="XF">gnustep-cve20142980-dos(92688)</ref>
+      <ref url="http://www.securityfocus.com/bid/66992" source="BID">66992</ref>
+      <ref url="http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&amp;r2=37755&amp;pathrev=37756" source="CONFIRM">http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?r1=37756&amp;r2=37755&amp;pathrev=37756</ref>
+      <ref url="http://secunia.com/advisories/58104" source="SECUNIA" adv="1">58104</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/152" source="MLIST">[oss-security] 20140421 Re: CVE request / advisory: gdomap (GNUstep core package &lt;= 1.24.6)</ref>
+      <ref url="http://seclists.org/oss-sec/2014/q2/143" source="MLIST">[oss-security] 20140419 CVE request / advisory: gdomap (GNUstep core package &lt;= 1.24.6)</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="gnustep" name="base">
+        <vers prev="1" num="1.24.6"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2983" published="2014-04-23" name="CVE-2014-2983" modified="2014-04-24" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://drupal.org/SA-CORE-2014-002" source="CONFIRM" patch="1" adv="1">https://drupal.org/SA-CORE-2014-002</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/22/2" source="MLIST">[oss-security] 20140421 Re: CVE Request for Drupal Core</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="drupal" name="drupal">
+        <vers num="6.0" edition="beta1"/>
+        <vers num="6.0" edition="beta2"/>
+        <vers num="6.0" edition="beta3"/>
+        <vers num="6.0" edition="beta4"/>
+        <vers num="6.0" edition="dev"/>
+        <vers num="6.0" edition="rc1"/>
+        <vers num="6.0" edition="rc2"/>
+        <vers num="6.0" edition="rc3"/>
+        <vers num="6.0" edition="rc4"/>
+        <vers num="6.1"/>
+        <vers num="6.10"/>
+        <vers num="6.11"/>
+        <vers num="6.12"/>
+        <vers num="6.13"/>
+        <vers num="6.14"/>
+        <vers num="6.15"/>
+        <vers num="6.16"/>
+        <vers num="6.17"/>
+        <vers num="6.18"/>
+        <vers num="6.19"/>
+        <vers num="6.2"/>
+        <vers num="6.20"/>
+        <vers num="6.21"/>
+        <vers num="6.22"/>
+        <vers num="6.23"/>
+        <vers num="6.24"/>
+        <vers num="6.25"/>
+        <vers num="6.26"/>
+        <vers num="6.27"/>
+        <vers num="6.28"/>
+        <vers num="6.29"/>
+        <vers num="6.3"/>
+        <vers prev="1" num="6.30"/>
+        <vers num="7.0" edition="alpha1"/>
+        <vers num="7.0" edition="alpha2"/>
+        <vers num="7.0" edition="alpha3"/>
+        <vers num="7.0" edition="alpha4"/>
+        <vers num="7.0" edition="alpha5"/>
+        <vers num="7.0" edition="alpha6"/>
+        <vers num="7.0" edition="alpha7"/>
+        <vers num="7.0" edition="beta1"/>
+        <vers num="7.0" edition="beta2"/>
+        <vers num="7.0" edition="beta3"/>
+        <vers num="7.0" edition="dev"/>
+        <vers num="7.0" edition="rc1"/>
+        <vers num="7.0" edition="rc2"/>
+        <vers num="7.0" edition="rc3"/>
+        <vers num="7.0" edition="rc4"/>
+        <vers num="7.1"/>
+        <vers num="7.10"/>
+        <vers num="7.11"/>
+        <vers num="7.12"/>
+        <vers num="7.13"/>
+        <vers num="7.14"/>
+        <vers num="7.15"/>
+        <vers num="7.16"/>
+        <vers num="7.17"/>
+        <vers num="7.18"/>
+        <vers num="7.19"/>
+        <vers num="7.2"/>
+        <vers num="7.20"/>
+        <vers num="7.21"/>
+        <vers num="7.22"/>
+        <vers num="7.23"/>
+        <vers num="7.24"/>
+        <vers num="7.25"/>
+        <vers prev="1" num="7.26"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-2984" reject="1" published="2014-04-25" name="CVE-2014-2984" modified="2014-04-25">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2014-2650.  Reason: This candidate is a reservation duplicate of CVE-2014-2650.  Notes: All CVE users should reference CVE-2014-2650 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
+    </desc>
+    <refs/>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2986" published="2014-04-28" name="CVE-2014-2986" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:A/AC:L/Au:S/C:N/I:N/A:C)" CVSS_score="5.5" CVSS_impact_subscore="6.9" CVSS_exploit_subscore="5.1" CVSS_base_score="5.5">
+    <desc>
+      <descript source="cve">The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+    </loss_types>
+    <range>
+      <local_network/>
+    </range>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/advisory-94.html" source="CONFIRM" patch="1" adv="1">http://xenbits.xen.org/xsa/advisory-94.html</ref>
+      <ref url="http://www.securitytracker.com/id/1030146" source="SECTRACK">1030146</ref>
+      <ref url="http://www.securityfocus.com/bid/67047" source="BID">67047</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/23/5" source="MLIST">[oss-security] 20140423 Xen Security Advisory 94 (CVE-2014-2986) - ARM hypervisor crash on guest interrupt controller access</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/23/4" source="MLIST">[oss-security] 20140423 Re: Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/23/3" source="MLIST">[oss-security] 20140423 Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xen" name="xen">
+        <vers num="4.4.0" edition="-"/>
+        <vers num="4.4.0" edition="rc1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2992" published="2014-04-25" name="CVE-2014-2992" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://sceptive.com/p/mislicom-android-app-ssl-certificate-validation-weakness-" source="MISC">http://sceptive.com/p/mislicom-android-app-ssl-certificate-validation-weakness-</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/current/0152.html" source="BUGTRAQ">20140424 Misli.com Android App SSL certificate validation weakness</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="misli" name="misli.com_app">
+        <vers num="-" edition=":~~~~android~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-2993" published="2014-04-25" name="CVE-2014-2993" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_score="6.4" CVSS_impact_subscore="4.9" CVSS_exploit_subscore="10.0" CVSS_base_score="6.4">
+    <desc>
+      <descript source="cve">The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness-" source="MISC">http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness-</ref>
+      <ref url="http://archives.neohapsis.com/archives/bugtraq/current/0153.html" source="BUGTRAQ">20140424 Birebin.com Android App SSL certificate validation weakness</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="birebin" name="birebin.com_app">
+        <vers num="-" edition=":~~~~android~"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2994" published="2014-04-27" name="CVE-2014-2994" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.youtube.com/watch?v=RHaMx8K1GeM" source="MISC">https://www.youtube.com/watch?v=RHaMx8K1GeM</ref>
+      <ref url="http://www.exploit-db.com/exploits/32997" source="EXPLOIT-DB">32997</ref>
+      <ref url="http://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/" source="CONFIRM" adv="1">http://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/</ref>
+      <ref url="http://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html" source="MISC">http://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html</ref>
+      <ref url="http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html" source="MISC">http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html</ref>
+      <ref url="http://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/" source="MISC">http://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/</ref>
+      <ref url="http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html" source="MISC">http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="acunetix" name="web_vulnerability_scanner">
+        <vers num="8" edition="build_20120704"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-2996" published="2014-04-25" name="CVE-2014-2996" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:H/Au:S/C:C/I:C/A:C)" CVSS_score="7.1" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="3.9" CVSS_base_score="7.1">
+    <desc>
+      <descript source="cve">XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php.  NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have the privileges to execute code.  NOTE: this can be leveraged by remote attackers using CVE-2014-2579.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://www.htbridge.com/advisory/HTB23207" source="MISC">https://www.htbridge.com/advisory/HTB23207</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531780/100/0/threaded" source="BUGTRAQ">20140409 &amp;ETH;&amp;iexcl;ross-Site Request Forgery (CSRF) in XCloner Standalone</ref>
+      <ref url="http://www.exploit-db.com/exploits/32790" source="EXPLOIT-DB">32790</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xcloner" name="xcloner">
+        <vers prev="1" num="3.5" edition=":standalone"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-3000" published="2014-05-02" name="CVE-2014-3000" modified="2014-05-02">
+    <desc>
+      <descript source="cve">The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.</descript>
+    </desc>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1030172" source="SECTRACK">1030172</ref>
+      <ref url="http://www.securityfocus.com/bid/67153" source="BID">67153</ref>
+      <ref url="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc" source="FREEBSD">FreeBSD-SA-14:08</ref>
+      <ref url="http://secunia.com/advisories/58293" source="SECUNIA">58293</ref>
+    </refs>
+  </entry>
+  <entry type="CVE" seq="2014-3001" published="2014-05-02" name="CVE-2014-3001" modified="2014-05-02">
+    <desc>
+      <descript source="cve">The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process.</descript>
+    </desc>
+    <refs>
+      <ref url="http://www.securitytracker.com/id/1030171" source="SECTRACK">1030171</ref>
+      <ref url="http://www.securityfocus.com/bid/67158" source="BID">67158</ref>
+      <ref url="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:07.devfs.asc" source="FREEBSD">FreeBSD-SA-14:07</ref>
+    </refs>
+  </entry>
+  <entry type="CVE" seq="2014-3006" published="2014-05-02" name="CVE-2014-3006" modified="2014-05-02">
+    <desc>
+      <descript source="cve">Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.</descript>
+    </desc>
+    <refs>
+      <ref url="https://www.lsexperts.de/advisories/lse-2014-04-10.txt" source="MISC">https://www.lsexperts.de/advisories/lse-2014-04-10.txt</ref>
+      <ref url="http://www.securityfocus.com/bid/67165" source="BID">67165</ref>
+      <ref url="http://www.securityfocus.com/archive/1/archive/1/531986/100/0/threaded" source="BUGTRAQ">20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/317" source="FULLDISC">20140430 LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access</ref>
+    </refs>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-3007" published="2014-04-27" name="CVE-2014-3007" modified="2014-04-28" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059" source="MISC">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737059</ref>
+      <ref url="http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html" source="MISC">http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1932.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="python" name="pillow">
+        <vers num="2.3.0"/>
+      </prod>
+      <prod vendor="pythonware" name="python_imaging_library">
+        <vers prev="1" num="1.1.7"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-3008" published="2014-04-28" name="CVE-2014-3008" modified="2014-04-29" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_score="10.0" CVSS_impact_subscore="10.0" CVSS_exploit_subscore="10.0" CVSS_base_score="10.0">
+    <desc>
+      <descript source="cve">Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://gist.github.com/brandonprry/10745756" source="MISC">https://gist.github.com/brandonprry/10745756</ref>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92642" source="XF">unitrends-snmpod-command-exec(92642)</ref>
+      <ref url="http://www.securityfocus.com/bid/66928" source="BID">66928</ref>
+      <ref url="http://www.exploit-db.com/exploits/32885" source="EXPLOIT-DB">32885</ref>
+      <ref url="http://secunia.com/advisories/58001" source="SECUNIA" adv="1">58001</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/204" source="FULLDISC">20140415 Unitrends enterprise backup remote unauthenticated root</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="unitrends" name="enterprise_backup">
+        <vers num="7.3.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-3125" published="2014-05-02" name="CVE-2014-3125" modified="2014-05-02">
+    <desc>
+      <descript source="cve">Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.</descript>
+    </desc>
+    <refs>
+      <ref url="http://xenbits.xen.org/xsa/advisory-91.html" source="CONFIRM">http://xenbits.xen.org/xsa/advisory-91.html</ref>
+      <ref url="http://www.securitytracker.com/id/1030184" source="SECTRACK">1030184</ref>
+      <ref url="http://www.securityfocus.com/bid/67157" source="BID">67157</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/30/5" source="MLIST">[oss-security] 20140430 Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM</ref>
+      <ref url="http://www.openwall.com/lists/oss-security/2014/04/30/11" source="MLIST">[oss-security] 20140430 Re: Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM</ref>
+      <ref url="http://secunia.com/advisories/58347" source="SECUNIA">58347</ref>
+    </refs>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-3129" published="2014-04-30" name="CVE-2014-3129" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1894049" source="CONFIRM">https://service.sap.com/sap/support/notes/1894049</ref>
+      <ref url="http://www.securitytracker.com/id/1030157" source="SECTRACK">1030157</ref>
+      <ref url="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-005" source="MISC">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-005</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/294" source="FULLDISC">20140428 [Onapsis Security Advisory 2014-005] Information disclosure in SAP Software Lifeclycle Manager</ref>
+      <ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="netweaver_software_lifecycle_manager">
+        <vers num="7.1"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-3130" published="2014-04-30" name="CVE-2014-3130" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="4.6" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="3.9" CVSS_base_score="4.6">
+    <desc>
+      <descript source="cve">The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+      <sec_prot other="1"/>
+    </loss_types>
+    <range>
+      <local/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1910914" source="CONFIRM">https://service.sap.com/sap/support/notes/1910914</ref>
+      <ref url="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009" source="MISC">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/302" source="FULLDISC">20140428 [Onapsis Security Advisory 2014-009] SAP BASIS Missing Authorization Check</ref>
+      <ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="netweaver_abap_application_server">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-3131" published="2014-04-30" name="CVE-2014-3131" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1917381" source="CONFIRM">https://service.sap.com/sap/support/notes/1917381</ref>
+      <ref url="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007" source="MISC">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-007</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/300" source="FULLDISC">20140428 [Onapsis Security Advisory 2014-007] Missing authorization check in SAP Profile Maintenance</ref>
+      <ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="profile_maintenance">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-3132" published="2014-04-30" name="CVE-2014-3132" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_score="4.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.0" CVSS_base_score="4.0">
+    <desc>
+      <descript source="cve">SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1918333" source="CONFIRM">https://service.sap.com/sap/support/notes/1918333</ref>
+      <ref url="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-006" source="MISC">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-006</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/299" source="FULLDISC">20140428 [Onapsis Security Advisory 2014-006] Missing authorization check in SAP Background Processing RFC</ref>
+      <ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="background_processing">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-3133" published="2014-04-30" name="CVE-2014-3133" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_score="5.0" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="10.0" CVSS_base_score="5.0">
+    <desc>
+      <descript source="cve">SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection.</descript>
+    </desc>
+    <loss_types>
+      <conf/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1922547" source="CONFIRM">https://service.sap.com/sap/support/notes/1922547</ref>
+      <ref url="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008" source="MISC">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/301" source="FULLDISC">20140428 [Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure</ref>
+      <ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="netweaver_java_application_server">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-3134" published="2014-04-30" name="CVE-2014-3134" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="https://service.sap.com/sap/support/notes/1931399" source="CONFIRM">https://service.sap.com/sap/support/notes/1931399</ref>
+      <ref url="http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-010" source="MISC">http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-010</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/303" source="FULLDISC">20140428 [Onapsis Security Advisory 2014-010] SAP BusinessObjects InfoView Reflected Cross Site Scripting</ref>
+      <ref url="http://scn.sap.com/docs/DOC-8218" source="CONFIRM">http://scn.sap.com/docs/DOC-8218</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="sap" name="businessobjects">
+        <vers num="-"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-3135" published="2014-04-30" name="CVE-2014-3135" modified="2014-05-01" CVSS_version="2.0" CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_score="4.3" CVSS_impact_subscore="2.9" CVSS_exploit_subscore="8.6" CVSS_base_score="4.3">
+    <desc>
+      <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore.</descript>
+    </desc>
+    <loss_types>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+      <user_init/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92664" source="XF">vbulletin-multiple-scripts-xss(92664)</ref>
+      <ref url="http://www.securityfocus.com/bid/66972" source="BID">66972</ref>
+      <ref url="http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html" source="MISC">http://packetstormsecurity.com/files/126226/vBulletin-5.1-Cross-Site-Scripting.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="vbulletin" name="vbulletin">
+        <vers num="5.1.1" edition="alpha9"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="Medium" seq="2014-3138" published="2014-05-01" name="CVE-2014-3138" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_score="6.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="8.0" CVSS_base_score="6.5">
+    <desc>
+      <descript source="cve">SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/.  NOTE: some of these details are obtained from third party information.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="http://xforce.iss.net/xforce/xfdb/92548" source="XF">xerox-docushare-sql-injection(92548)</ref>
+      <ref url="http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf" source="MISC" adv="1">http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf</ref>
+      <ref url="http://www.securityfocus.com/bid/66922" source="BID">66922</ref>
+      <ref url="http://www.osvdb.org/105972" source="OSVDB">105972</ref>
+      <ref url="http://www.exploit-db.com/exploits/32886" source="EXPLOIT-DB">32886</ref>
+      <ref url="http://secunia.com/advisories/57996" source="SECUNIA" adv="1">57996</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/205" source="FULLDISC">20140415 Xerox DocuShare authenticated SQL injection</ref>
+      <ref url="http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html" source="MISC">http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="xerox" name="docushare">
+        <vers num="6.5.3" edition="-"/>
+        <vers num="6.5.3" edition="patch6"/>
+        <vers num="6.6.1" edition="-"/>
+        <vers num="6.6.1" edition="update1"/>
+        <vers num="6.6.1" edition="update2"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" severity="High" seq="2014-3139" published="2014-05-02" name="CVE-2014-3139" modified="2014-05-02" CVSS_version="2.0" CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_score="7.5" CVSS_impact_subscore="6.4" CVSS_exploit_subscore="10.0" CVSS_base_score="7.5">
+    <desc>
+      <descript source="cve">recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.</descript>
+    </desc>
+    <loss_types>
+      <avail/>
+      <conf/>
+      <int/>
+    </loss_types>
+    <range>
+      <network/>
+    </range>
+    <refs>
+      <ref url="https://gist.github.com/brandonprry/10745756" source="MISC">https://gist.github.com/brandonprry/10745756</ref>
+      <ref url="http://www.exploit-db.com/exploits/32885" source="EXPLOIT-DB">32885</ref>
+      <ref url="http://seclists.org/fulldisclosure/2014/Apr/204" source="FULLDISC">20140415 Unitrends enterprise backup remote unauthenticated root</ref>
+    </refs>
+    <vuln_soft>
+      <prod vendor="unitrends" name="enterprise_backup">
+        <vers num="7.3.0"/>
+      </prod>
+    </vuln_soft>
+  </entry>
+  <entry type="CVE" seq="2014-5795" reject="1" published="2014-03-27" name="CVE-2014-5795" modified="2014-03-27">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5795.  Reason: This candidate is a duplicate of CVE-2013-5795.  A typo caused the wrong ID to be used.  Notes: All CVE users should reference CVE-2013-5795 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
+    </desc>
+    <refs/>
+  </entry>
+  <entry type="CVE" seq="2014-5880" reject="1" published="2014-03-27" name="CVE-2014-5880" modified="2014-03-27">
+    <desc>
+      <descript source="cve">** REJECT **  DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5880.  Reason: This candidate is a duplicate of CVE-2013-5880.  A typo caused the wrong ID to be used.  Notes: All CVE users should reference CVE-2013-5880 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.</descript>
+    </desc>
+    <refs/>
+  </entry>
+</nvd>
\ No newline at end of file
diff --git a/dependency-check-core/src/test/resources/stagedhttp-modified.tar b/dependency-check-core/src/test/resources/stagedhttp-modified.tar
new file mode 100644
index 000000000..bd9dd37dd
Binary files /dev/null and b/dependency-check-core/src/test/resources/stagedhttp-modified.tar differ
diff --git a/dependency-check-core/src/test/resources/uber-1.0-SNAPSHOT.jar b/dependency-check-core/src/test/resources/uber-1.0-SNAPSHOT.jar
new file mode 100644
index 000000000..4d42dc33b
Binary files /dev/null and b/dependency-check-core/src/test/resources/uber-1.0-SNAPSHOT.jar differ
diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
index 45271ef59..a204dd68e 100644
--- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
+++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
@@ -197,6 +197,10 @@ public final class Settings {
          * The properties key for whether the Autoconf analyzer is enabled.
          */
         public static final String ANALYZER_AUTOCONF_ENABLED = "analyzer.autoconf.enabled";
+        /**
+         * The properties key for whether the CMake analyzer is enabled.
+         */
+        public static final String ANALYZER_CMAKE_ENABLED = "analyzer.cmake.enabled";
         /**
          * The properties key for whether the .NET Assembly analyzer is enabled.
          */
diff --git a/src/test/resources/axis-1.4.jar b/src/test/resources/axis-1.4.jar
new file mode 100644
index 000000000..20b09a595
Binary files /dev/null and b/src/test/resources/axis-1.4.jar differ
diff --git a/src/test/resources/data.zip b/src/test/resources/data.zip
new file mode 100644
index 000000000..ae6196ee0
Binary files /dev/null and b/src/test/resources/data.zip differ
diff --git a/src/test/resources/data.zip.REMOVED.git-id b/src/test/resources/data.zip.REMOVED.git-id
deleted file mode 100644
index ab094e272..000000000
--- a/src/test/resources/data.zip.REMOVED.git-id
+++ /dev/null
@@ -1 +0,0 @@
-ae6196ee0e28a3fc1a015742b53da308ecbc1059
\ No newline at end of file
diff --git a/src/test/resources/jaxb-xercesImpl-1.5.jar b/src/test/resources/jaxb-xercesImpl-1.5.jar
new file mode 100644
index 000000000..a9f26d647
Binary files /dev/null and b/src/test/resources/jaxb-xercesImpl-1.5.jar differ